Results 1 to 6 of 6
-
04-12-2004, 09:54 AM #1New Member
- Join Date
- Jan 2004
- Posts
- 3
My index page is infected with a trojan
For some reason, I just started noticing that everytime I go to my homepage, McAfee pops up saying a trojan was detected in my temporary internet files. The filename it gives is a random combination of letters and numbers with no file extension. This doesn't happen on any of my pages except for my homepage.
Can someone else please confirm this? I can't seem to figure out what the problem is and I don't even know if it is just me or not.
This happens with the latest version of VirusScan with Windows XP and IE6. This does not happen when I use the Mozilla browser ... only in IE.
Please help me figure out what's wrong here. Thanks guys.
My website URL is www.daniweb.com
I would like confirmation from someone else using McAfee and from someone else using Norton Antivirus, please?
-
04-12-2004, 10:06 AM #2Web Hosting Evangelist
- Join Date
- Jul 2002
- Posts
- 500
I think it may be this bit of code right here:
Code:<script type="text/javascript"> <!-- function log_out() { ht = document.getElementsByTagName("html"); ht[0].style.filter = "progid:DXImageTransform.Microsoft.BasicImage(grayscale=1)"; if (confirm('Are you sure you want to log out?')) { return true; } else { ht[0].style.filter = ""; return false; } } //--> </script>
Code:progid:DXImageTransform.Microsoft.BasicImage(grayscale=1)
-
04-12-2004, 10:11 AM #3Web Hosting Evangelist
- Join Date
- Jul 2002
- Posts
- 500
Either that, or it may be the URL that one of your members posted that is showing up on your homepage:
(DON'T CLICK)
http:// %68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@ %77%7 t7%77%2e%65%2d%66%69%6e%64%65%72%2e%63%63/%68%70/
McAfee might be recognizinghe decoded URL:
(DON't CLICK)
http:// homepage.com@www.e-finder.cc/hp/
It probably sees that URL as spywere or a virus, and that might be your problem.
Hope this helps .
-
04-12-2004, 10:13 AM #4New Member
- Join Date
- Jan 2004
- Posts
- 3
Hey there! Thanks so much for the feedback. I don't think it's the JavaScript because that is vBulletin's default logout script that has been on the site for ages. Since I do run security/trojan forums, it might very well be that http:// code. That would explain why it suddenly started happening without me changing anything. I'm going to go edit the person's post and see if that fixes the problem! Thanks so much :-D
-
04-12-2004, 10:16 AM #5New Member
- Join Date
- Jan 2004
- Posts
- 3
You were right ... that URL that a member posted was the problem The darn member was saying "look this URL infected my machine" and meanwhile by posting that, they were infecting us! I edited the URL and all is clean now. Thanks again.
-
04-12-2004, 10:59 AM #6Web Hosting Evangelist
- Join Date
- Jul 2002
- Posts
- 500
Not a problem .