[Archived] Virus?

[mattjansen]

Have you sent out a mail with the following text?

Thomas,

Security update for all forum users:

LINK REMOVED FOR SAFETY REASONS

[Ste B]

No, some russian @#/? did though.

Delete the mail.

[mattjansen]

-->

QUOTE(Ste B @ Jan 30 2007, 19:58 ) 485447[/snapback]

No, some russian ###### did though.

Delete the mail.

Ok, looked a bit suspicious.

[Wolverine]

-->

QUOTE(Ste B @ Jan 30 2007, 18:58 ) 485447[/snapback]

some russian ######

Have they buggered the filters too?!

[Jim J]

At least the quote filters are still working

[Ste B]

FYI

There was a security flaw (since corrected) where a user could put a dodgy image in the avatar. If this members account was then viewed by an admin, then that person could take control of that admins account. I guess even refusing the user posting rights must have done this.

Fortunately I managed to catch it fairly quickly and shut down the site. I would advise anybody who accessed the site using Internet Explorer between 3pm and 4pm to run a virus checker and spyware checker. Also the user in question attempted to mass mail every member of the site, if anybody recieved this email and ran the attachment, they should also perform the same actions.

The infection is cws.loadadv - I will attempt to find more detailed removal instructions and advise later.

Remember - BRFCS will never send unsolicated emails, and you should always process with caution on any emails before clicking any links.

[Wolverine]

Apparently when you open the attatchment the virus buys out your computer, replaces all the internal workings with the most expensive in the business, and forces it to play Shevchenko in all your football management games...

Good work on catching it Ste B!

[Jordan]

-->

QUOTE(Ste B @ Jan 30 2007, 19:30 ) 485466[/snapback]

FYI

There was a security flaw (since corrected) where a user could put a dodgy image in the avatar. If this members account was then viewed by an admin, then that person could take control of that admins account. I guess even refusing the user posting rights must have done this.

Fortunately I managed to catch it fairly quickly and shut down the site. I would advise anybody who accessed the site using Internet Explorer between 3pm and 4pm to run a virus checker and spyware checker. Also the user in question attempted to mass mail every member of the site, if anybody recieved this email and ran the attachment, they should also perform the same actions.

The infection is cws.loadadv - I will attempt to find more detailed removal instructions and advise later.

Remember - BRFCS will never send unsolicated emails, and you should always process with caution on any emails before clicking any links.

Who was the user?

Was it one of those Bolton fans?

[Ste B]

Was it one of those Bolton fans?

Well, you never know what you can catch there, but its more likely to be one of Romans rent boys as it was definitely coming from the Ukraine.

I'm not blaming anybody though, or i will get in trouble.

[roversmum]

I wondered what was going on. My virus checker was picking up all sorts of wierd stuff.

Thanks for your prompt action, Ste B

[T4E]

Apparently when you open the attatchment the virus buys out your computer, replaces all the internal workings with the most expensive in the business, and forces it to play Shevchenko in all your football management games...

Good work on catching it Ste B!

Excellent.

Problem with the Messageboard, Ste?

[Ste B]

Excellent.

Problem with the Messageboard, Ste?

Dont you start that again.. at this rate Pringle will be back just to annoy me again

[ABBEY]

mr b your a legend

[ABBEY]

-->

QUOTE(Ste B @ Jan 30 2007, 20:21 ) 485494[/snapback]

Dont you start that again.. at this rate Pringle will be back just to annoy me again

what happened to him?

[T4E]

He ran off to the grown up Cadets.

Floppy, there's still time

[ABBEY]

but surely theres puters in the brylcreem land?

[ewoodblue]

I have Anti Virus Personal Edition, and the shield blocked it ...so, no harm done, but once again it proved to be more effecient than AVG, ...AVG tends to let them in , and then deletes them after,whereas AVP blocks them.

Just glad your up and running again.

[T4E]

but surely theres puters in the brylcreem land?

There is, but the only way his ball and chain would let him go is if he promised to spend every minute that he's not flying tanks talking to her.

Women are evil Abs.

[Ricky]

Norton stopped a couple of things today when I came on he forum.

[ABBEY]

Women are evil Abs.

im not a woman in disguise tugs ..evil maybe

[Bazzanotsogreat]

It was a trojan virus circulating in the temp internet files according to my comp

[Ozz]

Is it my imagination, or are the numbers different-there appears to be a comma in the 1,000 s now.

[yoda]

######, just got the email, virus checker going beserk, does it cause major damage? the checker has found 3 seperate virus's so far

Trojan horse PSW.generic2.ZSL kipeqf.exe

Trojan horse clicker.EEP qvtgacbe.exe

Troan horse downloader.generic3.MIT wleruevr.exe

anybody recognise them?

[Paul Mellelieu]

Does this virus represent a danger to Macs?

[yoda]

-->

QUOTE(Ste B @ Jan 30 2007, 19:58 ) 485447[/snapback]

No, some russian ###### did though.

Delete the mail.

How did the Russian ###### get my email address?