mandoble 1 Posted May 4, 2006 <span style='font-size:17pt;line-height:100%'>Click for update on the issue from Cervo.</span> Today, every time I try to get into OFP.info I get infected with a trojan virus loader. Check your internet termporary files. Share this post Link to post Share on other sites
456820 0 Posted May 4, 2006 Same here i sent a PM to the admin. i also know someone else with this problem Share this post Link to post Share on other sites
turms 0 Posted May 4, 2006 What antivirus are you using? Share this post Link to post Share on other sites
Thomas Ryan 0 Posted May 4, 2006 Same here, but my Norton Antivirus blocked it (thankfully) but I suggest that you check it out OFP.Info. Regards, Zipper5 Share this post Link to post Share on other sites
rellikki 7 Posted May 4, 2006 Happened to me too. Luckily my norton blocked it, so I didn't care about it so much until some of my friends told me about their problem. Share this post Link to post Share on other sites
HotShot 0 Posted May 4, 2006 Nothing happens for me. It might just be your Anti-virus software being jumpy, thinking it is a Trojan when infact it is just a cookie or such that is similiar. Share this post Link to post Share on other sites
456820 0 Posted May 4, 2006 Im using McAfee it reported 11 Virus' overall. Most were cleaned right of my HD the rest were either blocked or moved to my quarantine folder which are now deleted. Then my latest scan shows no detections. Edit - All were seen as trojan horses apart form one which was like a script hack thing?? Share this post Link to post Share on other sites
mandoble 1 Posted May 4, 2006 It is not a cookie, it is a java troyan loader. Just look into your Internet temporary files subdirectories for any file starting with "load". I'm using Grisoft AVG (www.grisoft.com). Share this post Link to post Share on other sites
mr burns 132 Posted May 4, 2006 Can i be infected by browsing this thread too?? <span id='ME'><center>Mr Burns runs off screaming</center></span> Share this post Link to post Share on other sites
turms 0 Posted May 4, 2006 Using norton, scanned the computer, found nothing... Share this post Link to post Share on other sites
j w 0 Posted May 4, 2006 Well, trojans in OFP.info's file is not a big possibility. I've never had a problem, and still downloaded maybe 500-1000 files from their FTP's. Here is an article about it, where the problem occured with CSLA Mod's "uninstall.exe". A similar topic to this was posted a while ago... *goes off to search* Share this post Link to post Share on other sites
Colossus 2 Posted May 4, 2006 Do NOT enter the forums! I got a message from Symantec Anti-Virus just when I open the forums. I got a hotlink to the forums so it's not from the main page. Share this post Link to post Share on other sites
j w 0 Posted May 4, 2006 Well, Symantech is Norton. Norton is not good. And, since it's a hotlink, it could have been to anything... Anyways, here's an old topic about Trojans/viruses from OFP.info Link Share this post Link to post Share on other sites
Colossus 2 Posted May 4, 2006 What does traffdollars.biz have to do with OFP.info and errors made by Symantec? Share this post Link to post Share on other sites
NeMeSiS 11 Posted May 4, 2006 Ah, i got the same scriptpromp window, and it tried to open a .wmf (?) file. That housecall free online virusscanner just found and removed 6 virusses Share this post Link to post Share on other sites
.kju 3245 Posted May 4, 2006 i would say the source is some 'advertisment' Share this post Link to post Share on other sites
shinRaiden 0 Posted May 4, 2006 hmm, is that our dear friend the old patched wmf exploit? Anyhoo, seems to be fairly happy in Firefox without any adverse reactions. Share this post Link to post Share on other sites
mandoble 1 Posted May 4, 2006 Microsoft security bulleting MS06-001 (wmf files) Share this post Link to post Share on other sites
NeMeSiS 11 Posted May 4, 2006 Microsoft security bulleting MS06-001 (wmf files) IIRC i already installed that, downloaded that file anyway and it doesnt seem to have any affect (still trying to open a .wmf file/scriptpromp comes up) Oh well, seems im forced to use firefox and need to scan again... Share this post Link to post Share on other sites
dm 9 Posted May 4, 2006 ...Oh well, seems im forced to use firefox... Thats no bad thing Will speak to Cervo and see if he knows anything about it. If it only happens in the forum, someone might have it as part of their sig, or worst-case the forum may have been "modified" by someone not ofp.info staff. Share this post Link to post Share on other sites
NeMeSiS 11 Posted May 5, 2006 ...Oh well, seems im forced to use firefox... Thats no bad thing It is IMO Altough its almost IExplorer there are some very minor things wich annoy me, and altough its supposed to be safer, well, as long as you dont browse all those porn/serial sites and dont click on every link that you see it doesnt matter, except this time... Share this post Link to post Share on other sites
Silent N Deadly 0 Posted May 5, 2006 I have gotten that same thing at school, at home I have no problems...I haven't even gotten a warning. The prompt doesn't even show up. Wierd. Share this post Link to post Share on other sites
jakerod 254 Posted May 5, 2006 I have gotten that same thing at school, at home I have no problems...I haven't even gotten a warning. The prompt doesn't even show up. Â Wierd. As Silent's computer crashes, lights on fire and explodes. I am not getting any type of warning either. Scanning my computer right now though just in case. Share this post Link to post Share on other sites
Artak 0 Posted May 5, 2006 I've never registered to the ofp.info forums. But of course when you're talking about something this intriquing I just had to take a look. Here's what happened. Norton Internet Security 2004 Windows XP prof SP2 Ie 6.0 NIS warned about unauthorized connection and blocked it. NIS indentified the connection as "HTTP MS Windows WMF Code Exec" attack from IP 85.249.23.119 Symantec security bulletin article Now, I didn't even get as far as into the forums actually. Because I wasn't registered before (still not) I got to the login page first and BANG! there it was. I was unable to get a trace of that IP. Maybe some of you have more luck. Share this post Link to post Share on other sites
5133p39 16 Posted May 5, 2006 I've never registered to the ofp.info forums. But of course when you're talking about something this intriquing I just had to take a look. Here's what happened.Norton Internet Security 2004 Windows XP prof SP2 Ie 6.0 NIS warned about unauthorized connection and blocked it. NIS indentified the connection as "HTTP MS Windows WMF Code Exec" attack from IP 85.249.23.119 Symantec security bulletin article Now, I didn't even get as far as into the forums actually. Because I wasn't registered before (still not) I got to the login page first and BANG! there it was. I was unable to get a trace of that IP. Maybe some of you have more luck. netname: NN-VALUEDOT-NET descr: NN-VALUEDOT-NET country: RU admin-c: JOY-ORG tech-c: JOY-ORG status: ASSIGNED PA mnt-by: ELTEL-RIPE-MNT mnt-lower: DOT-MNT source: RIPE # Filtered role: Joy Hosting NOC address: Moscowskaya 38 address: Sankt-Peterburg address: Russian phone: +7 921 424 3509 remarks: trouble: ---------------------------------------------- remarks: trouble: NOC working hours: remarks: trouble: 08am-10pm MSK/MSD (GMT+3/+4) workdays remarks: trouble: ---------------------------------------------- remarks: trouble: Contact addresses by category: remarks: trouble: Routing/DNS/IP delegation: ncc@valuedot.net remarks: trouble: SPAM/UCE: abuse@valuedot.net remarks: trouble: Scans/Hacking attempts: security@valuedot.net remarks: trouble: Mail: postmaster@valuedot.net remarks: trouble: ---------------------------------------------- admin-c: AB7972-RIPE admin-c: AS8175-RIPE tech-c: AB7972-RIPE tech-c: AS8175-RIPE nic-hdl: JOY-ORG mnt-by: DOT-MNT source: RIPE # Filtered abuse-mailbox: abuse@valuedot.net Share this post Link to post Share on other sites
