Hi,
I'm sure many of you encountered this virus while browsing webpages. It says that your system is affected and does a fake scan and offers you to download it.
I'm hosting many of my website on the same server and on 2 of them I have mybb installed. I contacted my host and they said they couldn't find any trace of this virus, but I still experience it.
I noticed that it only shows up when I'm browsing my mybb sites, especially when I'm in the admin area.
Any of you encountered such problem?
(2008-12-25, 06:10 PM)dtommy79 Wrote: [ -> ]Hi,
I'm sure many of you encountered this virus while browsing webpages. It says that your system is affected and does a fake scan and offers you to download it.
I'm hosting many of my website on the same server and on 2 of them I have mybb installed. I contacted my host and they said they couldn't find any trace of this virus, but I still experience it.
I noticed that it only shows up when I'm browsing my mybb sites, especially when I'm in the admin area.
Any of you encountered such problem?
1. Are these you sites?
2. Did the installation go correctly?
3. Have you given anyone else permission to upload any files?
1. Yes
2. Yes. Actually the forums were installed ages ago.
3. No. And I and my host checked if there is anything malicious is uploaded.
Have you recently visited any bad sites lately, by accident? Some times they can leave stuff in your browser. So its not actually your forum.
Which browser are you using?
(2008-12-25, 06:38 PM)JohnMac Wrote: [ -> ]Have you recently visited any bad sites lately, by accident? Some times they can leave stuff in your browser. So its not actually your forum.
Which browser are you using?
Well I actually don't remember, but possibly. However I recently changed my op system and formatted my hard drive as well, and since then I'm using linux. So there is no way anything was left on my computer or this thing installed itself.
I'm using friefox btw.
This is the letter I received from my hosting company:
Quote:As far as our security analyst can tell, all of these hacks are being conducted via malware that has gained access to your ftp login information. You will need to follow the following steps to protect your domains/account in the future. Go to the following link and follow the removal instructions for the removal of this malware. You will need to do this on any computer that has accessed your site via ftp.
This rogue anti-virus software installs malware on your computer that then sends your sensitive data back to a source. This source then hacks your account and installs .htaccess files that redirect to other sites for the download of this same rogue anti-virus software. Information on how this virus originated on the web can be found at the following link: http://www.techpavan.com/2008/07/15/...consider-them/.
As of today, many anti-virus websites have updated their lists and most are reporting they can remove the virus. However, there are also reports that show it doesn't get removed. Best solution at this time is to download one of the programs created specifically for "antivirus 2009" removal. One of such programs is available at:
http://www.bleepingcomputer.com/malw...antivirus-2009
Please also check following article if you have Mac:
http://www.dslreports.com/forum/r213...9-on-a-MACBOOK
Once and only once you have checked your computer and/or removed this av2009.exe file, then you will need to change your ftp password information for all of your domains. You will also need to delete these htaccess files from all of your sites.
(2008-12-25, 06:51 PM)dtommy79 Wrote: [ -> ] (2008-12-25, 06:38 PM)JohnMac Wrote: [ -> ]Have you recently visited any bad sites lately, by accident? Some times they can leave stuff in your browser. So its not actually your forum.
Which browser are you using?
Well I actually don't remember, but possibly. However I recently changed my op system and formatted my hard drive as well, and since then I'm using linux. So there is no way anything was left on my computer or this thing installed itself.
I'm using friefox btw.
This is the letter I received from my hosting company:
Quote:As far as our security analyst can tell, all of these hacks are being conducted via malware that has gained access to your ftp login information. You will need to follow the following steps to protect your domains/account in the future. Go to the following link and follow the removal instructions for the removal of this malware. You will need to do this on any computer that has accessed your site via ftp.
This rogue anti-virus software installs malware on your computer that then sends your sensitive data back to a source. This source then hacks your account and installs .htaccess files that redirect to other sites for the download of this same rogue anti-virus software. Information on how this virus originated on the web can be found at the following link: http://www.techpavan.com/2008/07/15/...consider-them/.
As of today, many anti-virus websites have updated their lists and most are reporting they can remove the virus. However, there are also reports that show it doesn't get removed. Best solution at this time is to download one of the programs created specifically for "antivirus 2009" removal. One of such programs is available at:
http://www.bleepingcomputer.com/malw...antivirus-2009
Please also check following article if you have Mac:
http://www.dslreports.com/forum/r213...9-on-a-MACBOOK
Once and only once you have checked your computer and/or removed this av2009.exe file, then you will need to change your ftp password information for all of your domains. You will also need to delete these htaccess files from all of your sites.
And your sure that they could not of uploaded a file? Even under a dfifferent name...