Virus from guru ads/attack site
Belicosos Finos
Have just had some popups from antivirus software (sophos in this case) with some virus warnings as Ive been reading through guru
virus identified is Mal/Iframe-G and the ad (or at least the site generating it) is
www.fun6677.com/ js / index.htm (without spaces)
virus identified is Mal/Iframe-G and the ad (or at least the site generating it) is
www.fun6677.com/ js / index.htm (without spaces)
Yang Whirlwind
Thank you for bringing this to our attention.
I have forwarded your information and the link containing the virus should be removed shortly.
I have forwarded your information and the link containing the virus should be removed shortly.
Raven Wing
I' ll just mention I had the same.
Raven Wing
and another:
http://adserver.mmoguru.com/defaulta...eaderboard.php
In this case its avast! discovering it.
http://adserver.mmoguru.com/defaulta...eaderboard.php
In this case its avast! discovering it.
Fates
Warning: Visiting this site may harm your computer!
The website at www.guildwarsguru.com contains elements from the site www.fun6677.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for www.fun6677.com.
The website at www.guildwarsguru.com contains elements from the site www.fun6677.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for www.fun6677.com.
Ultimate Flash
If you're afraid of websites loading scripts without your knowledge I suggest you use Firefox and the addon No Script. Stay away from IE if you can!!
link to find Firefox www.mozilla.org
link to download No Script addon http://noscript.net/
This way you can block any Javascript, Java, or Flash from loading any questionable software/malware on you system.
link to find Firefox www.mozilla.org
link to download No Script addon http://noscript.net/
This way you can block any Javascript, Java, or Flash from loading any questionable software/malware on you system.
Painbringer
1 Before locked
Report to site feedback or moderator 1st before causing mass panic.
There is also a snapview.ock that keeps tring to load. BTW
P.S. clean your browsing history
Report to site feedback or moderator 1st before causing mass panic.
There is also a snapview.ock that keeps tring to load. BTW
P.S. clean your browsing history
Misa
same here
avast blocked the same thing from guru (http://www.fun6677.com/)
avast blocked the same thing from guru (http://www.fun6677.com/)
stretchs
This is unfortunately a common occurrence here, be sure to have script stopping/blocking on your browser can/will help, but as anyone knows anywhere you go on the net could lead to bad places
Jensy
Yeah, I have FF with noscript and I'm not getting any warnings O_o
Feathermoore Rep
Thats a message generated by Google Chrome. I actually just received the same message. It automatically checks the websites against its own database of reported malware/spyware/harmful websites and automatically lets you know when your browser directs to one, stops you, and asks if you wish to proceed.
I just accepted the warning and went on browsing. W/ith the ads its really no surprise that its registers as malware.
I just accepted the warning and went on browsing. W/ith the ads its really no surprise that its registers as malware.
Neez
Malware is found by Avira everytime I open a thread, whichever it is.
Quote:
Quote:
Virus or unwanted program 'HTML/Dldr.Iframe.JI [virus]'
detected in file 'C:\Documents and Settings\n"\Local Settings\Temporary Internet Files\Content.IE5\35SGBZRM\index[1].htm.
Inde
Thanks everyone. Resolved.
KZaske
I have warning from Avira concering malware and redirects from not one but two different web sites along with two pop-unders are from yieldmanager.com (cpxinteractive.com) and quizrocket.com. The site seems to reset itself about once every two minutes
Neez
Looks like it has been solved.

KZaske
Everything seems to be fine now. Thanks Inde for getting this taken care of so quickly.
cosyfiep
I just got a very strange warning from avg (yea I have it paid for for the next 2 years not going to change now)....I have attached a screen shot of the warning...its really late so my brain is not computing what it means other than I should just go to bed now----(and maybe I should not us chrome).
bsoltan
I'm getting this today:

Whenever I visit any page on Guru.
Edit: Yep same one cosyfiep. Chrome + Nod32.

Whenever I visit any page on Guru.
Edit: Yep same one cosyfiep. Chrome + Nod32.
Lord of kryta
I'm getting it as well, using eset.
baltazar knight
ESET NOD32 and Avira Premium found it, so probaly no false positive.
It tries to acces your computer without your permission. Everyone without antivirus will have troubles.
Description as it isn't clear:
Contains recognition pattern of the ''HTML/Dldr.Lframe.JL'' HTML script virus.
Metatail
That's a cool pic you got there sir.
Malice Black
It's a running issue. It's due to goggle ads and not Inde trying to haxxor your computer. PM the details to Inde/kzap and they'll get it removed.
dan_dv
When i browse to Guildwarsguru with IE, I get two warnings from Norton Internet Security about infected file beeing removed.
code1101
I just got it on my free avg antivirus ... its true guys.
a yellow bar apears on the top of the windows asking to run a realplayer activex ... when i clicked it a virus tried to enter my PC
a yellow bar apears on the top of the windows asking to run a realplayer activex ... when i clicked it a virus tried to enter my PC
thig
Well theres a simple solution to it all...don't use a insecure browser like Internet Explore. Switch to Firefox and install the no script plugin.
papryk
CE Devilman
just on guru webpage..
thral
Avast keeps blockng something for me so yeah...
Schmerdro
I use Firefox with the NoScript extension and I never got any kind of warning from my AVG anti-virus.
Lesson: Don't use shitty web-browsers.
Lesson: Don't use shitty web-browsers.
ag3ntblak
http://i8.photobucket.com/albums/a8/...gurutrojan.jpg
http://s8.photobucket.com/albums/a8/...consistent.jpg
Almost every thread I goto in guru is downloading this trojan into my computer. Is this why this forum is always so laggy?
http://s8.photobucket.com/albums/a8/...consistent.jpg
Almost every thread I goto in guru is downloading this trojan into my computer. Is this why this forum is always so laggy?
baltazar knight
http://www.guildwarsguru.com/forum/s...=1#post4485326
h**p://www.safe6699.com/js/index.htm
Avira detected it.
I'm using Firefox.
h**p://www.safe6699.com/js/index.htm
Avira detected it.
I'm using Firefox.
IattackU
Quote:
Originally Posted by Schmerdro

I use Firefox with the NoScript extension and I never got any kind of warning from my AVG anti-virus.
Lesson: Don't use shitty web-browsers. Same here except I use Avast and not AVG.
Haven't gotten a message at all and I actually just installed NoScript after I read this.
Lesson: Don't use shitty web-browsers. Same here except I use Avast and not AVG.
Haven't gotten a message at all and I actually just installed NoScript after I read this.
just call me jimmy
Call me crazy but shouldn't the Moderators of Guru be informing their members of Trojans on their website? Regardless of who is at fault, the fact is people are at risk by just loading your website. I would say you have an obligation too inform people, of any risk loading Guru, what you are doing to fix it, and what your community should do if they receive these Trojan messages.
To the people that said "I use Firefox so no worries" I am sorry to say this, but you all have the IQ of a pea. Please uninstall the internet immediately, as you are a risk to it not blowing up.
Here is what my AVG picked up.
Trojan Horse Downloader Generic c .ACM - count29.51yes.com
hope you get it fixed
To the people that said "I use Firefox so no worries" I am sorry to say this, but you all have the IQ of a pea. Please uninstall the internet immediately, as you are a risk to it not blowing up.
Here is what my AVG picked up.
Trojan Horse Downloader Generic c .ACM - count29.51yes.com
hope you get it fixed
Inde
We're aware everyone and taking care of it (and to Jimmy, sometimes we sleep. It's a bad habit I know. So when it takes us an hour or two to know of an issue it's just because my IV of caffeine hadn't started yet to wake me up). Thank you for the updates.
The Rift
I get the same message from my avg as most people here do.
my question is tough : should we ingnore it or rather leave guru off for the moment till it is fixed by you?
my question is tough : should we ingnore it or rather leave guru off for the moment till it is fixed by you?
just call me jimmy

http://www.youtube.com/watch?v=yo3uxqwTxk0
Hopefully makes you laugh Inde, while having what will probably be an annoying day!!!
Necro Quink
Well, i have been on guru the whole day (using IE7) and didnt had any problem.
bsoltan
FYI: Getting this now as soon as I visit the forums

seut
firefox / google
Dmitri3
http://safebrowsing.clients.google.c...rum/usercp.php
Quote:
Site is listed as suspicious - visiting this web site may harm your computer.
Quote:
Quote:
Of the 25 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-08, and the last time suspicious content was found on this site was on 2009-02-08. Malicious software includes 1 scripting exploit(s). Successful infection resulted in an average of 12 new processes on the target machine. Malicious software is hosted on 1 domain(s), including safe6699.com/. This site was hosted on 1 network(s) including AS33070 (RMH). EDIT: Had to disable safe browsing just to post this. I'd expect a drop in traffic from people who use Firefox or Google Chrome if this isn't fixed soon. |