# Trojan on the forum?



## Tzaw1 (Jan 12, 2010)

It seems that the forum is infected.


----------



## seesul (Jan 12, 2010)

Strange, I use the same antivirus program (Avira) and there´s no warning on my PC.


----------



## GrauGeist (Jan 12, 2010)

Not the forum, but one of the random advertisements...which can be found on just about all websites nowdays.

If you recieved the message in your alerts, then your AV program protected you.

This sort of thing has been happening more frequently across the internet.

I have my security set to not allow any ActiveX or applets to run without my permission, so it's not a concern to me, but it serves as a reminder for folks to keep a close eye on thier computer's security.


----------



## seesul (Jan 12, 2010)

GrauGeist said:


> I have my security set to not allow any ActiveX or applets to run without my permission, so it's not a concern to me, but it serves as a reminder for folks to keep a close eye on thier computer's security.



Me too and that´s probably the reason I got no warning.


----------



## Colin1 (Jan 12, 2010)

I got this

_File name: blogcasino.org/lib/index.php

Threat name: Exploit Javascript Obfuscation (type 714)_

So it's not a big problem then?


----------



## lesofprimus (Jan 12, 2010)

It just popped up for me as well this morning, first time Ive ever seen it...


----------



## Wurger (Jan 12, 2010)

The Avira Antiivir likes "to exaggerate".Also it depends on the program settings. However we should let know Horse about it I think.


----------



## wheelsup_cavu (Jan 12, 2010)

I am getting the same warning as Colin.
I am using Kaspersky.


Wheels


----------



## rochie (Jan 12, 2010)

i just got the same warning as Colin i've got AVG anti virus


----------



## Colin1 (Jan 12, 2010)

rochie said:


> i just got the same warning as Colin i've got AVG anti virus


Yep
running AVG9 here too


----------



## FLYBOYJ (Jan 12, 2010)

I just saw it too


----------



## wheelsup_cavu (Jan 12, 2010)

I forgot to mention that I am running Internet Explorer 8.
Is it happening with Firefox and other browsers too ?
I am shutting down for a while.
I'll check back later.

Good luck, I hope it isn't too hard to get it straightened out. 


Wheels


----------



## Wurger (Jan 12, 2010)

To be honest I had a problem with accessing the site twice today in the morning.The IE6 worned me the site tries to access some datas.It caused my IE failure twice. I have deleted all cookies and then all was fine with logging in.


----------



## Vincenzo (Jan 12, 2010)

My antivirus guard (Avira antivir personal) find in all the page of forum this HTML/Infected.WebPage.Gen classified as Trojan

p.s. sorry for posted i nwrong section

p.s. 2 i'm using firefox


----------



## Gnomey (Jan 12, 2010)

I get nothing in Firefox but then I have ad-blockers running plus no scripts can run on the page without me telling them to. Therefore nothing runs. Opened the forum in IE (lacking the above) and it picked it up. Seems to be related to one of the adverts on the forum which should be looked at/removed. Links from AVG9: xvrlomwk.cn/2010/ or blogcasino.org/lib/index.php

Javascript related so avoid clicking any adverts on the forum and change setting to prevent unwanted things running (or use certain extensions in Firefox (I use adblock plus and no script). If not there should be an option in your anti virus or firewall software. Should not affect your computer just by visiting the forum.


----------



## evangilder (Jan 12, 2010)

It happens now and again with ads. Unfortunately, it takes a bit for the ad companies to find the ads and shut them off. The forum appears to be okay.


----------



## Wurger (Jan 12, 2010)

I went through a few sites oabout the trojan. In most of them I have found out that the Avira was the only program which issued the caution mostly. Interesting.


----------



## Njaco (Jan 12, 2010)

Had the same problem when I tried to get on. I'm running avast - this is what I got...


----------



## Airframes (Jan 12, 2010)

I got the same as Colin and rochi as I opened the forum just now, picked up and blocked by AVG anti - virus. Jan (Lucky) got something too, and he'll no doubt report it here.


----------



## Wurger (Jan 12, 2010)

THX Terry for the report.


----------



## Lucky13 (Jan 12, 2010)

Same here guys! My Norton blocked something I think was named Bloodhound and another trojan whatsit, can't remember the name now...
Norton blocked and took care of twice and did so fast and effectively(?)....
Same here as well, never had this happen before.


----------



## Wurger (Jan 12, 2010)

Yep....


----------



## ccheese (Jan 12, 2010)

I have not seen anthing like this on two different computers, one running Norton the other McAfee....

Charles


----------



## al49 (Jan 12, 2010)

Hi,
I got a warning message as well.
It says the risk is linked to two websites that are in some ways connected to Aircraft of World War II
These sites are:
centiyo.com and blogcasino.com
I forced my warning twice to enter, I hope nothing bad will happen to my computer!
Alberto


----------



## DerAdlerIstGelandet (Jan 12, 2010)

I use Firefox and McAfee, and have 0 problems with this. I do have it set to no active x allowed, that might be the problem.

By the way I recommend any one that is using IE, to switch to Firefox. It is faster, better and has less of a security problem than IE does.


----------



## Trebor (Jan 12, 2010)

I use avira, too and I'm getting the same thing


----------



## Marcel (Jan 12, 2010)

I use Linux, no problems with the trojans whatsoever. Don't even have to run an anti-virus 8)


----------



## Colin1 (Jan 12, 2010)

Marcel said:


> I use Linux, no problems with the trojans whatsoever. Don't even have to run an anti-virus 8)


stoppen leedvermaak!


----------



## Crimea_River (Jan 12, 2010)

McAfee caught it on my machine when I logged in just now. Mods, please check into this. I'm shutting down too for a bit.


----------



## Marcel (Jan 12, 2010)

Colin1 said:


> stoppen leedvermaak!



No "leedvermaak", you can do it, too. Just shake off the fear for the big power of Microsoft, download a nice, free Linux distro en install it yourself


----------



## al49 (Jan 12, 2010)

OK, a bi more from myself.
I use Google Chrome. The feedback I got on possible trojans is teh following:

centiyo.com
Three pages tested during last 90 days, 0 pages originate download and 'installation of unwanted dangerous software. Last time Google visited this was onl 2010-01-11, while last time a malware has been found was on this site was onl 2010-01-11.
Malicious software includes 213 trojan(s), 62 scripting exploit(s), 20 exploit(s).
This site was hosted on 2 network(s) including AS39150 (VLTELECOM), AS49093 (BIGNESS)

blogcasino.org
Three pages tested during last 90 days, 0 pages originate download and 'installation of unwanted dangerous software. Last time Google visited this was onl 2010-01-11, while last time a malware has been found was on this site was onl 2010-01-11.
Malicious software includes 82 trojan(s), 16 exploit(s).
This site was hosted on 1 network(s) including AS49091 (INTERFORUM)
Please note that underlined text is my translation of Italian text.
BR
Alberto


----------



## Lucky13 (Jan 12, 2010)

Good work Alberto!


----------



## seesul (Jan 12, 2010)

Didn´t get anything in the morning but getting the same warning now.
Using Firefox and Avira antivir...


----------



## DerAdlerIstGelandet (Jan 12, 2010)

I still have not received anything, but I also do not have ads running on my browser.


----------



## gumbyk (Jan 12, 2010)

The ads run on mine, but I haven't received any notification of any trojans.

It might be in an ad that is targeted to N America, not one that I get down here.


----------



## Marcel (Jan 12, 2010)

For testing, I just fired up Vista with AVG. Didn't get any message about trojans from AVG.


----------



## ccheese (Jan 12, 2010)

I've been on and off, all day long with two different computers running two different A/V programs. Nothing yet, but
like Chris, I don't have any ads running on my browser.

Charles


----------



## seesul (Jan 12, 2010)

Here some details from Avira:

Virus: HTML/Infected.WebPage.Gen 
Date discovered: 14/08/2007 
Type: Trojan 
In the wild: Yes 
Reported Infections: Low 
Distribution Potential: Low 
Damage Potential: Low 
Static file: No 
Engine version: 7.04.01.62 

Special detection HTML/Infected.WebPage.Gen 

*Description:
A common attack against the web infrastructure can be the infection of harmless web pages. Some malware changes every HTML file stored on the disc and adds a link (very often an IFrame) to a site hosting malicious code. Other attacks can aim for the web servers and try to insert forwarding to the pages hosted there. The owner of these pages is advised to take them offline. Fix the hole (either on his own PC or on the server), check the pages for infections, clean them and go online again. Infected Web Pages often contain additional Iframe, Object or Script Tags. The Script Tags often contain encrypted Code. *

Version history:
The following engine updates were released in order to enhance detection:

• 7.04.01.62 ( 14/08/2007 )
• 7.06.00.40 ( 07/12/2007 )
• 7.06.00.84 ( 10/04/2008 )
• 7.08.00.58 ( 19/06/2008 )
• 7.08.00.64 ( 02/07/2008 )
• 7.09.00.26 ( 05/11/2008 )
• 7.09.00.30 ( 11/11/2008 )
• 7.09.00.41 ( 04/12/2008 )
• 7.09.00.60 ( 22/01/2009 )
• 7.09.00.70 ( 30/01/2009 )
• 7.09.00.74 ( 04/02/2009 )
• 7.09.00.76 ( 06/02/2009 )
• 7.09.00.93 ( 26/02/2009 )
• 7.09.00.114 ( 12/03/2009 )
• 7.09.00.120 ( 18/03/2009 )
• 7.09.00.129 ( 26/03/2009 )
• 7.09.00.138 ( 03/04/2009 )
• 7.09.00.155 ( 23/04/2009 )
• 7.09.00.166 ( 08/05/2009 )
• 7.09.00.168 ( 18/05/2009 )
• 7.09.00.180 ( 27/05/2009 )
• 7.09.00.187 ( 09/06/2009 )
• 7.09.00.191 ( 17/06/2009 )

See a brief description here.


Description inserted by Andrei Gherman on Thu, 16 Aug 2007 08:56 (GMT+1)
Description updated by Andrei Ivanes on Mon, 29 Jun 2009 09:26 (GMT+1)


----------



## seesul (Jan 12, 2010)

OMG, every single click on this web means a warning...


----------



## DerAdlerIstGelandet (Jan 12, 2010)

We are going to have to contact Horse about this. 

I honestly have no clue, but like I said I am not receiving any warnings.


----------



## Wurger (Jan 12, 2010)

My AVG hasn't issued any caution about this so far. However I've got a few messages from my IE6 saying that the site allows to access some elements by other sites and if I want to continue.If I answer "No" for that the IE6 error is generated and IE6 is closed.


----------



## gumbyk (Jan 12, 2010)

I just got one saying that this website (ww2aircraft.net) has been reported to microsoft as a potential unsafe website.

my antivirus hasn't picked anything up yet (NOD32)


----------



## al49 (Jan 12, 2010)

Latest:
my Norton 360 just detected and blocked this trojan: ByteVerify.
It has been identified as HIGHLY RISKY
This happened when I forced the warning from Google Chrome to enter the web.
Alberto


----------



## B-17engineer (Jan 12, 2010)

Firefox shows nothing...


----------



## seesul (Jan 12, 2010)

B-17engineer said:


> Firefox shows nothing...



It doesn´t depend on browser. Depends on the antivir instaled.
I got Firefox but getting this message. As I said my antivir is Avira.


----------



## B-17engineer (Jan 12, 2010)

I have Mcafee and it shows nothing. But, that not antivir 

I have Spyware I think...


----------



## Wurger (Jan 12, 2010)

Mcafee is the antivir and spyware in one.


----------



## DerAdlerIstGelandet (Jan 12, 2010)

I too use McAfee and I have not had a single warning yet.

Do you all see advertisements on your pages? I do not have advertisements, that might be why...


----------



## seesul (Jan 12, 2010)

Yes, I can see ads. Wish I knew how to block it in the Firefox setting


----------



## Wurger (Jan 12, 2010)

Check there Roman...

https://addons.mozilla.org/en-US/firefox/addon/1865


----------



## seesul (Jan 12, 2010)

Thank you Wojtek,

just found this adsblock, instaled it, there are no ads anymore on this forum but still getting the warning about the virus.


----------



## Wurger (Jan 12, 2010)

The adsblock just bloks the ads displaying only.But these are still active here and your net browser tries to conect with them.


----------



## seesul (Jan 12, 2010)

So is there any solution?


----------



## Wurger (Jan 12, 2010)

Deleting these ads.


----------



## seesul (Jan 12, 2010)

How? Sorry Wojtek, I´m getting older8)


----------



## Gnomey (Jan 12, 2010)

Yep it is an advert problem, so the forum is not infected. Just don't click any of the ads. 

As for clearing the ads and warning Roman, try clearing your cache + cookies. That should clear and temporary files on the forum and should remove the message.

Just to reiterate. The FORUM IS NOT INFECTED. IT IS ONE OF THE ADVERTS. Therefore don't click any of the ads for now until either the admins remove the ads or the ad provided changes them.


----------



## Wurger (Jan 12, 2010)

seesul said:


> How? Sorry Wojtek, I´m getting older8)



Neither Mods nor you can do that. Just follow Gnomey's advice. Also you can set with your net browser options of deleting all cookies when you clossing the Firefox.


----------



## seesul (Jan 12, 2010)

Oh, I see. Just cleared up everything and still the same problem.
O.K. At least I got this website with sound


----------



## Wurger (Jan 12, 2010)

So it means that your antivir works correctly.


----------



## r2800doublewasp (Jan 12, 2010)

So far Ive got nothing. I have the AVG "free edition" and I use Firefox as well.


----------



## seesul (Jan 12, 2010)

Wurger said:


> So it means that your antivir works correctly.


Yep, too much correctly. I like another kind of music


----------



## Wurger (Jan 12, 2010)

Jaka to je hudba.Mas se to rad?


----------



## seesul (Jan 12, 2010)

Wurger said:


> Jaka to je hudba.Mas se to rad?


Rock


----------



## Wurger (Jan 12, 2010)




----------



## seesul (Jan 12, 2010)

Oh, You meant when there was a warning- no music, that was a joke, just a peep.


----------



## seesul (Jan 12, 2010)

Firefox offers also anonymous viewing without tracing the history.
When I switch to the anonymous viewing, no warnings!


----------



## Wurger (Jan 12, 2010)

So it's fine. I'm heading bed. 

Dobrounoc !!!


----------



## seesul (Jan 12, 2010)

Good idea! Me too!


----------



## Airframes (Jan 12, 2010)

Just letting you know I got the threat warning again when I went to log-on at 00:21 hrs, UK time. Same threat, blogcasino.


----------



## javlin (Jan 12, 2010)

This morning it happened 2x times and this evening it occurred were Windows Live Care is picking up a Trojan when I hit the site.Anybody else seen this?This is the first I have seen of it ever.


----------



## Crimea_River (Jan 12, 2010)

Yup. McAfee warning still for me.


----------



## Crimea_River (Jan 12, 2010)

Yeah, many are getting it Kevin. There's a separate thread going:

http://www.ww2aircraft.net/forum/errors-problems/trojan-forum-22679.html


----------



## B-17engineer (Jan 12, 2010)

I just got the warning... blast!


----------



## GrauGeist (Jan 12, 2010)

It looks like the ads are turned off...what warning did you get?

Also, as a side-note, dump your internet cache if you're still getting warnings.


----------



## javlin (Jan 12, 2010)

Thks Andy so just stay away from the ads?


----------



## B-17engineer (Jan 12, 2010)

It says this site can cause damage to your PC.


----------



## GrauGeist (Jan 12, 2010)

With the bad ads removed, there's nothing here that can mess ya' up. Best thing to do, is close your browser, clear your internet cache (to remove any instances of the ads from your earlier visits) and then come back to the forums.

There is a chance that a reboot after clearing the cache will give better results.


----------



## Lucky13 (Jan 12, 2010)

One that keep showing up as soon as I get to this forum is a warning about _Bloodhound.exploit.193_. My Norton 360 has detected it and removed it twice now. Don't know what that is, but something is weird....


----------



## evangilder (Jan 12, 2010)

For now, yes. It appears to be one of those rogue ads out of China.


----------



## blobs (Jan 13, 2010)

Just to keep you up to date I have received a warning 6AM UK time.
New instillation of AVG. Warning.
URL Blogcasino.org/lib/index.php

Name Javascript Obfuscation (Type 714)


----------



## Vic Balshaw (Jan 13, 2010)

I've been getting Java block the forum site over the last couple of day when calling up the site from my favorites, have to override this and then I go back in through my web browser and all is ok


----------



## Shinpachi (Jan 13, 2010)

I received "Virus_Alart_Bloodhound_Exploit_193" from Norton yesterday too.


----------



## Wurger (Jan 13, 2010)

If someone wants to find out whether the trojan infected his computer he has to check the OS registry.

Start-> Run -> type "regedit". When the register editor is opened choose Find option or F3 and type

HKEY_LOCAL_MACHINE\Software\HTML/Infected.WebPage.Gen

And then Enter. If it is found that means your computer is infected by the trojan.


----------



## B-17engineer (Jan 13, 2010)

But 2 days ago it wasn't, now all the sudden it is, great


----------



## Wurger (Jan 13, 2010)

Sooner or later it has had to happen.


----------



## horseUSA (Jan 13, 2010)

I have removed the malware. It was any issue with some old forum sw which had not been updated. I cleared all know files from the system. The issue should be resolved.


----------



## Lucky13 (Jan 13, 2010)

Party on! Cheers David!


----------



## Wurger (Jan 13, 2010)

Thank you for your work here David.. Well done.


----------



## parsifal (Jan 13, 2010)

I tried to log on about 3 hours ago, twice and was stopped by my Avast freeware scanner that a nasty little trojan had been called HTML:Iframe-inf had been detected on this site

The Avast forum page gave this description of the bug.....

_In 2008, several high-profile websites were targeted, including USA Today, ABC News, Target and Wal-Mart and simply visiting one of these infected websites could have resulted in the user's computer being infected. More recently, a number of websites have been detected by avast! as being infected by a malicious script called "HTML:Iframe-inf". Among the websites affected are a number of Government sites in the US, including the United States Forest Service, the US International Trade Commission and the websites of several embassies around the world. Many popular travel and recreational websites have also been compromised_. 

Beware of the threat from hacked websites

You guys that have anti-virus systems running that did not detect anything could possibly have infected systems. Malware is often programmed to kill off and disable system protection systems, and to prevent further updates so as to create a safe working environment fr the malware. The system will appear to have working anti-virus software, but in fact is completely unprotected.


The malware detected by Avast is a keylogger, looking for passwords, bank account details and the like.....it might be worthwhile checking your systems again in my opinion


----------



## horseUSA (Jan 13, 2010)

I agree. Thanks parsifal
check this post to check your system:
Malware issue on server - Fixed but scan your systems - Aircraft of World War II - Warbird Forums


----------



## Lucky13 (Jan 13, 2010)

Btw. What is that 'tweets' to the left of the screen?


----------



## Erich (Jan 13, 2010)

don't touch it Jan ! think Horse got rid of our big condom now


----------



## Lucky13 (Jan 13, 2010)

Right, tahnk you very much Erich for warning me, appreciated!


----------



## Njaco (Jan 13, 2010)

Horse started a page on Twitter to update evryone...kinda like our lonley facebook page.


----------



## seesul (Jan 13, 2010)

No warnings anymore, thanks!


----------



## Lucky13 (Jan 13, 2010)

Do I have remove cookies etc., to get rid of that 'tweets' to the left of the screen? It only shows up here on the forum....


----------



## Wurger (Jan 13, 2010)

I see the same. Deleting cookies won't help with its removing.Simply ignore it.


----------



## seesul (Jan 13, 2010)

Wojtek. I just applied ads block on it as you told me yesterday and it disappeared.


----------



## Gnomey (Jan 13, 2010)

Ad block or No Script addins for Firefox can make it disappear.

Thanks for fixing everything Horse.


----------



## Wurger (Jan 13, 2010)

seesul said:


> Wojtek. I just applied ads block on it as you told me yesterday and it disappeared.




Thank you Roman.Glad I helped.  But I don't use the Firefox net browser.


----------



## seesul (Jan 13, 2010)

Wurger said:


> Thank you Roman.Glad I helped.  But I don't use the Firefox net browser.



So one reason more why to switch to Firefox now...
I´m very happy with Firefox since I started to use it 3 years ago. With IE perhaps it took a lot of time to open every new page especialy on this forum. Firefox in this case was and is a way faster than IE.


----------



## Wurger (Jan 13, 2010)

To be honest I don't think so.The Firefox is faster when insatlled on a fast computer only. So it means that the computer is faster but not the Firefox.Many guys who switched to the browser and still using older machines , complain that the browser doesn't work faster than their old IE. I'm still using IE6 with a few updatings and I haven't had any problems with fast opening every page here on the forum so far.


----------



## seesul (Jan 13, 2010)

Wurger said:


> To be honest I don't think so.The Firefox is faster when insatlled on a fast computer only. So it means that the computer is faster but not the Firefox.Many guys who switched to the browser and still using older machines , complain that the browser doesn't work faster than their old IE. I'm still using IE6 with a few updatings and I haven't had any problems with fast opening every page here on the forum so far.



Hard to say. My PC is 5 years old actually and with its 512 MB RAM at the end of its limit sometime, and pretty slow also. Will have to update it a bit.
But Firefox works always faster than IE on my PC.


----------



## Wurger (Jan 13, 2010)

But you use Windows XP don't you?


----------



## seesul (Jan 13, 2010)

Wurger said:


> But you use Windows XP don't you?


Yes I do. What about you Wojtek, Linux?


----------



## Wurger (Jan 13, 2010)

Nop...DOS.  A joke of course. 

Win98SE


----------



## seesul (Jan 13, 2010)

And...it doesn´t load the PC as much as XP? Is it faster?


----------



## Wurger (Jan 13, 2010)

But what does it mean faster? How much of time does the Firefox need to open a site?


----------



## seesul (Jan 13, 2010)

1 sec more or less... but I´m asking you because you asked me if am I using XP.
So by another words- do you think Firefox cooperates better with XP than Win98?


----------



## Wurger (Jan 13, 2010)

1 sec...more or less..and the same my IE6 with my OS.
Undoubtedly Firefox cooperates better with WinXP than with Win98SE.Its code was created just for the OS basicly. 
But you can believe me..there is more factors that can determinate a browser "speed" of work.For instance the transfer of the net connection or simply RAM capacity. 

I fixed my neighbour's computer today.It was so slow that both IE and Firefox worked like they couldn't at all.All windows were opened with the time you could make a glass of caffee and get back on time to see the window opening.The HDD worked like a tractor. The main problem was the lack of RAM. There is WinXP Pro with the Service Pack 3 installed. But the RAM was of 256MB what is not enough for the OS. To remind, WinXP Home Edition needs 256MB of RAM, WinXP Pro without any service pack can work with the RAM but needs a little more.The WinXP Pro with any SP needs 512MB or more. So the correct work of the OS there wasn't possible. I have added one RAM stick of 512MB and now there is about 1GB.And now the Windows can work as it should have been.But it is not faster than my one at all.


----------



## seesul (Jan 13, 2010)

For sure. I gotta buy a new RAM card as well.
A friend of mine told me I need an OS reinstallation and after that nothing happened. At least I got the newest XP edition- Nov 2009... (Ultimate 2009)
My RAM is a problem and I gotta solve it asap! 512 MB are definately not enough now...


----------



## Wurger (Jan 13, 2010)

Yep..you are right , the 512MB of RAM is not enough nowadays. Look at laptops for instance,. The 2GB is the basic RAM for them.

BTW Not always the WinXP needs to be reinstalled. There is a nice program named TuneUp for fixing, cleaning and making the XP OS faster.


Tomorrow I'm going to extend my RAM with the next 512MB module.


----------

