AVG Anti-Virus 2012 Starting to Block TUGBBS webpages!

[pranas]

I had no problems yesterday or today.

 

[Ron98GT]

Detected again today, indicated by Avast Anti-Virus software as a Trojan Horse virus JS:Redirector-MA. Successfully blocked, but obviously still an issue. Meanwhile, can't access "smilies" (not a huge problem)...

P.S. Fwiw, I use IE8 and Windows XP --- in my quest to stay a decade behind the times.

XP Home or Professional?

just wondering since, in the past I've found XP Home more susceptible to Internet problems, with Professional being more stable.

 

[Ron98GT]

Running Firefox almost exclusively on my PC, Opera / Internal browsers on my Android and the internal browser on my Touchpad (WebOS). All but the Touchpad have Trend Micro Internet Security, which I have used for over 10 years and never had a malware or virus get by on any of my 6+ family PC's or phones. No reported errors on any of the various access OS/hardware for this site.

Just to see what would happen I opened IE (HELP!!) & logged into the BBS. Have all the various menus, etc - no problem and no warnings.

I have noticed that over time the cookies, or whatever sets the state of your current session, on virtually any access method can "lose" the ability to display the "Quick Links" option. If I clear everything when that happens the menu returns (usually). I'm really not sure why that can occur. I've seen it where one PC will have lost the menu if I log in while another uses it just fine so I believe it is a local machine issue.

As for the current error being reported I am guessing that it is due to an outdated Java version. The errors/warnings appear to point to that. If someone getting the error can make sure they have updated their Java version AND removed all prior versions I'll bet it goes away.

Keeping your Java up to date (Actually, one of their recent updates introduced a bug/virus, & this isn't the first time.) is very important for security as it holds high user rights. It is basically far more secure and reliable than the various MS scripting disasters but you must apply the security upgrades as they are released to be protected.

Closing IE now (thankfully) so that threat to my pc is now mostly removed. If it weren't for the many & frequent MS patches I'd get rid of it entirely.

Virus found in Java:

http://www.java.com/en/download/help/cache_virus.xml

Recent Java bug fix:

http://newyork.newsday.com/business...s-oracle-fixes-security-bugs-in-pcs-1.3939510

More about recent Java bugs:

http://www.h-online.com/security/news/item/Warning-on-critical-Java-hole-1676219.html

Virus scanners & java bug:

http://www.h-online.com/security/ne...irus-scanners-block-Java-exploit-1696462.html


Java, version-7, update-6, buggy

So, sounds like a Java problem. Hits PC's & Mac's.

 

[timeos2]

The correct current Version of up to date Java is Java 7 Update 7. Anything before that could be a problem & should be replaced.

While Java is very secure any software can be compromised. That is why they stay on top of it with timely updates unlike Active X & others that don't do regular updates or hold them for a predetermined release date. Not as safe as during the time when exploits are known but not corrected your machine(s) are at risk.

Check your Java version. If it isn't 7 Update 7 then download the update.

 

[TUGBrian]

our host did run a separate scan and found a few files that shouldnt be there (although some are on the test installation, and wouldnt even impact this forum even if it were malicious)

will keep everyone updated...hopefully removing these files will eliminate this issue.

 

[TUGBrian]

ok..weve removed the last of the potentially suspected files...please those of you who can repeat the warnings let me know if they still pop up!

 

[Passepartout]

Don't know if it has anything to do with this or any other problem, but as suggested by John upthread a couple, I checked my Java. I found that mine had updated to the latest version just yesterday, a few hours before the Phoenix began manifesting itself every time I click on a TUG page or link. Coincidence?

Btw, AVG is still showing the problem, and still won't allow smilies or any of the formatting above and the Quick Links in the blue bar are still scrambling and disappearing.

Jim

 

[TUGBrian]

maybe if we can identify a few other users who recently updated java (which would certainly impact quicklinks btw)...we can find a better solution!

 

[TUGBrian]

does your java installation have a rollback feature by chance?

 

[TUGBrian]

believe (but not positive) that this would also explain why it doesnt impact chrome.

 

[sun starved Gayle]

Just came up for me.

 

[Passepartout]

I didn't notice a rollback feature on the Java panel, but will go back and look for that.
Chrome's performance doesn't seem affected, but my AVG does detect the bug and I get a red, 'caution' shield wherever the TUG site is open.

 

[GetawaysRus]

maybe if we can identify a few other users who recently updated java (which would certainly impact quicklinks btw)...we can find a better solution!

I posted upthread a page or so ago. My anti-virus program is Avast. I use Windows 7.

Avast updates itself automatically, sometimes even more than once daily. So I'm certain that I've got the latest virus definitions file.

And yes, I did receive notice of a Java update (and allowed it to install) just yesterday. However, I have not received the Trojan warning on any other webpage so far - just TUG.

It may not be related, but I also have another anti-spyware program running in the background. This program is called Spyware Blaster (free version). I update Spyware Blaster manually when I remember to do it. I have not updated it within the past few days, however.

 

[TUGBrian]

for those of you who repeat the error, can you post as MUCH information regarding the warning as possible here (or email it to me at tug@tug2.net if it contains personal/computer info)

also if we could identify your web IP address, it would help the host identify a problem in the logs easier.

 

[Passepartout]

No lookback feature that I can discern in the Java control panel.

It will be interesting to see if those affected got Java updates just before the problem showed itself. If you open the Java control panel it shows date/time of the last update.

What I see is identical to the screenshot in post #3- just a different version since I upgraded today to the new, paid version of AVG

Jim

 

[TUGBrian]

is there anything in the "more info" link?

 

[Picker57]

No lookback feature that I can discern in the Java control panel.

It will be interesting to see if those affected got Java updates just before the problem showed itself. If you open the Java control panel it shows date/time of the last update.

What I see is identical to the screenshot in post #3- just a different version since I upgraded today to the new, paid version of AVG

Jim

FUNNY YOU SHOULD MENTION.... Yes, I did just recently do the Java upgrade thingy. Also, since this issue began I'm not able to change text fonts or sizes when I post. I THINK I'm running IE on this computer, though I see the Firefox icon also. AVG is my antivirus. Fingers crossed.....

-----Zach

 

[TUGBrian]

so odd...we have scoured that .js file with a fine tooth comb, and can confirm theres nothing wrong with it.

*sigh

 

[timeos2]

From all this I have to assume that the site is on a Windows based host. Unfortunately Windows allows some behind the scenes and virtually impossible to diagnose changes to settings such as a default redirect that nothing short of a reload is able to clear. I've seen multiple machine including servers with that issue in the past and no amount of cleaning or code searches can identify just what got altered or where. I hope this isn't the case with this problem. Another reason we use Unix/Linux based hosts exclusively.

 

[Ron98GT]

I posted upthread a page or so ago. My anti-virus program is Avast. I use Windows 7.

Avast updates itself automatically, sometimes even more than once daily. So I'm certain that I've got the latest virus definitions file.

And yes, I did receive notice of a Java update (and allowed it to install) just yesterday. However, I have not received the Trojan warning on any other webpage so far - just TUG.

It may not be related, but I also have another anti-spyware program running in the background. This program is called Spyware Blaster (free version). I update Spyware Blaster manually when I remember to do it. I have not updated it within the past few days, however.

I received the notice yesterday also, but I clicked "NO".

Late last year, one of my computers and the attached external hard-drive got infected from an Adobe update. It was so bad that I had to replace the hard-drive & then update to Window 7 Professional. There is a lot of info on the Internet about computer viruses associated with Adobe updates - be aware, and never allow an automatic update for an Adobe product. If there is an update and you verified that it's safe, go to the Adobe web site and download it. In the past I've received update notices, gone to the vendors web site, and found that no updates were available, but a virus would have been downloaded.

 

[TUGBrian]

From all this I have to assume that the site is on a Windows based host. Unfortunately Windows allows some behind the scenes and virtually impossible to diagnose changes to settings such as a default redirect that nothing short of a reload is able to clear. I've seen multiple machine including servers with that issue in the past and no amount of cleaning or code searches can identify just what got altered or where. I hope this isn't the case with this problem. Another reason we use Unix/Linux based hosts exclusively.

the server that runs the forum is a linux server.

 

[Passepartout]

OK, I have just done a System Restore and reset it to 9/4, before the Java update (or for that matter the AVG update, though after a scan). So far the result is no alert for a virus, Trojan Horse, Viking Ship, or unicorns on the loose. I am getting a notification for a Flash update- which I have declined. I may try doing these system changes one-by-one and try to trap the culprit.

Stay tuned.....

Jim

 

[TUGBrian]

I appreciate all the time you are taking to help out with this Jim!

 

[TUGBrian]

can you use this link

whatismyip.liquidweb.com

to email/pm me your ip address please?

 

[timeos2]

the server that runs the forum is a linux server.

Interesting. Never saw an error like this on one of those. Makes it more likely that it is a redirect on the client computers that may only occur in specific configurations, Your purge of the server should assure it is now clean but the clients may be acting to keep the malware alive (acting as bots). Tough to counter if that's what occurred.