AirNav RadarBox
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 


Author Topic: Trojan detected in Airnav forum  (Read 20133 times)

0 Members and 1 Guest are viewing this topic.

knight01

  • Sr. Member
  • ****
  • Posts: 298
Trojan detected in Airnav forum
« on: April 17, 2012, 11:10:16 AM »
Last few weeks I've been getting Trojan warning messages when I open Airnav forum and luckily my internet security (Kaspersky) stops and blocks the page from loading and infecting my PC.
The latest warning I'm getting is for this Trojan: Trojan-Downloader.JS.Iframe.cwh.   I've scanned my computer twice and both times it comes clean.

But there are other variants: Trojan-Downloader.JS.Iframe.bzn and Trojan-Downloader.JS.Iframe.cdh
This is the information on Kaspersky site about these trojans:

"Technical Details

This Trojan downloads another program and launches it on the victim machine without the user's knowledge or consent. It is a Java Script scenario within an HTML document. It is 181 bytes in size.

Payload

Once an infected page is opened in the browser, the Trojan in a hidden frame attempts to open the resource, located at the following link:"

It's a Javascript exploit, Airnav may need to update java on their server and run a virus scan.
« Last Edit: April 17, 2012, 04:10:06 PM by knight01 »

Runway 31

  • Moderator
  • Hero Member
  • *****
  • Posts: 34020
Re: Trojan detected in Airnav forum
« Reply #1 on: April 17, 2012, 11:25:20 AM »
I found this on the net and may offer an explanation.  I certainly dont get anything from Norton.

Bogus Virus Threat
Unfortunately a recent update to the popular virus checker Kaspersky has branded all our Parish Record databases as a threat, with the following message - "object is infected by Trojan-Downloader.JS.Iframe.bzn" The files have been inspected and it is actually a case of Kaspersky being rather over cautious, because it can't read the address for our Iframe, which has been encoded to help protect the full database from being downloaded. A work around is currently being looked for, but be assured that there is not a threat from entering these pages, they have been carefully checked and only 2 out of 44 up-to-date virus checkers think there may be a problem.

Alan

AirNav Support

  • AirNav Systems
  • Hero Member
  • *****
  • Posts: 4127
Re: Trojan detected in Airnav forum
« Reply #2 on: April 17, 2012, 11:29:44 AM »
The server is clean, no viruses on the forum or server. Don't worry.

As Runway 31 says there are a lot of cases now of false postives from Anti Virus software. Though some people would probally say better to be safe then sorry.
Contact Customer/Technical support via:
http://www.airnavsystems.com/contact.html
[email protected]

artnco

  • New Member
  • *
  • Posts: 10
Re: Trojan detected in Airnav forum
« Reply #3 on: April 17, 2012, 11:39:08 AM »
Can you please confirm that  avast! is the other virus checker showing the problem.

I have been receiving a "Trojan Horse Blocked" warning from avast! Web Shield for a few days now, although it does seem to be intermittent.

The infection is shown as HTML:Downloader-BY [Tri]

Many thanks

artnco

orkney

  • Database Updater Moderator
  • Hero Member
  • *****
  • Posts: 1550
    • orkney radarbox screenshot
Re: Trojan detected in Airnav forum
« Reply #4 on: April 17, 2012, 02:15:28 PM »
Hello

Avast has alerted to these when connecting to the forum occasionally over the last week or two. I thought it was a coincidence as it wasn't every time but as others have also been finding this I thought I would post them now. I have changed http to hstp so the links aren't clickable.

06/04/2012 21:12:35   hstp://ads.biz14.com/showthread.php?t=45612777|>{gzip} [L] HTML:Downloader-BY [Trj] (0)
07/04/2012 09:11:19   hstp://gu.whynotad.com/showthread.php?t=45612777|>{gzip} [L] HTML:Downloader-BY [Trj] (0)
10/04/2012 17:27:14   hstp://a.dnepr.com/showthread.php?t=45612777 [L] HTML:Downloader-BY [Trj] (0)
15/04/2012 11:06:39   hstp://namcm.dnepr.com/images.php?t=81118 [L] JS:Pdfka-gen@bhv [Expl] (0)

this is from my avast log.

Thank you

Andrew

RodBearden

  • Hero Member
  • *****
  • Posts: 9181
    • Rod's RadarBox Downloads
Re: Trojan detected in Airnav forum
« Reply #5 on: April 17, 2012, 03:21:37 PM »
Norton Internet Security 2012 has come up with an attack blocker notice when I first come on to the forum - this is the history in case it helps.

Rod
Rod

Runway 31

  • Moderator
  • Hero Member
  • *****
  • Posts: 34020
Re: Trojan detected in Airnav forum
« Reply #6 on: April 17, 2012, 03:56:35 PM »
whynotad.com is a free advertising web site

Alan

Team Spirit

  • Full Member
  • ***
  • Posts: 179
  • AF1981 A380-800 passing T5 enroute CDG.
Re: Trojan detected in Airnav forum
« Reply #7 on: April 17, 2012, 07:42:36 PM »
Hi Rod,

Yes I get these too. with Norton 2012 full version. It's cleaned each time and system seems fine. Only receive the prompt when I connect to the forum.

Cheers Dave..
Best regards Dave.

Hawkeye

  • Sr. Member
  • ****
  • Posts: 290
Re: Trojan detected in Airnav forum
« Reply #8 on: April 17, 2012, 09:19:55 PM »
Strange thing this thread starting when it did. I've had the same thing happening for a couple of weeks when I've opened up the forum, but with different Trojans
.
The remarkable thing to me is that I was about to report that I suspected the forum after I got another warning from Comodo again this morning but decided to run Malwarebytes first. This thread started while it was running!!

As I said, I have Comodo and Malwarebytes installed and both have found and removed Trojans several times in the past weeks but they have reappeared.  As I began to suspect the forum, I opened several others of my 'favourite' sites first this morning without any warning appearing. As soon as I opened forum again, one did.

Seems to me a bit more than a coincidence so many members are having problems. which appear to be linked to the forum.

Syd.

AirNav Development

  • AirNav Systems
  • Hero Member
  • *****
  • Posts: 2545
    • AirNav Systems
Re: Trojan detected in Airnav forum
« Reply #9 on: April 18, 2012, 12:43:12 AM »
We are having a look at this situation right now.

Runway 31

  • Moderator
  • Hero Member
  • *****
  • Posts: 34020
Re: Trojan detected in Airnav forum
« Reply #10 on: April 18, 2012, 07:16:55 AM »
Ckecked and my Norton gave me the same as Rod this morning.

Alan

knight01

  • Sr. Member
  • ****
  • Posts: 298
Re: Trojan detected in Airnav forum
« Reply #11 on: April 18, 2012, 07:36:45 AM »
I don't get these errors/warnings on other forums I visit too.  Sometimes the Airnav forum will open without warnings, but if I open a thread, Kaspersky will give me "information" message that a Trojan was detected and blocked and the thread continues to load.

chewycanes

  • Hero Member
  • *****
  • Posts: 711
Re: Trojan detected in Airnav forum
« Reply #12 on: April 18, 2012, 02:02:19 PM »
I have Norton 360 on one machine and Mc Afee on another and have not had any threats identified.

However i stay logged in all the time and never logout.

So is it only when people login to the forum that these threats are identified ?

Brian

RodBearden

  • Hero Member
  • *****
  • Posts: 9181
    • Rod's RadarBox Downloads
Re: Trojan detected in Airnav forum
« Reply #13 on: April 18, 2012, 03:38:24 PM »
That's certainly how it goes for me.

Rod
Rod

CoastGuardJon

  • Hero Member
  • *****
  • Posts: 1178
  • Mullion Cove, Kernow --- sw Cornwall UK.
Re: Trojan detected in Airnav forum
« Reply #14 on: April 18, 2012, 06:08:02 PM »
I have had problems with my laptop for the last few days, since I opened this site and had a pop up which seems to have hi-jacked my machine.   I used to run Norton, but since this expired, and I changed from BT Internet to Orange, and had problems installed their freebie version of McAfee, I've not had any protection running - only myself to blame for that! - but there's definitely something interfering with things now.   If I open IE, sometimes the machine goes to various advertising sites and shuts down whatever I'm trying to access, my email is worst, which I'm not able to acces properly now.    I feel a re-format of HDDs and re-installation of Win 7 coming on, at least 2 years since I last had to do it, so that'll also get rid of an awful lot of crap!   Before this happened, RB program would act up, and won't let me highlight a particular a/c on the display, doing its own thing, going to any other a/c in the vicinity except the one I was trying to follow - anyone else had that?
ANRB :  AOR AR8000 : Icom R-7000 : Icom IC-R9000 : JRC NRD-545 : OptoElectronics Digital Scout and OptoLinx Interface; Realistic Pro-2005 : UBC 800XLT - listed in alphabetical order, not cost, preference, performance or entertainment value!