Hi,
a really need an idea how to fix/analyze this problem.
I administer the Forum of a non profit Org here in Germany fightig the illnes "Borreliose".
Approx. 1 Week ago some user were reporting possible Malware Infections due to their Scanners when visiting the Forum (sometimes even when visiting the Website).
Till today, only AVAST and KASPERSKY are reporting those malware.
I tried everything i could by myself.
1. Installed Windows in a VM and tested several Malware/Virus Scanners.
Avast: Trojan AGENT-CIW
Kaspersky: Malware URLs like
"Tamara-wyss.de/esd.php" or "elektroblitz-service.de/css/cnt.php" were called (external URLS, not related to the forum)
When checking those urls only "OK" is rhe output.
All other scanners like Symantec/Norton etc did not report anything. Even external Webscanners like securi etc did not report anything.
2. i installed a clean mybb forum on a complete new server.
No reports when visiting with kaspersky or avast.
Then restoring the DB Backup (no other files like images etc were included): The scanners avast and kaspersky showed the same HITS.
3. I grepped for those URLs inside the DB Dump... even Base64 encoded. Nothing was found.
I really have no further clue at this point and i am really in need of assitance.
1. Is it really an Malware Infection or maybe a "false alarm" ?
2. how can i hunt down the infected file or maybe the infected forum post ?! (The malware mentions are happening on EVERY forum page visit)
i am really hoping for help here. In the mybb community i get no response at all :/
Thnx in advance
PS: I know, it is not a "normal pc infection"...but i did not know where to ask :/
PPS: I just checked againt.
Now NORTON/SYMANTEC gets a hit too: Neutrino Exploit Kit Website 4
But after som reasearch: That exploit kit attacks java... but mybb forum ist no java!
I am really stuck at this point.
Just added another scanner: ESET NOD32 gets no hits at all on the forum
Clean report while surfing.
Strange, 3 Scanners reported different (possible) malware.
Norton reported the exploit kit, but now it reports nothing.
Eset reports nothing at all, like other scanners too.
I really need an opinion IF there is malware inside the forum or if those hits were false positives.
(Which is not good for the reputiation of the forum)
a really need an idea how to fix/analyze this problem.
I administer the Forum of a non profit Org here in Germany fightig the illnes "Borreliose".
Approx. 1 Week ago some user were reporting possible Malware Infections due to their Scanners when visiting the Forum (sometimes even when visiting the Website).
Till today, only AVAST and KASPERSKY are reporting those malware.
I tried everything i could by myself.
1. Installed Windows in a VM and tested several Malware/Virus Scanners.
Avast: Trojan AGENT-CIW
Kaspersky: Malware URLs like
"Tamara-wyss.de/esd.php" or "elektroblitz-service.de/css/cnt.php" were called (external URLS, not related to the forum)
When checking those urls only "OK" is rhe output.
All other scanners like Symantec/Norton etc did not report anything. Even external Webscanners like securi etc did not report anything.
2. i installed a clean mybb forum on a complete new server.
No reports when visiting with kaspersky or avast.
Then restoring the DB Backup (no other files like images etc were included): The scanners avast and kaspersky showed the same HITS.
3. I grepped for those URLs inside the DB Dump... even Base64 encoded. Nothing was found.
I really have no further clue at this point and i am really in need of assitance.
1. Is it really an Malware Infection or maybe a "false alarm" ?
2. how can i hunt down the infected file or maybe the infected forum post ?! (The malware mentions are happening on EVERY forum page visit)
i am really hoping for help here. In the mybb community i get no response at all :/
Thnx in advance
PS: I know, it is not a "normal pc infection"...but i did not know where to ask :/
PPS: I just checked againt.
Now NORTON/SYMANTEC gets a hit too: Neutrino Exploit Kit Website 4
But after som reasearch: That exploit kit attacks java... but mybb forum ist no java!
I am really stuck at this point.
Just added another scanner: ESET NOD32 gets no hits at all on the forum
Clean report while surfing.
Strange, 3 Scanners reported different (possible) malware.
Norton reported the exploit kit, but now it reports nothing.
Eset reports nothing at all, like other scanners too.
I really need an opinion IF there is malware inside the forum or if those hits were false positives.
(Which is not good for the reputiation of the forum)
