Question Something's triggering a virus threat

[cboath]

I've gone to the three sections now - replica props, OT, and Movie and each time the page loads i'm getting a virus warning on 910.8207.exe being a possible trojan. Not happening on any other site, just here.

My guess is it's a false positive, but thought you should know either way.

FWIW, i'm running an updated AVG 2012

 

[Mr_Creepy]

Been noticing that tonight as well (Norton) :unsure

 

[Wolfie]

I got hammered with a windows update virus last time this happened

 

[Wes R]

my norton isn't going off which i guess is a good sign. I wonder if it's one of the ads on the site.

 

[Art Andrews]

Looking into it, but not seeing it so far.

 

[tictoc]

happened this morning too...I was trying to open a pic in the prop section

 

[cboath]

I just came in for the first time this morning and got 4, seriously, as the first screen even loaded.

one was a {something}.com/img.php, something else ARF.exe

 

[LeoFirebrand]

I got the windows vista virus alert 2012 virus last night trying to view an image. Virus blocker cleaned it but it still broke .exe associations so I had to modify registry too. Was quite the pain. If it helps it was in the junkyard. Think I was looking at mecha01's portal turret pics. Not sure if the virus can attach that way.

 

[cboath]

I got the windows vista virus alert 2012 virus last night trying to view an image. Virus blocker cleaned it but it still broke .exe associations so I had to modify registry too. Was quite the pain. If it helps it was in the junkyard. Think I was looking at mecha01's portal turret pics. Not sure if the virus can attach that way.

Exact same thing happened to me just after posting my last post in this thread.

Running spybot said that it foud Fraud.InternetSecurity2011. Files listed were ARF.exe and two very long asdfad435tdsafasd90asd type files. In program data and appdata\local and appdata\local\microsoft\windows\templates. (Those asdasdf things aren't the actual files names, just showing that they were 20+ characters long and random alphanumeric names with no extensions).

Extremely uncool.

I know it's not the staff fault, but someone needs a butt kicking for letting this stuff through. My guess is an adserver.

 

[cboath]

As soon as I posted the above, I went to the OT and got yet another one.

Changed browsers and now running with adblock and have gone to 5 different RPF sections and checked out threads. Haven't seen an ad and haven't gotten any virus warnings.

 

[jango5204]

I got hit with the windows antivirus scans yesterday on the Toughbook in my cruiser. Had to turn it to I.T.

 

[Art Andrews]

I got the windows vista virus alert 2012 virus last night trying to view an image. Virus blocker cleaned it but it still broke .exe associations so I had to modify registry too. Was quite the pain. If it helps it was in the junkyard. Think I was looking at mecha01's portal turret pics. Not sure if the virus can attach that way.

Do you know the junkyard page you were looking at when you saw this?

 

[Art Andrews]

happened this morning too...I was trying to open a pic in the prop section

Can you give us a link to what you were looking at?

 

[Art Andrews]

I got hit with the windows antivirus scans yesterday on the Toughbook in my cruiser. Had to turn it to I.T.

Was this while surfing the RPF?

 

[jango5204]

Was this while surfing the RPF?

Yes. You know, traffic isn't too heavy on Saturday mornings, so I was looking around on RPF in between speeders. Don't remember what thread it was.

 

[LeoFirebrand]

To answer the quesitons of where. I had several tabs open in the junkyard but Im pretty sure this is the one I was veiwing. I was looking at the photos on page 1 of the thread when it happened.

http://www.therpf.com/f13/portal-2-turret-new-pics-pg-7-a-127914/

 

[cboath]

Just happened to me, yet again, simply by going to the OT. I forgot and used the wrong browser and got hit immediately. Killed it, switched and seems OK with adblock on.

 

[cboath]

Here's the log I have from AVG. Odd thing is it flagged 3-5 things when I first encountered it, but only logged 1 it seems. Hope they help. Times are central time, too.

The three AVG has listed in it's history - since yesterday are:

Virus found Win32/Cryptor
"c:\Users\<username.\AppData\Local\Temp\335.8026.exe"
12/12/2011, 5:13:18 PM
file C:\Program Files (x86)\Java\jre6\bin\java.exe


Trojan horse Generic_r.JU
c:\Windows\System32\consrv.dll
12/11/2011, 11:14:04 AM
file C:\Windows\System32\csrss.exe

Trojan horse Generic_r.JU
c:\Windows\System32\consrv.dll
12/11/2011, 11:05:47 AM
file C:\Windows\System32\csrss.exe

 

[pennausamike]

I got a virus while on the RPF a couple of days ago.
Had my Kaspersky off at the time.
Turned it back on to an infection:
HEUR:Trojan.Win32.Generic
which I cannot quarantine because it imbedded in the operating system:
c:\WINDOWS\system32\drivers\i8042prt.sys

It happened again today, but I was on our newer computer and the Kaspersky caught it.
I'm not sure where I was when I got the hit,
because I closed the window when it happened.

This trojan opens another window; the other one was a pretend virus protection program.
Sorry if that isn't a helpful description,
my computer powers are rather minimal.

Mike

 

[Art Andrews]

We are trying our best to track this down but haven't been able to replicate it.