Jump to content
Sign in to follow this  
Guest s13r

NS - Trojan horse - WHAT THE GOSH?

Recommended Posts

Just got my computer f**ked up going to the Vic section. Well done on fixing the problem.…

Share this post


Link to post
Share on other sites

we have assigned a new company that is looking at the problem.....

 

please - people that are saying they are getting hit with it : upgrade to the latest AVG or AVAST ... you shouldn't be effected if you are running a decent (free!) scanner!

Share this post


Link to post
Share on other sites

AVG was updated. The virus uninstalled it. At least put a massive warning up saying do not visit this site if you are running windows

Share this post


Link to post
Share on other sites

I'm using avast and I have never been infected

So I would take loz's advice

Share this post


Link to post
Share on other sites

I'm using avast and I have never been infected

So I would take loz's advice

lol so? i was running no anti-virus for ages and never got infected on that computer.

Share this post


Link to post
Share on other sites

I don't get any virus popups or warnings :( I feel jibbed.

 

This isn't a "virus", the virus or malware that end users get is the result of the initial infection vector (malicious scripts loading exploits). Ns.com is likely to be vulnerable to some kind of cross-site scripting, php file inclusion, XML/javascript injection. Once the scripts are loaded, someone visits the site and boom! javascript runs and calls a malicious java applet, malicious flash/swf file, pdf file whatever take your pick. The bad guys sometimes manage to slip a malicious flash file in advertising banners which then appears on 1000's of popular websites, automatically runs when users visit the site, and if they're not patched they instantly get infected = a lot of users quickly owned = bad guys get maximum return for their efforts :lol:

 

Ns.com needs to review all the forum php code and look for malicious javascript which has been injected in the source..

 

For everyone else...

 

* make sure you keep your operating system, your browser, and all your plugins (adobe flash, reader, java, shockwave, etc.) patched at all times. Most exploit packs will fire multiple payloads at your machine to try and compromise one of these. Once it's in, it downloads more malware. You have to keep them ALL up to date, the bad guys only need to find ONE that is vulnerable.

 

* You wont be infected if you don't allow the script to run which launches the exploit. If you run firefox, run no-script plugin. If you run IE, don't allow random ActiveX controls to run, etc.

 

* Don't run your machine logged in with local administrator privileges. It's A LOT easier for malicious code to run with local admin, disable your anti-virus, etc. (unless you're running McAfee which doesn't let you kill the process even if you're admin :P)

Share this post


Link to post
Share on other sites

I'm using avast and I have never been infected

So I would take loz's advice

 

That you are aware of :ph34r:

Share this post


Link to post
Share on other sites

I had Avast updated as well as all other programs, and using Malwarebytes and Spybot search and destroy....

GTTR34 has however provided us with a vital guideline on what should be done to minimize the possibility of being affected which you still might - anytime!

Share this post


Link to post
Share on other sites

Mine finally gave up as there were so many attacks, and malwarebytes decided to delete a system vital file. Have totally converted to Ubuntu now!

 

Wise choice.

Share this post


Link to post
Share on other sites

It went away for a bit for me, but it is back again. Avast is complaining about www.nissansilvia.com/nu/menu_data.js being an infection (HTML:Iframe-inf).

 

As a guess, I would say the issue is the first line of the javascript code:

 

document.write('');

Share this post


Link to post
Share on other sites

Add another laptop to the f**ked list.....I'm having the same issues as everyone else, started a few weeks back- until now I couldn't work out what was going on, until I read this thread- then the penny dropped......

Share this post


Link to post
Share on other sites

I don't get any virus popups or warnings :( I feel jibbed.

 

This isn't a "virus", the virus or malware that end users get is the result of the initial infection vector (malicious scripts loading exploits). Ns.com is likely to be vulnerable to some kind of cross-site scripting, php file inclusion, XML/javascript injection. Once the scripts are loaded, someone visits the site and boom! javascript runs and calls a malicious java applet, malicious flash/swf file, pdf file whatever take your pick. The bad guys sometimes manage to slip a malicious flash file in advertising banners which then appears on 1000's of popular websites, automatically runs when users visit the site, and if they're not patched they instantly get infected = a lot of users quickly owned = bad guys get maximum return for their efforts :lol:

 

Ns.com needs to review all the forum php code and look for malicious javascript which has been injected in the source..

 

For everyone else...

 

* make sure you keep your operating system, your browser, and all your plugins (adobe flash, reader, java, shockwave, etc.) patched at all times. Most exploit packs will fire multiple payloads at your machine to try and compromise one of these. Once it's in, it downloads more malware. You have to keep them ALL up to date, the bad guys only need to find ONE that is vulnerable.

 

* You wont be infected if you don't allow the script to run which launches the exploit. If you run firefox, run no-script plugin. If you run IE, don't allow random ActiveX controls to run, etc.

 

* Don't run your machine logged in with local administrator privileges. It's A LOT easier for malicious code to run with local admin, disable your anti-virus, etc. (unless you're running McAfee which doesn't let you kill the process even if you're admin :P)

 

 

whAT DO I DO WITH A MACBOOK PRO? TO AVOID THIS SHIT?

Share this post


Link to post
Share on other sites

^ Get rid of anything Apple related and upgrade to something decent ;)

Share this post


Link to post
Share on other sites

This is still happening :( I got hit with malware warning yesterday!

Share this post


Link to post
Share on other sites

ladys and gentle people lend me your ears, there is a simple way to make this problem go away for you,

the virus seems to be exploiting javascript to infect you, so whats the simple answer? TURN OFF JAVASCRIPT!

or if your like me and dont wanto do that, i have found a firefox addon called noscript, it is a script blocker that lets you choose which scripts you wanto allow or just block them all !

 

as soon as i got this addon avast stoped hitting the shi*ts every time i went to NS.com

 

also helps browsing just about any sight and it blocks al the trafficjunkie.com and addthis.com all those stupid ones.

 

good luckkk!!!

Share this post


Link to post
Share on other sites

Ok,

 

The suspicious code has been removed, you shouldn't get the warning anymore.

Share this post


Link to post
Share on other sites

Thanks old man wados for repeating what I've already said twice

Share this post


Link to post
Share on other sites

Ok,

 

The suspicious code has been removed, you shouldn't get the warning anymore.

OK, but have you found out how the code is getting there in the first place?

Share this post


Link to post
Share on other sites

Just thought I would let u know my avast is still going crazy when I log on

Share this post


Link to post
Share on other sites

Just got a warning from Avast while using HT.. not NS. <_>

Share this post


Link to post
Share on other sites

Just got a warning from Avast while using HT.. not NS. <_>

I'm still copping it from both ht and ns

Share this post


Link to post
Share on other sites

First time i have had one since i stared using the HT skin about 3 weeks ago....

Share this post


Link to post
Share on other sites

ladys and gentle people lend me your ears, there is a simple way to make this problem go away for you,

the virus seems to be exploiting javascript to infect you, so whats the simple answer? TURN OFF JAVASCRIPT!

or if your like me and dont wanto do that, i have found a firefox addon called noscript, it is a script blocker that lets you choose which scripts you wanto allow or just block them all !

 

as soon as i got this addon avast stoped hitting the shi*ts every time i went to NS.com

 

also helps browsing just about any sight and it blocks al the trafficjunkie.com and addthis.com all those stupid ones.

 

good luckkk!!!

But then I cant navigate using any of the menu buttons, and if i allow ns.com I still get malware.

 

Ok,

 

The suspicious code has been removed, you shouldn't get the warning anymore.

 

Wrong, warning just now.

Share this post


Link to post
Share on other sites

AVG free didn't find nearly as many items as SuperAntiSpyware. Definitely recommend it along with malwarebytes. Also if your getting fake antivirus popups or bsod go to start>run>type "msconfig">start up tab> check for processes like"dsjldjla", just random letters. It wont be hard to find the rouge processes.

Share this post


Link to post
Share on other sites

ok so i hit up ns.com then norton blocked this

 

attackblocked.jpg

 

 

then I go into the Admin&help thread to come here so I can report the first attack then Norton Blocks this second one. Has some sort of IP

 

attackblocked2.jpg

Share this post


Link to post
Share on other sites

ok, this seem like an odd question, but why arnt i getting it?

 

what did i do right?

 

im runnig firefox

java is update.

i installed avg on both of my machines, and they are not registering any hit, so assumingly im not infected

 

given im on the site about 1-2hours each day, i should of been hit by now

Share this post


Link to post
Share on other sites

still getting viruses being blocked when I come here (which I dont too often because every time I do it's still not fixed...). dont get it with any other sites.

Share this post


Link to post
Share on other sites

It may be that those that are still being hit with the malware have the bad stuff in their cache. Try clearing your cache.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×