Trojan in one of the threads, watch out!

[benz]

Regarding the malware, I have a scriptblocker installed which automatically rejects all scripts at first. The blocking is only noticable to me if something doesn't work as expected on a particular site, or if I manually check which scripts are blocked at the time (which is how I found out about google analytics).

You are right the site is online again and the pic as it is up right now is not infected anymore, I apologize for that misinformation (I took googles word for it and didn't try myself again). However, obviously the site was infected within the last days, otherwise Google would not come up with such a message (I can provide further details on the message if it doesn't pop up when you are searching for the picture, it explicitly mentions trojans). I can see no error in my behaviour. My antivirus worked as good as the mechanisms they use at google. This was the first and only time ever my virus scanner poped up at getbig. If it happens again, I will report it again. If you disagree, please settle this with Ron, not me.

I appreciate your helping Ron in getting rid of unneeded scripts and malware which is why I didn't understand your agressiveness towards me when I reported the potential trojan. I can assure you that it was not my intention to get the thread deleted, I just wanted to make people aware of a potential threat.

1.- your script blocker failed to detect it
2.- the image never been infected
3.- I know, google thinks all sites contain virus, especially when it can handle some scripts.
4.- no, you should research first and then provide solid evidence, else you will be forcing ron to delete threads because you are paranoid and clueless
5.- im not agressive, i just think you fucked up a good thread because your are too paranoid and clueless
6.- you look like hal turner and the amero

cheers!

[wavelength]

1.- your script blocker failed to detect it
2.- the image never been infected
3.- I know, google thinks all sites contain virus, especially when it can handle some scripts.
4.- no, you should research first and then provide solid evidence, else you will be forcing ron to delete threads because you are paranoid and clueless
5.- im not agressive, i just think you fucked up a good thread because your are too paranoid and clueless
6.- you look like hal turner and the amero

1. Besides the point, but why do you think so?

2. So you're saying that I was lying? How do you know that with such determination?

3. It does not, but of course Google could be wrong in this case.

4. I ran the virus scanner over the pic in my cache and it said it contains a trojan. I searched for info on the trojan. I provided the exact name of the trojan as my virus scanner displayed. How is that paranoid? What research should I have done besides that? Why didn't you ask me to send you the pic when I still had it instead of 5 days later? Why didn't you investigate the pic when it was still available? Did you try to go to that link when I reported the thread? You would have seen that the page was taken down.

5. I would not have deleted the thread, and I did not expect it to be deleted. I was not aware of the procedure followed in such an incident. If I were a mod, I would investigate before deleting.

I never claimed that there actually is a trojan in the pic, nor did I claim that it would do any harm with today's viewers. I just reported what my virus scanner told me. Can you please tell me what I should do the next time my virus scanner pops up on content of a certain thread on getbig?

You seem to be more concerned about your reputation as a "guru" on all technical things rather than avoiding possible threats, at least that's how you come across here.

[benz]

1. Besides the point, but why do you think so?

2. So you're saying that I was lying? How do you know that with such determination?

3. It does not, but of course Google could be wrong in this case.

4. I ran the virus scanner over the pic in my cache and it sayed it contains a trojan. I searched for info on the trojan. I provided the exact name of the trojan as my virus scanner displayed. How is that paranoid? What research should I have done besides that? Why didn't you ask me to send you the pic when I still had it instead of 5 days later? Why didn't you investigate the pic when it was still available? Did you try to go to that link when I reported the thread? You would have seen that the page was taken down.

5. I would not have deleted the thread, and I did not expect it to be deleted. I was not aware of the procedure followed in such an incident. If I were a mod, I would investigate before deleting.

I never claimed that there actually is a trojan in the pic, nor did I claim that it would do any harm with today's viewers. I just reported what my virus scanner told me. Can you please tell me what I should do the next time my virus scanner pops up on content of a certain thread on getbig?

You seem to be more concerned about your reputation as a "guru" on all technical things rather than avoiding possible threats, at least that's how you come across here.

Im not saying you lied, you are just clueless and paranoid. Before reporting, research, if you dont know how, then ask around.
what if your virus scanner tell you to jump off a bridge? will you do it? i guess the answer is no, but judging by how you handle with such situations, you will eventually do it.

ps: yes the day the image was posted, there was no problem with, just like it is right now, since image and html are not changed, check mod dates mr paranoid

[wavelength]

Im not saying you lied, you are just clueless and paranoid. Before reporting, research, if you dont know how, then ask around.

I just did that. Please tell me what I should have done exactly.

what if your virus scanner tell you to jump off a bridge? will you do it? i guess the answer is no, but judging by how you handle with such situations, you will eventually do it.

My first reaction was of course that it's probably an error of my virus scanner (maybe checksum matches by accident, maybe the heuristics set too loose, etc.). I researched that particular trojan for false detections in certain virus scanners and couldn't find anything. Just to be save, I reported the problem after that. As I said, I didn't expect the thread to be deleted, I thought a mod will take a closer look first.

ps: yes the day the image was posted, there was no problem with, just like it is right now, since image and html are not changed, check mod dates mr paranoid

Besides insults, any explanation why my virus scanner has reported a trojan then and does not now? I tried with the Avira scanner in the exact same configuration with the image now online (no update of the scanner since) and it does not report a problem anymore.

[wavelength]

OK, I will try to get to the root of this. Maybe it was an attack on a proxy and not on the original website. I will let you know what I find out.

[wavelength]

Thanks to the help of another user (whose virus scanner also reported the virus/trojan), I could finally find the picture in question. It seems to be still online on some sites, e.g.:

_normalycorriente.com/wp-content/uploads/2007/05/gilipollas.jpg_

I added the underscores to make sure this is not displayed as a link on the board. I ran this file with an online virus scanner and it also reported the trojan. My virus scanner again reported the exact same trojan as 5 days ago.

Benz: This time I have put the file in the quarantine of my virus scanner, so I can deliver at any time, should you not be able to get access to the file in question.

[Tapeworm]

My virus scanner picked up the exact same virus on the exact same day.  13/11/08.

Benzos, were you the guy who posted that pic?  Is that what all the hubub is about?

[wavelength]

Just to be sure, I also contacted the owner of the thegreenman site. Maybe I was wrong with that one and the original link in the thread was on a different site. I will also contact the owner of the site where I now found the pic. Maybe also the deleted thread can still be fetched from one of the backups and the link which was in there can be confirmed.

From the below quote, it looks like benz has investigated the problem right away, when I reported it the first time:

There is no virus in that webpage, the only problem is wavelength having a mental problem.
Check the source, theres nothing embedded you mongol

Benz, can you tell me what link you have investigated at that time? You seem to be 100% sure that no trojan was in the pic (resp. no "non-nazi" virus scanner could have possibly reported one). No rip on you, I just want to get to the root of this. Again, I'm not saying that it couldn't be just false alarm, but Avira, McAfee, and the online Kapersky scanner all report the trojan. What scanner are you using, Benz?

[benz]

Ok so now we go through ANOTHER picture...but ok, i would like you to explain how is this a virus

Code: [Select]

<!-- INICIO - PUBLICIDAD POP-UP UNDER -->
<IFRAME SRC="http://www.ciudad.com.ar/ar/popunder/p_submit.asp?site=personales.ciudad.com.ar" width=1 height=1></IFRAME>
<SCRIPT LANGUAGE="JavaScript">
//<!--
for (var i=1; i<15; i++){
  setTimeout('self.focus();',i*30);
}
//-->
</SCRIPT>
<!-- FIN - PUBLICIDAD POP-UP UNDER -->
thats what your antivirus is detecting, so again, explain how is that a virus 

[benz]

My virus scanner picked up the exact same virus on the exact same day.  13/11/08.

Benzos, were you the guy who posted that pic?  Is that what all the hubub is about?

Do you really think myself, being a collaborator of ron, would like to post any virus here? the answer is no.

ps: i didnt post the pic either.

[wavelength]

Ok so now we go through ANOTHER picture...but ok, i would like you to explain how is this a virus

Code: [Select]

<!-- INICIO - PUBLICIDAD POP-UP UNDER -->
<IFRAME SRC="http://www.ciudad.com.ar/ar/popunder/p_submit.asp?site=personales.ciudad.com.ar" width=1 height=1></IFRAME>
<SCRIPT LANGUAGE="JavaScript">
//<!--
for (var i=1; i<15; i++){
  setTimeout('self.focus();',i*30);
}
//-->
</SCRIPT>
<!-- FIN - PUBLICIDAD POP-UP UNDER -->
thats what your antivirus is detecting, so again, explain how is that a virus 

The propability is very high that this was the file from 6 days ago since Tapeworm got the same report in his McAffee on the same date. With the above link, I also got the exact same report again. After deleting this part of the file, the file is clean, so you are right, this was indeed what my scanner detected.

I never said it's a virus, I said my virus scanner reported it as a trojan (TR/Spy.Banker.vk.1). Since two other scanners report the same problem, I don't think it's a problem of my particular scanner, apparently most scanners are too cautious in this case. I didn't check the file any further because I expected one of the mods to do that. I never said "delete the whole thread". If I would have known that this is the procedure as soon as someone reports a possible threat, I would have acted differently.

Maybe we can get something positive out of this thread by defining an appropriate procedure for such cases, which does not get the whole thread deleted.

[benz]

The propability is very high that this was the file from 6 days ago since Tapeworm got the same report in his McAffee on the same date. With the above link, I also got the exact same report again. After deleting this part of the file, the file is clean, so you are right, this was indeed what my scanner detected.

I never said it's a virus, I said my virus scanner reported it as a trojan (TR/Spy.Banker.vk.1). Since two other scanners report the same problem, I don't think it's a problem of my particular scanner, apparently most scanners are too cautious in this case. I didn't check the file any further because I expected one of the mods to do that. I never said "delete the whole thread". If I would have known that this is the procedure as soon as someone reports a possible threat, I would have acted differently.

Maybe we can get something positive out of this thread by defining an appropriate procedure for such cases, which does not get the whole thread deleted.

1.- useless if its going to detect even a iframe tag.
2.- quick actions always lead to wrong determinations, as  i said, no research ends in a total failure, just like it happened here.
3.- the most appropiated thing is to research before acting like a clueless, no doubt

I hope you learned something today, no need to be a guru like you called me, just have some patience.

[wavelength]

1.- useless if its going to detect even a iframe tag.
2.- quick actions always lead to wrong determinations, as  i said, no research ends in a total failure, just like it happened here.
3.- the most appropiated thing is to research before acting like a clueless, no doubt

I hope you learned something today, no need to be a guru like you called me, just have some patience.

1. My virus scanner has never before reported on a picture or any other media on the web. It was the first time ever I got such a report on a picture. Apparently Avira, McAffee, and Kapersky are all completely useless in this regard (in default setup). I must admit that I wasn't aware of that.

2. I don't think you can expect the avarage user of such a board to do more than I did. I thought mods would have experience with such cases and take it from there. I know now that this is not the case.

3. As I said, I would have done more research if I had known that the reaction is to have the thread deleted immediately without checkin out the problem.

I will refrain from reporting any more alerts from my virus scanner as long as there is no procedure defined to report the problem without the thread being instantly removed.

[benz]

1. My virus scanner has never before reported on a picture or any other media on the web. It was the first time ever I got such a report on a picture. Apparently Avira, McAffee, and Kapersky are all completely useless in this regard (in default setup). I must admit that I wasn't aware of that.

2. I don't think you can expect the avarage user of such a board to do more than I did. I thought mods would have experience with such cases and take it from there. I know now that this is not the case.

3. As I said, I would have done more research if I had known that the reaction is to have the thread deleted immediately without checkin out the problem.

I will refrain from reporting any more alerts from my virus scanner as long as there is no procedure defined to report the problem without the thread being instantly removed.

1.- must be, thanks to them and one paranoid idiot a thread has been deleted, and we were enjoying paco's bashing 
2.- you are right, nothing can be expected from a paranoid
3.- you didnt, nothing to do anymore, thread is gone, bashing is gone, all is gone thanks to you 
4.- dont report anything, its gonna be better and will keep threads alive 

[wavelength]

1.- must be, thanks to them and one paranoid idiot a thread has been deleted, and we were enjoying paco's bashing 
2.- you are right, nothing can be expected from a paranoid
3.- you didnt, nothing to do anymore, thread is gone, bashing is gone, all is gone thanks to you 
4.- dont report anything, its gonna be better and will keep threads alive 

Haha, I guess I diserved that, no problem.

Ron appreciated my reporting of the google analytics script though.
In this case, the mods didn't delete the whole board now, did they?

[benz]

Haha, I guess I diserved that, no problem.

Ron appreciated my reporting of the google analytics script though.
In this case, the mods didn't delete the whole board now, did they?

that would've been epic no doubt lol

[CalvinH]

I thought this thread would be about condoms