Author
Topic: Is there a virus on this website?  (Read 16321 times)
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #15 on: January 05, 2008, 12:42:41 am »

OK, I got it to happen once in Internet Explorer, but it has never happened in Firefox. I also cannot seem to reproduce it in Internet Explorer, which is annoying.
As far as I can tell, none of the source files for the website have been modified, but I haven't been able to properly examine this thing in action yet.

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #16 on: January 05, 2008, 02:57:22 am »

OK, I see the stupid thing, but I can't figure out where it's coming from. It's got to be in the source code somewhere, but everything I've looked at seems fine.

What pages are generating this problem? Is it only when you're viewing a topic? Does it happen when viewing a forum, or the main page? PMs?

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
coinsplus
  • Moderator
  • *****
  • Posts: 763
  • Yabba Dabba D'OH$$$
    • More about me.
« Reply #17 on: January 05, 2008, 04:16:54 am »

Hi Brent,

It's EVERYWHERE!!!  It's on the mainpage of cdnpapermoney.com, the forum links to each section, when you post a reply, click the home page, click the help button, and so on....  Not sure if it's affecting PM.   

  Smile from your heart.  ;D
hanmer
  • Full Member
  • ***
  • Posts: 188
« Reply #18 on: January 05, 2008, 09:44:54 am »

Hard to recreate the error. I got it twice in a row doing some testing. Both times it happened when I clicked the General bread crumb shortcut at the top of the page. It happened while I was logged in and not logged in on the same link both times. Not sure it's in the code, or a MIME setting in the webservers settings. MIME is a communication that occurs between a web server and browser (IE mostly). This is where the webserver tells the browser what software is required to "see" pages or open specific file types embedded in pages (mpg, avi, pdf). If this is a hosted site, then it is possible that something changed for another site on the server, but the settings were applied across all sites instead of just the site that requires that Active X object.
It is unlikely a virus, but since there are no active x objects on this site, anti-virus software is flagging it as a threat. My next step is to actually install it to see what happens.

:)


:)
hanmer
  • Full Member
  • ***
  • Posts: 188
« Reply #19 on: January 05, 2008, 12:29:20 pm »

I installed the active x object as requested. I've not seen any issuses with the computers (running this on 2 seperate laptops).
I also have not seen any foreign connections appear when I'm using the internet. After the install of active x object, I  updated and ran the following software and all indicated no threats found.

Symantec anti-virus v 10 Enterprise Edition
Spybot Searce and Destroy
Ad Aware Personal

It's either been fixed, or the active x object was not harmful (in my opinion).

:)

:)
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #20 on: January 05, 2008, 12:54:25 pm »

Please note: I DO NOT recommend installing this activex control.

From what I have seen, there is definitely malware being returned on random page requests for this website. I do not know where it's coming from, despite spending hours poring over source code.

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
eldiablo666
  • Guest
« Reply #21 on: January 06, 2008, 09:18:42 am »

Hello,

I just became a member and there seems to be problems where ever I go on the site. I had a virus detected (trojan) when trying to become a member but my software took care of it, but when I tried to get into the recent posts my computer hung.   I rebooted and went back in and found this post and again got the virus detected and systems hung. I went back and finally got to post this.  Is this something to do with this specific site right now since I did access the site about 1 week ago as a guest and no problems . I am a little concerned that it is popping up so frequently and causing my computer to hang.
Any info appreciated.
Is is best to stay away from the site until this gets resolved.

ELDIABLO666
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #22 on: January 06, 2008, 10:45:07 am »

Use Firefox and you should not have this problem: www.getfirefox.com.

I am investigating, but this is going to take some time. Please be patient.

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #23 on: January 07, 2008, 10:52:38 am »

How about now? Is anyone getting that damned thing now?

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
CMNWEALTH
  • Junior Member
  • **
  • Posts: 33
  • One Chromosome between Insane and Genious !
« Reply #24 on: January 07, 2008, 11:07:19 am »

I noticed it for the first time yesterday (Internet Explorer)- Active X controls were trying to load when I clicked a page yesterday so I ran for the Hills. Today seems alright - fullscan on my computer and she's healthy as a horse !!!  ;D
comox
  • Junior Member
  • **
  • Posts: 37
« Reply #25 on: January 07, 2008, 11:16:10 am »

Everything seems to be fine in this end of the world. 8)

Gordo
coinsplus
  • Moderator
  • *****
  • Posts: 763
  • Yabba Dabba D'OH$$$
    • More about me.
« Reply #26 on: January 07, 2008, 01:35:35 pm »

Hi Brent,

It seems that the website address, still has that weird PHPSESSID.

http://www.cdnpapermoney.com/forum/index.php?PHPSESSID=19e35906acd129334213a4c0807399f5&topic=6703.msg33425#new

It's a hit or miss on this... it seems that it randomly does this everytime you go into the link or refresh the screen... 

Normally, it should be:

http://www.cdnpapermoney.com/forum/index.php?topic=6703.0 or this:

http://www.cdnpapermoney.com/forum/index.php?topic=6703.msg33426#msg33426

Not sure if this can be corrected.

« Last Edit: January 07, 2008, 01:37:27 pm by coinsplus »

  Smile from your heart.  ;D
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #27 on: January 07, 2008, 01:41:19 pm »

Disregard the PHPSESSID thing. That's just tracking your session so the server knows it's still you making each request. I would expect that if you enable cookies or something, you should be able to avoid that. If not, no big deal.

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
Gary_T
  • Very Senior Member
  • *****
  • Posts: 1,081
  • CPMS radar member 1551
« Reply #28 on: January 07, 2008, 02:02:37 pm »

Quote
I noticed it for the first time yesterday (Internet Explorer)- Active X controls were trying to load when I clicked a page yesterday so I ran for the Hills. Today seems alright - fullscan on my computer and she's healthy as a horse !!! 

 My computer was as healthy as a horse too but a trojan horse! My computer was running rough yesturday I did a virus scan and there was a virus called SHeur.AIGJ in there but I'm not sure were I got it from.

 
Quote
I noticed it for the first time yesterday (Internet Explorer)- Active X controls were trying to load when I clicked a page yesterday

Yesterday was the same for me and after 11:30 or so I couldn't open the forum at all.Seems fine now.

I will be installing firefox very soon.

Gary_T
only4teeth
  • Forum Moderators
  • *
  • Posts: 496
  • CPMS Member 1489
« Reply #29 on: January 07, 2008, 03:00:09 pm »

Working good on my end Brent.

Thanks!
« Last Edit: January 07, 2008, 05:43:59 pm by only4teeth »
 

Login with username, password and session length