[Dark Hunter]

Avast is currently freaking out over a JavaScript whenever I access a page on Hard Light.

Gives the name as "JS: Iframe-AHV", and classifies it as a Trojan.

Maybe Avast is being overzealous, but thought you folks should know just in case.

EDIT: Also, only happens on Firefox. Chrome doesn't give the same warning.

[An4ximandros]

Anyone else's thread list suddenly gotten HUEG? Using Chrome, by the way.

[Dark Hunter]

Yes, that too.

[Qent]

Mine, Firefox. I also get a bar saying that additional plugins are required to view the page.

[NGTM-1R]

Anyone else's thread list suddenly gotten HUEG? Using Chrome, by the way.

Confirming for Firefox and Chrome.

[rev_posix]

Nope, not a virus.  Should be good now

[Dark Hunter]

Hmm... still getting it when I go to post a message. Otherwise it's gone.

[Fury]

Nope, not a virus.  Should be good now

What was it?

[yuezhi]

Avast declaring war on Java?

and there was a little side discussion on Java elsewhere

[FUBAR-BDHR]

HLP Mantis being in maintenance mode a result of this or is there actually maintenance going on?

[rev_posix]

Yes, sorry, mantis access is back.  Side effect from the backups I restored from.

[Fury]

Assuming this was an actual virus infection again, perhaps it would be time to consider scrapping this old server and starting from scratch? This trend is honestly worrisome.

[rev_posix]

Umm, no, not a virus.  It was an attack that injected the redirect code into the php files.

And yes, I agree that the server needs to be nuked and repaved with current versions of apache, php, and so on.

However, as we do not have remote console access in case something goes wrong and the OS will not boot, not to mention it's not 'our' machine (HLP and it's hosted sites are not the primary site, nor does it have it's name on the hosting bills/account), it's not that simple, nor is it something that I'm comfortable or willing to do.

That being said, I have made a tweak to the install at a filesystem level.  I don't know for sure if it will prevent it, we will have to see, but I'm hopeful that until the server is rebuilt, it will help prevent these things.

[Lorric]

Anyone else's thread list suddenly gotten HUEG? Using Chrome, by the way.

It's doing that for me now. It wasn't before, I've read this topic before.

[karajorma]

Avast is giving me warnings again.

[headdie]

avast + chrome and no warnings

[niffiwan]

Just wondering if you guys have considered using apache mod_security in front of the HLP websites?  At work we used this as a stop-gap measure until we could select & install a "real" web application firewall in front of our websites.

[karajorma]

Here we go again. Avast just started complaining again.

[Fury]

Yup.

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aJS%2fBlacoleRef.CZ&threatid=2147679781

[0rph3u5]

Same here but not sure its the same malware my AV is on about as Fury's

Details:
Web-Seite:http://www.hard-light.net/forums/
Gefundene Viren: JS:Trojan.JS.Iframe.DC