Diamond Geezer
Gone But Not Forgotten
- Joined
- May 2, 2003
- Messages
- 13,884
This forum has a trojan horse clicker or so my anti-virus software has warned me.
Warning
- Thread starter Diamond Geezer
- Start date
Merlin the Magician
At the Start
Surely this needs to be in the racing column...............
walsworth
Journeyman
I've had my machine slow down dramatically when logging in here, with lots of disc activity going on, but I've run all my usual diagnostic tools and they haven't found anything yet. I'm sure there is something there though because other sites have slowed too.
Yes I've been having problems on and off when logged in here too, esp c15 mins ago.
Had to log off Firefox and come back in, Worrying to know there's something lurking in here
Wot's a Trojan Horse Clicker I wonder? - I'll go google for it.
And log out of here!
Had to log off Firefox and come back in, Worrying to know there's something lurking in here
Wot's a Trojan Horse Clicker I wonder? - I'll go google for it.
And log out of here!
Discovered it's dangerous for anyone using a pc and Microsoft software
Firefox gives protection from this kind of thing as does mac, but my laptop freezing so often when I am logged into TH prob indicates my spyware rejecting this thing
Someone should look into this
Firefox gives protection from this kind of thing as does mac, but my laptop freezing so often when I am logged into TH prob indicates my spyware rejecting this thing
Someone should look into this
DG can you post more details, having started this scare!
There are several of these clickers, one can be removed by SpyBot apparently, but the latest one with the suffix SR can't, and needs a whole complicated re-boot of some sort to find and remove it.
Apparently they lurk and then suddenly activate, I found some details here:
http://forum.zensupport.co.uk/thread/18704.aspx
pctools Spyware Doctor may be able to check for you:
www.pctools.com/spyware-doctor/
Diamond Geezer
Gone But Not Forgotten
- Joined
- May 2, 2003
- Messages
- 13,884
What I get is as follows
Web Antivirus Alert
Trojan program:
Trojan-clicker.HTML.IFrame.ja
File
http://talkinghorses.co.uk
Action
File contains Trojan program Trojan-clicker.HTML.IFrame.ja
You are advised to terminate the download
-------------------------------------------------
Read this is on the anti-virus forum
http://forum.kaspersky.com/index.php?showtopic=59811
Web Antivirus Alert
Trojan program:
Trojan-clicker.HTML.IFrame.ja
File
http://talkinghorses.co.uk
Action
File contains Trojan program Trojan-clicker.HTML.IFrame.ja
You are advised to terminate the download
-------------------------------------------------
Read this is on the anti-virus forum
http://forum.kaspersky.com/index.php?showtopic=59811
Shadow Leader
At the Start
- Joined
- Nov 9, 2003
- Messages
- 9,884
Hang on, I, as well as others, have had no problem. Was it really necessary for someone (not DG I might add) to start a thread on FF warning people that TH has a trojan horse virus on it?
Colin Phillips
At the Start
Not sure why you're posting that on here, Shads, except to have another dig at Heads.
betsmate
At the Start
- Joined
- Dec 7, 2004
- Messages
- 5,752
Ok let's leave it there. If someone has a concern that is in all of our interests then I would rather hear it than not.
I have alerted Col to the issue and hopefully he will be back in about 40 minutes to look into it.
To reassure anyone, I very much doubt that there has been any change that has been to TH to cause this. If the webserver has become compromised in any way then we will alert the hosts.
In the meantime, be prudent and don't download anything that looks suspicious or that you wouldn't normally have to. Hopefully if there is a problem it is just an isolated incident as many people are not experiencing any issues.
I have alerted Col to the issue and hopefully he will be back in about 40 minutes to look into it.
To reassure anyone, I very much doubt that there has been any change that has been to TH to cause this. If the webserver has become compromised in any way then we will alert the hosts.
In the meantime, be prudent and don't download anything that looks suspicious or that you wouldn't normally have to. Hopefully if there is a problem it is just an isolated incident as many people are not experiencing any issues.
Diamond Geezer
Gone But Not Forgotten
- Joined
- May 2, 2003
- Messages
- 13,884
Have been googling around and found this albeit dated June 06.
This Trojan opens web links without the knowledge or consent of the user. It is an HTML file. The file is 483 bytes in size.
Payload
Once the script is launched, the Trojan creates two hidden frames:
a web page located at the address shown below will be opened in the first frame:
http://82.179.170.11/dia489/
A WMF file located at the address shown below will be opened in the second frame:
http://latech.co.kr/n.wmf
Removal instructions
Delete the Trojan HTML page (the location will depend on how the program originally penetrated the victim machine).
Update your antivirus databases and perform a full scan of the computer
This Trojan opens web links without the knowledge or consent of the user. It is an HTML file. The file is 483 bytes in size.
Payload
Once the script is launched, the Trojan creates two hidden frames:
a web page located at the address shown below will be opened in the first frame:
http://82.179.170.11/dia489/
A WMF file located at the address shown below will be opened in the second frame:
http://latech.co.kr/n.wmf
Removal instructions
Delete the Trojan HTML page (the location will depend on how the program originally penetrated the victim machine).
Update your antivirus databases and perform a full scan of the computer
betsmate
At the Start
- Joined
- Dec 7, 2004
- Messages
- 5,752
Ok just to let you all know. Some nefarious script had managed to work its way on to the www.talkinghorses.co.uk homepage. Root cause is unknown, but basically that is how the Trojan works.
Col (the site owner) has removed the script in question and will alert the webhost.
I have managed to recreate the symptoms that Diamond Geezer identified and personally have experienced no ill effects to my machine and can confirm that nothing was downloaded automatically.
If you access the forum via a bookmark/favourite that bypasses the homepage (with the racing results on it) then you should not be affected.
Most modern browsers are set up to prevent these types of things downloading automatically and it is therefore older versions of browsers that the script looks to exploit.
Anybody with any concerns should follow DG's advice and update your antivirus databases and perform a full scan of the computer.
Apologies for any concerns that this has caused anyone. Unfortunately like any website we are to some extent at the mercy of those with corrupt motives. I will personally be keeping an eye on things to make sure there is no reoccurence.
Thanks to Diamond Geezer for spotting this.
Col (the site owner) has removed the script in question and will alert the webhost.
I have managed to recreate the symptoms that Diamond Geezer identified and personally have experienced no ill effects to my machine and can confirm that nothing was downloaded automatically.
If you access the forum via a bookmark/favourite that bypasses the homepage (with the racing results on it) then you should not be affected.
Most modern browsers are set up to prevent these types of things downloading automatically and it is therefore older versions of browsers that the script looks to exploit.
Anybody with any concerns should follow DG's advice and update your antivirus databases and perform a full scan of the computer.
Apologies for any concerns that this has caused anyone. Unfortunately like any website we are to some extent at the mercy of those with corrupt motives. I will personally be keeping an eye on things to make sure there is no reoccurence.
Thanks to Diamond Geezer for spotting this.