Windows 7 AVG Virus Threat

Discussion in 'Windows Security' started by nitewulf, Nov 30, 2009.

  1. nitewulf

    nitewulf Honorable Member

    Joined:
    Oct 20, 2009
    Messages:
    64
    Likes Received:
    4
    It just started tonight, but AVG 9.0 is warning that this site (windows7forums.com) is infected and therefore being blocked. Has anyone else reporrted this? As soon as you access any page on your site the alert from AVG pops up.
    What's going on?
     
    Mike and (deleted member) like this.
  2. Joe S

    Joe S Excellent Member

    Joined:
    Jan 12, 2009
    Messages:
    3,785
    Likes Received:
    113
    It looks like AVG has one more problem to add to their recent oops list. They've had more than a couple of issues this year.
    Joe
     
  3. stueycaster

    stueycaster Millennium Celebration Award Winner
    Premium Supporter

    Joined:
    Feb 5, 2009
    Messages:
    1,519
    Likes Received:
    53
    There's a new Javascript on this site that my NoScript is blocking. It's called xblacknet.cn. I googled it and there were only a few hits. They're calling it a possible virus. I couldn't find anything definite. I'm going to pm a moderator or two about it.
     
  4. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,840
    Likes Received:
    1,568
    Hm...weird it seems fine to me, have you guys updated your AVG lately? Some AVG updates have been known in the past to be a little 'over zealous' but just to be on the safe side I'll pm Mike to check a few things out..
     
  5. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    Microsoft Security Essentials seems to be having the same problem. Malex.genIE trojan or something similar.
     
  6. nitewulf

    nitewulf Honorable Member

    Joined:
    Oct 20, 2009
    Messages:
    64
    Likes Received:
    4
    Thanks, stueycaster. That's the javascript that's causing the alerts.
     
  7. RAK

    RAK Extraordinary Member

    Joined:
    Jul 6, 2009
    Messages:
    2,502
    Likes Received:
    126
    I reported, a couple of days ago, that my computer was running slow .-only on this site - with a momentary heavy useage of the CPU. There was very little response to the thread so I thought I was alone. Now it seems not so. I carried on my own investigation and, duing the course of these, I put in the maximum security precautions I could. IE under that strain, totally failed to access the site, although I was still able to access others.. I must admit that I have had no virus warning - yet.
     
  8. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    It is not infected and I'm looking into this ASAP. There is a nocode imageresizer that we use in case someone posts large image - automatically resizes the the image on-the-fly. Trust me, the site is secure and I'm looking into it now.
     
  9. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    I'm using MSE and not getting any messages about this site.
     
  10. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    Can you please post screenshots of the message?
     
  11. stueycaster

    stueycaster Millennium Celebration Award Winner
    Premium Supporter

    Joined:
    Feb 5, 2009
    Messages:
    1,519
    Likes Received:
    53
    Here's a screeny of what NoScript is showing. I think this might be a brand new trojan that all of the A/V companies haven't found out about yet. NoScript blocks all javascripts til I allow them.

    [​IMG]
     
  12. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,840
    Likes Received:
    1,568
    Ditto.....
     
  13. stueycaster

    stueycaster Millennium Celebration Award Winner
    Premium Supporter

    Joined:
    Feb 5, 2009
    Messages:
    1,519
    Likes Received:
    53
    Here's another screeny with better detail.

    [​IMG]
     
  14. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    I am seeing xblacknet.cn with noscript, but only when logged in. Still testing here.
     
  15. stueycaster

    stueycaster Millennium Celebration Award Winner
    Premium Supporter

    Joined:
    Feb 5, 2009
    Messages:
    1,519
    Likes Received:
    53
    That's why MSE isn't catching it. NoScript is blocking it.
     
  16. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    I had MSE on before installing NoScript. I stopped using Firefox. Nonetheless, the problem is there... I rebuilt the installation as well as rebuilt much of the database, but I am still looking into where this is coming from.
     
  17. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    The problem is gone on the extranet... internally it is still there. I have made major changes. The database itself is using over a 200-bit encryption cipher for the password.
     
  18. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    Thanks for alerting of this problem -- forum users and visitors are not at risk. I will inform you of further details. I have gone so far as to contact both AVG and several other companies. The problem no longer exists on the front-end and I have completely banned this domain.
     
  19. nitewulf

    nitewulf Honorable Member

    Joined:
    Oct 20, 2009
    Messages:
    64
    Likes Received:
    4
    Hi Mike,
    The alert from AVG complaining about the javascript is gone this morning so something must have changed since yesterday evening. Anyway, all appears to be ok now, at least with AVG 9.0.
     
  20. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    The problem has been resolved and was the result of an internal problem with one of our modules. This has been completely fixed and there is absolutely nothing to worry about.
     

Share This Page

Loading...