Plakias Forums
Administration, Feedback and Bugs => Forum and Website discussion => Topic started by: Chris H. on April 22, 2008, 12:02:48 PM
-
Hi,
For a couple of weeks now I get ( both at work and at home) a virus alert (trojan horse found and removed) everytime I visit the board.....
Chris H. (only 9 weeks to go..........)
-
Chris,
Do you have any other info on the Trojan? (eg: W32-gobbledegook-BD)
Which AV tool is reporting it?
On the basis that I'm paranoid and haven't had any (recent) problems, nor has anybody else reported a problem, I'd suspect you are getting a "false positive".
-
This problem came up some time ago and there is a message stream about it somewhere on this board. I think Paul knows about it so don't panic.
george g...
-
Chas,
This is what it says under name:
prf329.tmpPRF329.TMP
Chris H.
-
Chas,
sorry, you asked what AV tool detected it
uhh, dunnoh......
other information:
under detected:
Exploit-ByteVerify
and also:
VBS/Psyme
hope this helps
-
George - the past problem was with some "naughty" scripts that had been hacked onto the Invision servers.
Chris H - after a quick bit of digging, the "Exploit-ByteVerify" is an old trojan/exploit which Microsoft fixed several years ago see this Microsoft Security Bulletin (http://www.microsoft.com/technet/security/Bulletin/MS03-011.mspx).
I will assume you have a legal version of Windows and have been very good and got all the monthly patches and fixes from the Windows Update (from the "Start" button or Internet Explorer <Tools> dropdown).
"VBS/Psyme" is another oldie that should already be blocked.
If you have Mcafee (as I suspect), it has a track-record of getting false-positives for several scumware items.
Just for a quick-fix, try clearing ALL your temporary / Internet files (Internet Explorer <Tools> <Internet Options> on the "General" tab, centre block) - the PRF329.TMP file causing the warning is probably sat in the cache and wakes up whenever you come here.
-
Chas,
Okidoki, thanks a lot:)
-
Over the last few weeks when on this site I 've been bombarded with viruses and other problems. A particularly troublesome one was W32/Small.EA. I've managed to get on top of it all now (but I can't get rid of a relic in the form of a message which keeps popping up every time I switch the computer on which says: "Error loading i.Security.cpl. The specified module could not be found."). Today, in addition to the usual virus stream, I've lost web functionality, and have had to switch the computer off completely in order to be able to move on to another part of the forum. It seems that this website has somehow become a conduit for various nasties. Has anyone else experienced any problems of this nature (apart from Chris H.)?
Noopsy
-
Over the last few weeks when on this site I 've been bombarded with viruses and other problems. A particularly troublesome one was W32/Small.EA. I've managed to get on top of it all now (but I can't get rid of a relic in the form of a message which keeps popping up every time I switch the computer on which says: "Error loading i.Security.cpl. The specified module could not be found."). Today, in addition to the usual virus stream, I've lost web functionality, and have had to switch the computer off completely in order to be able to move on to another part of the forum. It seems that this website has somehow become a conduit for various nasties. Has anyone else experienced any problems of this nature (apart from Chris H.)?
Noopsy
Yep, me too, every now and again lately my explorer gets stuck when I am at this site. I have to close down explorer and start it up again to be able to go on.
Chris H.
(I'd love to get stuck in Plak though)
-
Over the last few weeks when on this site I 've been bombarded with viruses and other problems. A particularly troublesome one was W32/Small.EA. I've managed to get on top of it all now (but I can't get rid of a relic in the form of a message which keeps popping up every time I switch the computer on which says: "Error loading i.Security.cpl. The specified module could not be found."). Today, in addition to the usual virus stream, I've lost web functionality, and have had to switch the computer off completely in order to be able to move on to another part of the forum. It seems that this website has somehow become a conduit for various nasties. Has anyone else experienced any problems of this nature (apart from Chris H.)?
Noopsy
Yep, me too, every now and again lately my explorer gets stuck when I am at this site. I have to close down explorer and start it up again to be able to go on.
Chris H.
(I'd love to get stuck in Plak though)
For some time now I have been getting an alert from my Zone Alarm spy site module stating that access has been blocked to "bot.gribokk.com/setup.php?aff_id=6080". I wonder what this is about. This only occurs when visiting this forum.
Robin Young
-
I've taken a look and there were some suspicious files that appeared on the 6th of April.
I have now deleted these. Can you let me know how you get on now.
I'll be sure to keep a closer eye out now :-(
Apologies for any trouble caused.
Cheers,
Paul
-
Noopsy, Chris H, Robin Young,
In view of the low number of reports (and the fact I've had no problems), I reckon you may have something nasty stuck behind the scenes on your PCs ..... Try This Link (http://www.techsupportteam.org/forum/malware-removal/) for help with identifying what's there (that shouldn't be) AND how to get rid of it.
Start off by reading "Viruses/Spyware/Malware, preliminary removal instructions." - you'll soon work out if you need more help. The "boss", Howard Hopkins, is very helpful and understanding ..... he's also very busy, so don't expect immediate replies (but you may well get them).
I can be smug now but it was a different story a few years back (http://cablehell.co.uk/forums/style_emoticons/default/whistling.gif)
Good luck with your clean ups (http://www.chatitaliachat.it/serpe/ride/113.gif)
-
I've taken a look and there were some suspicious files that appeared on the 6th of April.
I have now deleted these. Can you let me know how you get on now.
I'll be sure to keep a closer eye out now :-(
Apologies for any trouble caused.
Cheers,
Paul
I am no longer getting the Zone Alarm spy site alerts.
Robin Young
-
Ok for the home pc but I have the same problem at work and they have hundreds of computers running and all very well protected so.....?
Chris H.
-
Robin - Glad it seems to have been resolved now.
Noopsy - How is it for you now?
Chris - So you are ok at home but your work PC still has a problem? Did your anti-virus find and attempt to fix anything at work?
Has anyone else had aproblem?
I haven't on a number of PCs I have used though of course it will be dependent on which parts of the site you visited in relation to those suspicious files I removed.
From a security standpoint I ensure that all FTP account are secure and protected by a strong password. (FTP accounts are used to upload files to the web server. The web server then sends/executes these files when you visit the website)
I will also now do daily checks on new files that appear on the site. As this site is fairly static, i.e it is not constantlay updated like the BBC News website, then it should be fairly easy to spot nasties.
New files should only appear on the webserver if someone uploads something, i.e a picture, or if I make any changes.
All posts and topics are not held as discrete files at the Operating System level but in a database.
Please feel free to PM or e-mail me if you need any assitance.
Regards,
Paul
-
Chas
Thanks for the advice and link but having read it all I'm really none the wiser. The only remaining issue is the message "Error loading iSecurity.cpl. etc." which keeps popping up. It would be nice to know what it means, and how the cause can be eliminated.
Ploppy
I think that the files that you discovered were the cause of all the problems (I first experienced them when I logged onto the forum on the 9th April) because now that you have deleted these files, everything is fine again. Thank you.
Noopsy
-
Ploppy,
No problems at home anymore
Don't know about work cause we have spring holiday now and the sun shines and it's 25 and up and it puts me in a Plak kind of mood
Chris H.
-
Thanks for the advice and link but having read it all I'm really none the wiser. The only remaining issue is the message "Error loading iSecurity.cpl. etc." which keeps popping up. It would be nice to know what it means, and how the cause can be eliminated.
"iSecurity.cpl" is linked to spyware - HOWEVER, it isn't on your pc anymore (hence the message).
You still have some entries in the system registry which are trying to load it and because it isn't there, you get the message.
If you are not a geeky person, I wouldn't recommend messing with the registry - even Microsoft can cock it up!
I can recommend this tool: Bazooka (http://www.kephyr.com/spywarescanner/index.html?source=appvisit), which will find all the hidden nasties and may help you get rid of them. Otherwise, a registry cleaner, like Ccleaner is next best BUT keep a before-copy of your registry, just in case.
-
Thanks, Chas. Will give it a careful shot when I get back home. (Am in Paleochora at the moment where it is very sunny. )
Noopsy
-
Noopsy ....... (http://www.millan.net/minimations/smileys/voodoodoll.gif) ...... anybody got a spare pin or twenty?
-
Aha! So it's you I have to thank for for that stomach ache!
-
N:
All is now forgiven ... we're off to Kos on Wednesday, so the jealousy has gone down a bit.
{Thinks: did I check I'd pulled out all those pins?}
-
Have a great time...but I think you've forgotten to pull the pin out of the small of my back. (And there was me thinking that it was the bed at the Anonymous Homestay that was to blame. )