electrogear electrogear
  • Malawi Adviser
  • Malawi Adviser
  • Joined: 15/10/2008 1:25
  • From North Yorkshire
  • Group: Registered Users Basic Membership Advisers Caresheets
  • Posts: 1267
  • Posted on: 6/12/2008 19:27
TROJAN HORSE embedded on FK server?!?!? #1
As of today I get the following message from my antivirus when trying to access any page on http://www.fishkeeping.co.uk

Resized Image

If I click 'abort' it cancels the connection with the file that tries to force its way in. This is one of those 'thank god I had an AV' moments..

Could somebody have gained access to your server to have planted a virus? The name of said file is JS:packed-Y

Could it be anything to do with the spam private message I received earlier from ocean-wonders? Could that file have been a spamming aid which has sent the same message to every forum member?

Hope it gets fixed soon!

Thanks
electrogear electrogear
  • Malawi Adviser
  • Malawi Adviser
  • Joined: 15/10/2008 1:25
  • From North Yorkshire
  • Group: Registered Users Basic Membership Advisers Caresheets
  • Posts: 1267
  • Posted on: 6/12/2008 19:36
Re: TROJAN HORSE embedded on FK server?!?!? #2
Ummm, weird, it's gone now...
electrogear electrogear
  • Malawi Adviser
  • Malawi Adviser
  • Joined: 15/10/2008 1:25
  • From North Yorkshire
  • Group: Registered Users Basic Membership Advisers Caresheets
  • Posts: 1267
  • Posted on: 6/12/2008 19:40
Re: TROJAN HORSE embedded on FK server?!?!? #3
Actually, I still get the virus if I type in www.fishkeeping.co.uk/uploads, although I didn't have to do that earlier - clicking on any topic would give me the same alert...
electrogear electrogear
  • Malawi Adviser
  • Malawi Adviser
  • Joined: 15/10/2008 1:25
  • From North Yorkshire
  • Group: Registered Users Basic Membership Advisers Caresheets
  • Posts: 1267
  • Posted on: 6/12/2008 19:43
Re: TROJAN HORSE embedded on FK server?!?!? #4
....... aaaaaand now I'm getting it on every page again! LOL
Fishadmin Fishadmin
  • Webmaster
  • Webmaster
  • Joined: 11/4/2003 9:49
  • From Spain
  • Group: Webmasters Registered Users LFS Caresheets Basic Membership Advisers
  • Posts: 3963
  • Posted on: 6/12/2008 19:57
Re: TROJAN HORSE embedded on FK server?!?!? #5
is it still doing it? There was an infected index file in /uploads/ that normally wouldn't be seen so may have gone undiscovered for a while.
electrogear electrogear
  • Malawi Adviser
  • Malawi Adviser
  • Joined: 15/10/2008 1:25
  • From North Yorkshire
  • Group: Registered Users Basic Membership Advisers Caresheets
  • Posts: 1267
  • Posted on: 6/12/2008 20:05
Re: TROJAN HORSE embedded on FK server?!?!? #6
Not getting any alerts now, so you must have removed it, fingers crossed, but how did it get there to begin with?

Thanks
Fishadmin Fishadmin
  • Webmaster
  • Webmaster
  • Joined: 11/4/2003 9:49
  • From Spain
  • Group: Webmasters Registered Users LFS Caresheets Basic Membership Advisers
  • Posts: 3963
  • Posted on: 6/12/2008 21:30
Re: TROJAN HORSE embedded on FK server?!?!? #7
dunno.. last time this happened it was on the old server as things weren't set up correctly.

Everything is ok and clean on this server so the file that was infected might just have been left behind or uploaded by me at some point by accident. That URL isn't used on it's own so possibly it's been there for while.


EDIT: Just checked again and the URL gets called when there's no avatar image. Might be that as it's trying to get an image and the file isn't one that browser doesn't open it but the antivirus still pops up.