• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

AVG Anti-Virus 2012 Starting to Block TUGBBS webpages!

Thanks, Steve. FWIW, we've been all over the vbulletin_global.js file six ways from Sunday. We have even replaced the file with a copy from an untouched virgin download of the full vBulletin 3.6.4 package from Jelsoft, yet the same notice prevails.
 
I get the identical message (I'd show you if I knew how to do a screen shot) and there is nothing relative in the 'More Info' or 'Details.'

Jim
 
I disabled AVG and turned on Fiddler (a packet analyzer), then loaded a page on TUG. I looked at the results I got back when vbulletin_global.js was requested, and I noticed the following additional code appended at the bottom of the file:

<br />
<b>Warning</b>: include(vbulletin_css/styles.css) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in <b>/home/tugbbsc/public_html/forums/clientscript/vbulletin_global.js</b> on line <b>1730</b><br />
<br />
<b>Warning</b>: include() [<a href='function.include'>function.include</a>]: Failed opening 'vbulletin_css/styles.css' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/tugbbsc/public_html/forums/clientscript/vbulletin_global.js</b> on line <b>1730</b><br />
Click to expand...

To me, it looks like a misconfiguration somewhere, rather than a virus.
 
MichaelColey said:
I disabled AVG and turned on Fiddler (a packet analyzer), then loaded a page on TUG. I looked at the results I got back when vbulletin_global.js was requested, and I noticed the following additional code appended at the bottom of the file:



To me, it looks like a misconfiguration somewhere, rather than a virus.
Click to expand...

HA! I just stumbled on the styles.css file via another means. It is definitely an infusion of malware, similar to stuff we've found in the past, and I've disabled it. This error message tells us whatever is trying to call it now can't find it. Now to analyze your warning and see where it leads us ..
 
Well, I can tell you it's now gone on mine! Smilies still don't work but it certainly is nice not to get the warning in the middle of the page. Thanks. (Also, clicking Quick Links changes it to Open Buddy List and Search changes to Mark Forums Read.) All I've noticed so far.
 
Last edited:
Makai Guy said:
Michael - can you repeat your Fiddler check and see if the warning is now gone?
Click to expand...
Yes, it's gone now. Also, I don't see any JavaScript errors and the vB functionality (at least what I've tried that wasn't working before) appears to be fixed.

I think you got it!
 
Makai Guy said:
HA! I just stumbled on the styles.css file via another means. It is definitely an infusion of malware, similar to stuff we've found in the past, and I've disabled it. This error message tells us whatever is trying to call it now can't find it. Now to analyze your warning and see where it leads us ..
Click to expand...

I think you are on the right track, they have buried something that adds some obfuscated code pointing to a trojan server. I used a different tool and it tried to execute 2 different trojans but Malwarebytes blocked it.

I also see a lot of advice to change your passwords and check your htaccess file.

TUG-trojans.jpg
 
MichaelColey said:
Yes, it's gone now. Also, I don't see any JavaScript errors and the vB functionality (at least what I've tried that wasn't working before) appears to be fixed.

I think you got it!
Click to expand...

I hope you're right. Let's hope it stays "got" this time.

This stuff is sure becoming a pain in the wazoobie.
 
Last edited:
:clap: :clap: :clap: :clap: :clap:
Finally it looks like you know what rock to look under. It's working fine now, even formatting. And on Firefox, to boot. Oh, and Quick Links don't do their dance and disappear either! Woo-Hoo!

Thanks Doug- and to Michael for the tip.
:clap: :clap: :clap: :clap: :clap:

Jim
 
Last edited:
FWIW - not getting the error message now with JS enabled (Firefox and Windows 7, both current). Also the site microfunctionalities that were not working before are now operating.
 
Seems to be gone but I think it was a virus because my other computer that didn't have a firewall (I know I know.. my husband re-did it a few months ago and forgot to install the firewall) had some problems right when this whole thing started.......
 
Kasperski's happy

piper_chuck said:
The Kasperski warning I've been receiving for a while is now gone.
Click to expand...

TUG seems trojan free using IE9 or Firefox again!!!

...Mark
 
YaY! I am able to get my TUG fix this morning. :cheer: Sure did miss you guys over the past few days! Thanks for all your hard work in tracking down the problems.

Dori
 
Dori said:
YaY! I am able to get my TUG fix this morning. :cheer: Sure did miss you guys over the past few days! Thanks for all your hard work in tracking down the problems.

Dori
Click to expand...

Ditto! Thanks to all for the fix :clap: So glad to be able to get back into TUG!
 
From the ''Don't count your chickens' file.....IT'S BACK (at least on my machine). It's the same "Exploit Phoenix....Type 769" etc. message. I haven't switched to Chrome yet because it seemed to go away anyway....at times. Inasmuch as I'm barely knowledgeable to turn the computer ON, I'm still wondering if there's any potential damage by just letting it go. "Annoying" I can handle, "Harmful" not so much.

Also wondering, are Mac users getting this also?

------------Zach
 
Picker57 said:
From the ''Don't count your chickens' file.....IT'S BACK (at least on my machine). It's the same "Exploit Phoenix....Type 769" etc. message. I haven't switched to Chrome yet because it seemed to go away anyway....at times. Inasmuch as I'm barely knowledgeable to turn the computer ON, I'm still wondering if there's any potential damage by just letting it go. "Annoying" I can handle, "Harmful" not so much.

Also wondering, are Mac users getting this also?

------------Zach
Click to expand...
Please try it again now.
 
Makai Guy said:
Please try it again now.
Click to expand...

You've got a comment line that displays on the top of the page...

[comment line removed so as not to tip our hand to the bad guys]
 
Last edited by a moderator:
ace2000 said:
You've got a comment line that displays on the top of the page...


[comment line removed so as not to tip our hand to the bad guys]
Click to expand...

I'm seeing the same thing here. If it matters, I didn't have any of the problems that others had.
 
Last edited:
ace2000 said:
You've got a comment line that displays on the top of the page...

[comment line removed so as not to tip our hand to the bad guys]
Click to expand...

Temporary while I'm messing around. Will go away shortly. Thanks for being alert and reporting it though -- next time might not be so benign.
 
Last edited by a moderator:
You must log in or register to reply here.
Top