[Latest] Possible Infection

Mindhunter · wrote on 14 Jan 2009, 12:48

Spybot encountered something yesterday i wasnt sure where it came from but i guess it was from tsp.

Thx for the warning anyway, i hope u will not have stupid attacks like this one again.

Regards
Mind

Wolfie · wrote on 14 Jan 2009, 15:19

i didnt get infected

idk why tho lol…maybe it was google chrome, or NOD32

i mean, im a comp geek but idk why im not infected

EDIT: When thinking of it, i blocked that site it tried redirecting me to anyways lol, explains it

Bas · wrote on 14 Jan 2009, 15:52

Unfortunally, I bashed my registry till that I am not longer able to scan with Ad-Aware or Spybot without getting a crash.

But luckily, I can’t remeber that pages have poped up, PLUS, I am using NoScript (Paranoia!!) - And it saved me, I guess.

(But however, I got a “Out Of Range” crash again, but since I have this for…some weeks, I guess it is because of my Registry, HDD or RAM)

FriendlyFire · wrote on 14 Jan 2009, 16:17

NoScript saved you. The whole thing was an iframe which had an incomplete address. On page execution, a small javascript would complete the script if a counter was set to a certain value. That means not everyone who visited the page have been infected and anyone with disabled Javascript would not have been infected.

Trent · wrote on 17 Jan 2009, 12:19

Did it ask you to download & execute a file or did it use some browser flaw to do a drive by attack that didn’t require user interactions?

Worfeh · wrote on 17 Jan 2009, 12:46

It was a flash thing, so allmost anyone with the flash plugins enabled could be infected.

cheeseontoast · wrote on 17 Jan 2009, 13:24

im not infected lol

Tunicle · wrote on 17 Jan 2009, 13:52

It may be worth listing which programs detect the infection.

From above so far I guess Spybot does.

English version of above rootkit revealer
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Worfeh · wrote on 17 Jan 2009, 13:53

Avast and Avira do to.

Chips · wrote on 17 Jan 2009, 16:53

Was it an issue to do with Joomla being out of date or an addon likewise being insufficient?

Worfeh · wrote on 17 Jan 2009, 21:33

Our version is not out of date and we run the latest patches, but still … we have an idea what caused it, we don’t know exactly witch bothers me somewhat.

M0tah · wrote on 19 Jan 2009, 08:20

Was *nix vulnerable as well, or was it Windows only?

Worfeh · wrote on 19 Jan 2009, 14:46

Windows only.

I found out what it whas after i booted up in Linux and it started to ask me stuff about installing crap.