I’ve taken the liberty of moving this thread to a more correct sub-forum; hopefully one of the Admins will see it soon. I too am getting a virus notification from my Norman Antivirus program; it appears to be a Trojan of the type ‘JS/Exploit_based’. Norman has the following to say about this Trojan:
�This is a small piece of javascript code that is sometimes used to break through the security in Internet Explorer. Usually the code is used in connection with "planting" new default start pages, search bars, and favourites to your browser without you knowing about it.
The script does this using a bug in Internet Explorer, and it is the code to "use" this bug that we detect.
It is important to understand that while the script in most cases does not constitute more than an annoyance, it _may_ be used for more destructive actions.�
Will one of the Admins please have a look at this? Thank you.
McAfee has been trapping the JS/Wonka Trojan and the Downloader-SG trojan every time I have connected to LO for the past 2 days.
My McAfee is set to auto-update every 7 days.
So it's current.
Thanks for the link BlackHat.
My read of that McAfee report is that JS/Wonka IS a real trojan.
And that reports of false hits were, in fact, real hits of the trojan.
I am going to have McAffe check for the lastest updates
And if this continues I would guess that LO has a real problem.
[EDIT]
OK, just had McAfee check for updates. And it says I am current.
McAfee reports that the NEWS[1].HTML is infected with the JS/WONKA Trojan
and
OPEN[1].EXE is infected with the Downloader-SG Trojan.
Actually, the JS/Wonka virus is to be worried about, it hasn't been destructive yet, but, there are a possiblity that the LO frontpage has been compromised and had this code added, but it could also be any add links on the frontpage that's causing it.
I have several bookmarks to take me to different sections of LO.
And it does not matter where I come in I DON'T get the trojan warning on the first page.
I get it when I go to the second page.
For example this time I came in with my bookmark for the USER CP page.
No warnings.
I saw there were new posts in this thread so I clicked the link to come here.
As soon as the second LO page starts loading I get the Trojan Warning.
I can recreate this sequence at will.
I.E.
Come in on the forum and go to the gallery. Trojan warning loading gallery page.
Come in on the gallery and go to the forum. Trojan warning loading forum page.
Come in on the forum main and go to a sub forum. Trojan warning loading sub forum page.
Etc etc etc.
Oh now that's just so easy -_- I think I'll just go outside and WHOA insta-mac <_< Besides, mac sucks :tongue: Just kidding. But really, it's not that easy to just go and get a mac as you say.
Never had a warning on either IE (with Windows Server 2003 Firewall) or on Firefox (with Sygate Pro Firewall).
Could this be due to some script in one of the ad banners rather than on the main site? that could explain why it seems to appear and dissapear for certain members?
About half of the more than 10,000 sites using JS/Wonka are either compromised or malicious Web sites attempting to stick malware or spyware on unsuspecting users' PCs, said Hubbard. The other half of the sites use the encoded, obfuscated JavaScript to display spoofed search results which link to sites selling products typically shilled through spam, or used by sites trying to hide their URLs from affiliate advertising vendors because those sites may be breaking contractual agreements.
No Trojan warnings for me today.
Looks like you've fixed it.
Thanks
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Librarium Online Forums
2M posts
86.9K members
Since 2002
A forum community dedicated to Wargamers, Wargaming 40K enthusiasts. Come join the discussion about Warhammer and Wargaming collections, miniatures, tactics, terrain, reviews, accessories, history, displays, models, styles, scales, reviews, accessories, classifieds, and more!