Trojan detected in Airnav forum

[knight01]

Last few weeks I've been getting Trojan warning messages when I open Airnav forum and luckily my internet security (Kaspersky) stops and blocks the page from loading and infecting my PC.
The latest warning I'm getting is for this Trojan: Trojan-Downloader.JS.Iframe.cwh.   I've scanned my computer twice and both times it comes clean.

But there are other variants: Trojan-Downloader.JS.Iframe.bzn and Trojan-Downloader.JS.Iframe.cdh
This is the information on Kaspersky site about these trojans:

"Technical Details

This Trojan downloads another program and launches it on the victim machine without the user's knowledge or consent. It is a Java Script scenario within an HTML document. It is 181 bytes in size.

Payload

Once an infected page is opened in the browser, the Trojan in a hidden frame attempts to open the resource, located at the following link:"

It's a Javascript exploit, Airnav may need to update java on their server and run a virus scan.

[Runway 31]

I found this on the net and may offer an explanation.  I certainly dont get anything from Norton.

Bogus Virus Threat
Unfortunately a recent update to the popular virus checker Kaspersky has branded all our Parish Record databases as a threat, with the following message - "object is infected by Trojan-Downloader.JS.Iframe.bzn" The files have been inspected and it is actually a case of Kaspersky being rather over cautious, because it can't read the address for our Iframe, which has been encoded to help protect the full database from being downloaded. A work around is currently being looked for, but be assured that there is not a threat from entering these pages, they have been carefully checked and only 2 out of 44 up-to-date virus checkers think there may be a problem.

Alan

[AirNav Support]

The server is clean, no viruses on the forum or server. Don't worry.

As Runway 31 says there are a lot of cases now of false postives from Anti Virus software. Though some people would probally say better to be safe then sorry.

[artnco]

Can you please confirm that  avast! is the other virus checker showing the problem.

I have been receiving a "Trojan Horse Blocked" warning from avast! Web Shield for a few days now, although it does seem to be intermittent.

The infection is shown as HTML:Downloader-BY [Tri]

Many thanks

artnco

[orkney]

Hello

Avast has alerted to these when connecting to the forum occasionally over the last week or two. I thought it was a coincidence as it wasn't every time but as others have also been finding this I thought I would post them now. I have changed http to hstp so the links aren't clickable.

06/04/2012 21:12:35   hstp://ads.biz14.com/showthread.php?t=45612777|>{gzip} [L] HTML:Downloader-BY [Trj] (0)
07/04/2012 09:11:19   hstp://gu.whynotad.com/showthread.php?t=45612777|>{gzip} [L] HTML:Downloader-BY [Trj] (0)
10/04/2012 17:27:14   hstp://a.dnepr.com/showthread.php?t=45612777 [L] HTML:Downloader-BY [Trj] (0)
15/04/2012 11:06:39   hstp://namcm.dnepr.com/images.php?t=81118 [L] JS:Pdfka-gen@bhv [Expl] (0)

this is from my avast log.

Thank you

Andrew

[RodBearden]

Norton Internet Security 2012 has come up with an attack blocker notice when I first come on to the forum - this is the history in case it helps.

Rod

[Runway 31]

whynotad.com is a free advertising web site

Alan

[Team Spirit]

Hi Rod,

Yes I get these too. with Norton 2012 full version. It's cleaned each time and system seems fine. Only receive the prompt when I connect to the forum.

Cheers Dave..

[Hawkeye]

Strange thing this thread starting when it did. I've had the same thing happening for a couple of weeks when I've opened up the forum, but with different Trojans
.
The remarkable thing to me is that I was about to report that I suspected the forum after I got another warning from Comodo again this morning but decided to run Malwarebytes first. This thread started while it was running!!

As I said, I have Comodo and Malwarebytes installed and both have found and removed Trojans several times in the past weeks but they have reappeared.  As I began to suspect the forum, I opened several others of my 'favourite' sites first this morning without any warning appearing. As soon as I opened forum again, one did.

Seems to me a bit more than a coincidence so many members are having problems. which appear to be linked to the forum.

Syd.

[AirNav Development]

We are having a look at this situation right now.

[Runway 31]

Ckecked and my Norton gave me the same as Rod this morning.

Alan

[knight01]

I don't get these errors/warnings on other forums I visit too.  Sometimes the Airnav forum will open without warnings, but if I open a thread, Kaspersky will give me "information" message that a Trojan was detected and blocked and the thread continues to load.

[chewycanes]

I have Norton 360 on one machine and Mc Afee on another and have not had any threats identified.

However i stay logged in all the time and never logout.

So is it only when people login to the forum that these threats are identified ?

Brian

[RodBearden]

That's certainly how it goes for me.

Rod

[CoastGuardJon]

I have had problems with my laptop for the last few days, since I opened this site and had a pop up which seems to have hi-jacked my machine.   I used to run Norton, but since this expired, and I changed from BT Internet to Orange, and had problems installed their freebie version of McAfee, I've not had any protection running - only myself to blame for that! - but there's definitely something interfering with things now.   If I open IE, sometimes the machine goes to various advertising sites and shuts down whatever I'm trying to access, my email is worst, which I'm not able to acces properly now.    I feel a re-format of HDDs and re-installation of Win 7 coming on, at least 2 years since I last had to do it, so that'll also get rid of an awful lot of crap!   Before this happened, RB program would act up, and won't let me highlight a particular a/c on the display, doing its own thing, going to any other a/c in the vicinity except the one I was trying to follow - anyone else had that?