AirNav Systems Forum
AirNav RadarBox and RadarBox24.com => AirNav RadarBox and RadarBox24.com Discussion => Topic started by: knight01 on April 17, 2012, 11:10:16 AM
-
Last few weeks I've been getting Trojan warning messages when I open Airnav forum and luckily my internet security (Kaspersky) stops and blocks the page from loading and infecting my PC.
The latest warning I'm getting is for this Trojan: Trojan-Downloader.JS.Iframe.cwh. I've scanned my computer twice and both times it comes clean.
But there are other variants: Trojan-Downloader.JS.Iframe.bzn and Trojan-Downloader.JS.Iframe.cdh
This is the information on Kaspersky site about these trojans:
"Technical Details
This Trojan downloads another program and launches it on the victim machine without the user's knowledge or consent. It is a Java Script scenario within an HTML document. It is 181 bytes in size.
Payload
Once an infected page is opened in the browser, the Trojan in a hidden frame attempts to open the resource, located at the following link:"
It's a Javascript exploit, Airnav may need to update java on their server and run a virus scan.
-
I found this on the net and may offer an explanation. I certainly dont get anything from Norton.
Bogus Virus Threat
Unfortunately a recent update to the popular virus checker Kaspersky has branded all our Parish Record databases as a threat, with the following message - "object is infected by Trojan-Downloader.JS.Iframe.bzn" The files have been inspected and it is actually a case of Kaspersky being rather over cautious, because it can't read the address for our Iframe, which has been encoded to help protect the full database from being downloaded. A work around is currently being looked for, but be assured that there is not a threat from entering these pages, they have been carefully checked and only 2 out of 44 up-to-date virus checkers think there may be a problem.
Alan
-
The server is clean, no viruses on the forum or server. Don't worry.
As Runway 31 says there are a lot of cases now of false postives from Anti Virus software. Though some people would probally say better to be safe then sorry.
-
Can you please confirm that avast! is the other virus checker showing the problem.
I have been receiving a "Trojan Horse Blocked" warning from avast! Web Shield for a few days now, although it does seem to be intermittent.
The infection is shown as HTML:Downloader-BY [Tri]
Many thanks
artnco
-
Hello
Avast has alerted to these when connecting to the forum occasionally over the last week or two. I thought it was a coincidence as it wasn't every time but as others have also been finding this I thought I would post them now. I have changed http to hstp so the links aren't clickable.
06/04/2012 21:12:35 hstp://ads.biz14.com/showthread.php?t=45612777|>{gzip} [L] HTML:Downloader-BY [Trj] (0)
07/04/2012 09:11:19 hstp://gu.whynotad.com/showthread.php?t=45612777|>{gzip} [L] HTML:Downloader-BY [Trj] (0)
10/04/2012 17:27:14 hstp://a.dnepr.com/showthread.php?t=45612777 [L] HTML:Downloader-BY [Trj] (0)
15/04/2012 11:06:39 hstp://namcm.dnepr.com/images.php?t=81118 [L] JS:Pdfka-gen@bhv [Expl] (0)
this is from my avast log.
Thank you
Andrew
-
Norton Internet Security 2012 has come up with an attack blocker notice when I first come on to the forum - this is the history in case it helps.
Rod
-
whynotad.com is a free advertising web site
Alan
-
Hi Rod,
Yes I get these too. with Norton 2012 full version. It's cleaned each time and system seems fine. Only receive the prompt when I connect to the forum.
Cheers Dave..
-
Strange thing this thread starting when it did. I've had the same thing happening for a couple of weeks when I've opened up the forum, but with different Trojans
.
The remarkable thing to me is that I was about to report that I suspected the forum after I got another warning from Comodo again this morning but decided to run Malwarebytes first. This thread started while it was running!!
As I said, I have Comodo and Malwarebytes installed and both have found and removed Trojans several times in the past weeks but they have reappeared. As I began to suspect the forum, I opened several others of my 'favourite' sites first this morning without any warning appearing. As soon as I opened forum again, one did.
Seems to me a bit more than a coincidence so many members are having problems. which appear to be linked to the forum.
Syd.
-
We are having a look at this situation right now.
-
Ckecked and my Norton gave me the same as Rod this morning.
Alan
-
I don't get these errors/warnings on other forums I visit too. Sometimes the Airnav forum will open without warnings, but if I open a thread, Kaspersky will give me "information" message that a Trojan was detected and blocked and the thread continues to load.
-
I have Norton 360 on one machine and Mc Afee on another and have not had any threats identified.
However i stay logged in all the time and never logout.
So is it only when people login to the forum that these threats are identified ?
Brian
-
That's certainly how it goes for me.
Rod
-
I have had problems with my laptop for the last few days, since I opened this site and had a pop up which seems to have hi-jacked my machine. I used to run Norton, but since this expired, and I changed from BT Internet to Orange, and had problems installed their freebie version of McAfee, I've not had any protection running - only myself to blame for that! - but there's definitely something interfering with things now. If I open IE, sometimes the machine goes to various advertising sites and shuts down whatever I'm trying to access, my email is worst, which I'm not able to acces properly now. I feel a re-format of HDDs and re-installation of Win 7 coming on, at least 2 years since I last had to do it, so that'll also get rid of an awful lot of crap! Before this happened, RB program would act up, and won't let me highlight a particular a/c on the display, doing its own thing, going to any other a/c in the vicinity except the one I was trying to follow - anyone else had that?
-
I too had this trojan message , I actually got 3 viruses on my computer but I dont know if it
came from the Airnav forum or not but I had to wipe my computer totally.
I did several Norton scans and it told me my computer was secure.
Ian
-
Had no problems myself,no warnings, running Norton 360 logging on / off everything ok.
-
I had a problem last week after viewing this site.McAfee kept reporting ZeroAcess trojan & my browser kept redirecting,as with some trojans it gets worse when you google the name & makes it even more difficult to get a cure. Anyway I eventually tracked down a root killer TDSSKiller from Kaspersky Labs which removed it. Trust it works for others, here is the link, about half way down the page:
http://www.2-viruses.com/remove-tdss
-
Wondering what AND's findings are following their response yesterday that:-
"We are having a look at this situation right now." and whether others are still getting warnings.
The latest one I got this morning is shown on the attached snip.
As before, I opened several sites before this one with no problems.
Syd.
-
Further checks were done and following smf forum bug patches and server bug patches as well we haven't been able to find a cause of this yet. So far we have not found any viruses or code on the forum which has been exploited.
We are however keeping an eye on the situation.
-
No alerts for me this morning
Alan
-
My AVG blocked the following at 0815 local today:
EXPLOIT BLACKHOLE EXPLOIT KIT (TYPE 2146)
www.airnavsystems.com/forum/index.php?board
I think I'll stay clear of here until further notice.
-
Just opened site - AVG message immediately as above. What's happening Airnav?
-
Can you now comfirm that the message is not appearing?
-
I haven't had any problem today :-)
Rod
-
Have had alerts on my Netbook running WIN7 (32bit), but have had no warnings on my WIN7 (64bit) PC. Alerts only occurred on the first visit before logn-in. After log-in no further virus alerts.
-
I havent had any alerts yesterday or today
Alan
-
No problems for me for the last 2 days. And access to the forum is back to its normal high speed whereas for the period of the alerts it was very sluggish.
artnco
-
Hi Development,
Don't want to appear pedantic or banging on about this, but not having had any alerts or warnings since the 19th, and assuming that as nobody else is reporting further problems the forum is now clean, what did you find to be the cause of the problem and are you satisfied the site is indeed now clean?
The reason I ask is because a relative of mine, involved in 'nasties' removal for an IT company, who spent a lot of time cleaning and checking my machine whilst this situation was going on is interested to know.
As he says, recurring infections don't go away on their own so they must have been eliminated at source.
Regards,
syd
-
Hi Syd and ANDev, since the onset of my problems, I've persevered with installing Orange's free McAfee and let it work its magic - detected and removed innumerable Trojans, so much so I turned off the reporting screen, but I still keep going to Replica Handbags - they must know something about me that I don't!
-
I run AVG 2012 and have not had a problem at all with the AirNav site. (Touch wood)
Dave.
-
Hi all, this is the site I keep getting re-directed to, without me doing anything at all - I don't think this site is corrupt or malicious, but why do I keep getting transferred to it - has anyone else had this site problem or a similar problem please. I think I may just save everything I need to keep transferred to a DVD (or 2, or 3.....), and completely re-format the HDDs, then re-load Windows from scratch and install NcAfee as first thing on-line. Any help or suggestions welcome ............
http://replicaguccihq.com/
-
Hi Jon
I'm afraid that this may be a problem that's unique to you, rather than coming from the AirNav site. I was getting the Norton notice of a attack, but that's gone away - haven't seen it for a good few days now.
Rather than reformatting your disks, just do a full scan with a reputable anti-virus program/malware detector and/or Windows Defender. Microsoft Security Essentials is highly recommended and free.
Good luck!
Rod
-
Its good to be wise after the event but get yourself some protection as advised by Rod.
Got to agree with Rod on this I think what you are experiencining Jon is unique to yourself and nothing to do with this site. The first thing you should do with a new computer is get anti-virus proection before going online. These products dont just protect against visuses they protect against malware/adware/hijacking such as you are expeiencing.
There are lots of free malware/adware programs out there, get one or two and do a full scan. Even doing this can ve hazardous just ensure you are on a reputable website and watch what buttons you press.
Products like Lavasoft adaware, http://www.lavasoft.com/products/ad_aware_free.php will provide you with the protection you need and also ensure you keep up to date with the protection offered by Microsoft with their updates.
Alan
-
Norton and McAfee have got very resource heavy over the years, so has AVG.
Personally I use Microsoft Security Essentials and Outpost Firewall. I also use Malwarebytes as a backup if anything does get through.
The good thing with Malwarebytes is that it will run in normal, safe mode and from DOS so I would try downloading and run it in Safe Mode, John, before re-formatting the hard drive.
If it finds anything, remove it, reboot back into Safe Mode and run Malwarebytes again as sometimes these things will re-install themselves.
Martin.
-
Hi Rod, Alan and Martin, many thanks to you all, I will try your suggestions before wiping, as I'd lose so much other info - 99% of which is probably total cr*p which I'll never need to access anyway! I've had Orange's McAfee running for 2 days now but still getting sent to the handbag shop - now what colour matches my eyes? - no, there's nothing quite that bloodshot..................
-
Over the years I've also tried them all. I can recommend Mirosoft Security Essentials, it works well for me. I use Microsoft XP Pro.
I also run Spybot now and then.
Had a worm yesterday, removed it with Spybot. It was W3i.IQ5.fraud. Don't know where it came from.
John
-
Hi Jon,
Brimon reported in Reply#17 that like you he was being redirected to another site and it seems that TDSSKiller cured his problem.
Obviously good advice from Rod, Alan and Martin re protection, but ……….
In my case the trojans etc reappeared several times when revisiting this site even though they were found and removed by over half a dozen other malware and antivirus programmes the guy I mentioned in my last posting carries around on a memory stick in relation to his job. Even MS Defender Offline which runs from a bootup disc didn’t stop ‘em coming back after detection and removal. As I said, he told me this situation can only be resolved by eliminating them at their source. Presumably, if it wasn't, the same situation would occur even after a Windows reinstall
It would seem that the general problem has now been resolved but a response from AND to my last posting could perhaps reassure us that this is the case.
Good luck,
Syd
-
Hi John and Syd, many thanks for the comments, will have a look at MSE.