Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 01-20-2010, 05:53 PM
jene jene is offline
 
Join Date: Oct 2007
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default JS/TrojanDownloader.Agent.NRN trojan ?

HI
ANTIVIRUS SHOWS TO MY USERS THIS WHEN THEY ENTER TO MY FORUM

JS/TrojanDownloader.Agent.NRN trojan
WAHT I NEED TO DO PLZ ?

TNX !!
Reply With Quote
  #2  
Old 01-20-2010, 05:59 PM
Blind Dragon Blind Dragon is offline
 
Join Date: Aug 2009
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Whats your site - I'll look through it for you if you like to find the malicious code

I run a free support site that specializes in malware
Reply With Quote
  #3  
Old 01-21-2010, 08:26 PM
Blind Dragon Blind Dragon is offline
 
Join Date: Aug 2009
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Your site is infected with a javascript redirect virus

Note: I replaced your address with yoursite.net to protect users who may not know what they are doing!

Basically all you need to do is delete the contents of the following folder and re-upload the original files in the following folder:

* yoursite.net/vb/clientscript

List of infected files:

Quote:
1/21/2010 5:05:22 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/vbulletin_md5.js?v=384" file.

1/21/2010 5:05:22 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/vbulletin_read_marker.js?v=384" file.

1/21/2010 5:05:22 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/vbulletin_menu.js?v=384" file.

1/21/2010 5:12:33 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/yui/connection/connection-min.js?v=384" file.

1/21/2010 5:12:34 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/vbulletin_global.js?v=384" file.

1/21/2010 5:12:35 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=384" file.

1/21/2010 5:12:40 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/yui/connection/connection-min.js?v=384" file.

1/21/2010 5:13:13 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/vbulletin_global.js?v=384" file.

1/21/2010 5:13:24 PM Sign of "JS:Illredir-D [Trj]" has been found in "http://www.yoursite.net/vb/clientscript/vbulletin_menu.js?v=384" file.
This wont fix any security holes the site may have but it should remove the infected files.

After you have done this let me know and I'll check it again. I can't dig into the source until you have replaced these files.
Reply With Quote
  #4  
Old 01-22-2010, 01:37 PM
jene jene is offline
 
Join Date: Oct 2007
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

done ..

tnx !!!
Reply With Quote
  #5  
Old 01-24-2010, 05:11 PM
jene jene is offline
 
Join Date: Oct 2007
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

help somebody plz
i steel have the virus
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:53 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10935 seconds
  • Memory Usage 2,190KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete