Jump to content
SAU Community

Recommended Posts

its the reverse placebo effect.

there used to be the problem on the board, hence this topic, but its since been fixed. however some people dont realise its been fixed, and hence are thinking its somehow still happening :(

God I hope so... I've had enough of working on SAU to last me another 6 months, and I'm still not finished. :D

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302766
Share on other sites

  • Replies 95
  • Created
  • Last Reply

Top Posters In This Topic

Fingers xed... I saw the boards down today at work, logged on later in the day no problems.

Just logged on at home (11.28pm, 3/7) and I had the exploit blocked (I'm hoping from a locally cached version of the page, but I haven't logged on from here for a week?)

Anyway, I know you'll still be monitoring it - just thought I'd let you know.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302820
Share on other sites

it will be a patching problem not entirley on the IVB side. Wait for dicrosoft to patch it properly Ie wise and Ivb to run out the kink's i bet over a few weeks . IVB the will be still very worried about it and a few features will no doubt be not functioning for saftey ! .

Microsoft let out a Doossie with one of there upgrades that found pirate copies of Xp . since then alot of people are unpatched and there are lots of conflicts.

Edited by ishh
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302830
Share on other sites

No, haven't received it before... Was only reading about the Billion boards being affected by it this morning, didn't even blink as to why the SAU boards were down (stocktake was a b!tch.)

Silly me didn't check the timestamp in the temp file before it was removed... I've reloaded the page & IE many a time anyway - hasn't reappeared.

Who knows, peculiarity of Apache or one of the various proxies I'm running through I guess...

(Edit: Ugh... bloody thing is still running, back soon.)

Edited by cooks44
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302902
Share on other sites

Got it today at work after the site had been down... and just got it now at home. Each time my McAfee seems to have caught it, although there is a HEAP of HDD activity for quite some time and the computer slows down... (and no, I wasn't running a virus scan)

So something still creepy in there guys,

M

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302952
Share on other sites

The reason this security alert comes up is because of an exploit used on IE.

This utility released by Norton (antivirus software developers) can be used to disable windows scripting... if at any time you find that you need windows scripting enabled (if one of your apps won't work) you can use the same utility to re-enable it.

http://www.symantec.com/avcenter/noscript.exe

Its recommended that you turn off scripting so that no malicious websites or people can force your browser to download and run trojans/worms.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302981
Share on other sites

this is more an exploit being found By your Av than Trojans loading off the SAU Page slowing down your systems hard disk.

It doesn’t mean that a Trojan is loading ... It means it has vulnerable scripting and it is possible.. < this is the message to get out !

I highly doubt that anyone got infected as it was just a generic warning from the AV reading the scripting.

Prank i would try to word a statement that states it is the vulnerability that has been found, Detected by AV not a virus or Trojan.

I am Guessing a bit there because i don’t know if anyone got infected but that’s my guess in the confusion !

For someone to achieve this they would need access to private FTp to embedded the server or an identical mirror linked with the embedded server.

Most members would have this Short cutted so the mirror would not work either.

If by the slightest chance it was mirrored then its going to jag non members surfing from an engine.

Tell the whingers that it is there old Av update that is detecting the Script.

and to please be patient.

if you can Categorically state that nothing dloaded from the page and infected anyone then this will help out a lot with the complaints you may get....

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303336
Share on other sites

GET FIREFOX or OPERA instead of the IE browser.... ITS not the SAU board, its because the SAU board is Invision and Ie has a big hole in it ... the same will happen on any Invision Board using an Ie browser until Microsoft do something .

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303398
Share on other sites

Hi guys,

Just in case it helps, the offending file that McAfee pointed at was called 0day.htm

This file goes to http://196.regvista.com/0day.htm

Maybe this would help to sniff it out?

Immediately after McAfee finds it and cleans it, McAfee is disabled! And there is a c$#@load of hard drive activity for several minutes..

Cheers,

Matt.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303417
Share on other sites

yeah i got the trojan downloaded to my home machine over the weekend. i removed all the crud using adaware but my pc is now a bit fuxored unfortunately. AVG is broken so i've tried uninstalling it and installing norton but cant get through the install without it dying. :D

anyone got any advice? :P

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303473
Share on other sites

I thought it had gone, but alas, I just got another warning from my a/v (Avast pro).

Seems to identify it as WIN32 Trojano ...

My a/v catches it and terminates connection before there's any consequence.

This only happened for the first time on Friday I think.

Has never happened before, so I cant imagine, as previously mentioned by someone, that it's Invision, unless SAU has just changed their system over.

Also, had no old cache, i clean it almost daily, and IE is set to load new page everytime (no caching).

Anyways, not a big deal on my end, but perhaps might be helpful to track down the issue.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303490
Share on other sites

i am looking at all the manual ways now....

... For a try install norton in Safe mode ... Or systems restoring before hand and repeating...

Looking into this more now I see its a fairly old exploit reworked . So until more info unfolds its a bit hard.

F8 key hold down on reboot until you get Safe mode ... then run the the install. Its tricky because you have to some how get the Av to update in safe mode

My AV rips it straight out !!! Pm me if you would like to try it .

Munkyb0y Av only finds it once its been reported. the exploits can function and go on for months before this!

Edited by ishh
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303497
Share on other sites

GET FIREFOX or OPERA instead of the IE browser.... ITS not the SAU board, its because the SAU board is Invision and Ie has a big hole in it ... the same will happen on any Invision Board using an Ie browser until Microsoft do something .

This is not an option for me

cheers.

Hi guys,

Just in case it helps, the offending file that McAfee pointed at was called 0day.htm

This file goes to http://196.regvista.com/0day.htm

Maybe this would help to sniff it out?

I just got the identical thing.

I've been browsing SAU for 4 hours now (from the uber protected work PC). And the Norton box just fired up @ 10:44 with the same above ^^^

I've flushed ALL the temp files etc etc etc.

And ive just done it again.

Will report back if it get it again

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303506
Share on other sites

Hello again.. this is a test

I am using ie 6 NO AV and nothing is connecting , Downloading or Executing .

As i mentioned before to Munky these exploits are oftern not reported for months so everyone is oblivious until there is an Alert.. Then poo fly fanward forth!

this ie exploit can be used so braodly so i still think the Sau board is fine now upgraded and more the users buggy infected Pc's ,its just that this situation Alerted alot of people that they had a problem....

For all the people with Disabled AV Try this link to actualy see what state your PC is in. Not sure if the demo will clean it! My guess is it will :D

http://www.trendmicro.com/hc_intro/default.asp

Ie is Every uni students wet dream to practice code on .... Its also the most cloaked process giving people the impression that its fine because its always running . DANGEROUS

I am still working on the manual removal... It would be good to look at the old unpatched pages ???

Bac soon ish!

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303636
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



  • Latest Posts

    • Even more fun, leave all the ADAS stuff plugged in, but in different locations, hopefully avoid any codes!   And honestly, all these new cars with their weird electronics. Pull all the electronics out Duncan, and just shove an aftermarket ECU and if needed a trans controller in, along with a PDM. Make it run basic but race car styled!
    • To follow up a question from earlier too since I had the front bar off again (fking!) This is what is between the bumper and the drivers side wheel And this is the navigator side, only one thing but its a biggy! So basically....no putting coolers in the wheel arches without a lot of moving other stuff. Assuming I move to properly race prepping this car I'll take that job on and see how the computers respond to removing a whole bunch of ADAS modules
    • So I prepped the car for another track day on Wednesday (will be interesting to see coolant temps post flushing out and the larger reservoir, with a forecast of 3-14 being 20o cooler than last time I took it out). Couple of things to mention; since I am just driving the car and not taking a support vehicle, I took the rear seats out and just loaded the back up Team Trackday style. Look at all that space! To cover off removing the rear seat....it is weird (note the hybrid is probably different because it wouldn't have folding rear seats) Basically, you remove the lower seat base, very similar to a r series but it is a clip that pulls forward to release the base rather than it being bolted down. Easy Then, you need to remove the side section of the rear seat on each side. There is a 14mm head nut at the bottom of the side piece, the it slides upwards off a hook at the top to release; you also need to unhook the seatbelt from the loop at the top. Then the centre piece is weird. You need to release/fold the seats forward with the tab in the boot on each side From there, there are 2,x12mm headed bolts holding the rear of each seat to the folding bracket, under the trim between the rear seat and the boot (4x christmas tree clips there, they suck). The seat is out but you can see where the bolts attach to the bracket
    • As discussed in the previous post, the bushes in the 110 needed replacing. I took this opportunity to replace the castor bushes, the front lower control arm, lower the car and get the alignment dialled in with new tyres. I took it down to Alignment Motorsports on the GC to get this work done and also get more out of the Shockworks as I felt like I wasn't getting the full use out of them.  To cut a very long story short, it ended up being the case the passenger side castor arm wouldn't accept the brand new bush as the sleeve had worn badly enough to the point you could push the new bush in by hand and completely through. Trying a pair of TRD bushes didn't fix the issue either (I had originally gone with Hardrace bushes). We needed to urgently source another castor arm, and thankfully this was sourced and the guys at the shop worked on my car until 7pm on a Saturday to get everything done. The car rides a lot nicer now with the suspension dialled in properly. Lowered the car a little as well to suit the lower profile front tyres, and just bring the car down generally. Eternally thankful for the guys down at the shop to get the car sorted, we both pulled big favours from our contacts to get it done on the Saturday.  Also plugged in the new Stedi foglights into the S15, and even from a quick test in the garage I'm keen to see how they look out on the road. I had some concerns about the length of the LED body and whether it'd fit in the foglight housing but it's fine.  I've got a small window coming up next month where I'll likely get a little paint work done on the 110 to remove the rear wing, add a boot wing and roof wing, get the side skirt fixed up and colour match the little panel on the tail lights so that I can install some badges that I've kept in storage. I'm also tempted to put in a new pair of headlights on the 110.  Until then, here's some more pictures from Easter this year. 
    • I would put a fuel pressure gauge between the filter and the fuel rail, see if it's maintaining good fuel pressure at idle going up to the point when it stalls. Do you see any strange behavior in commanded fuel leading up to the point when it stalls? You might have to start going through the service manual and doing a long list of sensor tests if it's not the fuel system for whatever reason.
×
×
  • Create New...