Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Malware report on MYBB Forum (really need help :/ )
Message
<blockquote data-quote="dig_it" data-source="post: 142707" data-attributes="member: 14500"><p>Hi,</p><p></p><p>a really need an idea how to fix/analyze this problem.</p><p></p><p>I administer the Forum of a non profit Org here in Germany fightig the illnes "Borreliose".</p><p></p><p>Approx. 1 Week ago some user were reporting possible Malware Infections due to their Scanners when visiting the Forum (sometimes even when visiting the Website).</p><p></p><p>Till today, only AVAST and KASPERSKY are reporting those malware.</p><p></p><p>I tried everything i could by myself.</p><p>1. Installed Windows in a VM and tested several Malware/Virus Scanners.</p><p>Avast: Trojan AGENT-CIW</p><p>Kaspersky: Malware URLs like </p><p>"Tamara-wyss.de/esd.php" or "elektroblitz-service.de/css/cnt.php" were called (external URLS, not related to the forum)</p><p>When checking those urls only "OK" is rhe output.</p><p></p><p>All other scanners like Symantec/Norton etc did not report anything. Even external Webscanners like securi etc did not report anything.</p><p></p><p>2. i installed a clean mybb forum on a complete new server.</p><p>No reports when visiting with kaspersky or avast.</p><p>Then restoring the DB Backup (no other files like images etc were included): The scanners avast and kaspersky showed the same HITS.</p><p></p><p>3. I grepped for those URLs inside the DB Dump... even Base64 encoded. Nothing was found.</p><p></p><p>I really have no further clue at this point and i am really in need of assitance.</p><p></p><p>1. Is it really an Malware Infection or maybe a "false alarm" ?</p><p>2. how can i hunt down the infected file or maybe the infected forum post ?! (The malware mentions are happening on EVERY forum page visit)</p><p></p><p>i am really hoping for help here. In the mybb community i get no response at all :/</p><p></p><p>Thnx in advance</p><p></p><p></p><p>PS: I know, it is not a "normal pc infection"...but i did not know where to ask :/</p><p></p><p>PPS: I just checked againt.</p><p>Now NORTON/SYMANTEC gets a hit too: Neutrino Exploit Kit Website 4</p><p>But after som reasearch: That exploit kit attacks java... but mybb forum ist no java!</p><p>I am really stuck at this point.</p><p><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite111" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" /></p><p></p><p>Just added another scanner: ESET NOD32 gets no hits at all on the forum</p><p>Clean report while surfing.</p><p></p><p>Strange, 3 Scanners reported different (possible) malware.</p><p>Norton reported the exploit kit, but now it reports nothing.</p><p></p><p>Eset reports nothing at all, like other scanners too.</p><p>I really need an opinion IF there is malware inside the forum or if those hits were false positives.</p><p>(Which is not good for the reputiation of the forum)</p></blockquote><p></p>
[QUOTE="dig_it, post: 142707, member: 14500"] Hi, a really need an idea how to fix/analyze this problem. I administer the Forum of a non profit Org here in Germany fightig the illnes "Borreliose". Approx. 1 Week ago some user were reporting possible Malware Infections due to their Scanners when visiting the Forum (sometimes even when visiting the Website). Till today, only AVAST and KASPERSKY are reporting those malware. I tried everything i could by myself. 1. Installed Windows in a VM and tested several Malware/Virus Scanners. Avast: Trojan AGENT-CIW Kaspersky: Malware URLs like "Tamara-wyss.de/esd.php" or "elektroblitz-service.de/css/cnt.php" were called (external URLS, not related to the forum) When checking those urls only "OK" is rhe output. All other scanners like Symantec/Norton etc did not report anything. Even external Webscanners like securi etc did not report anything. 2. i installed a clean mybb forum on a complete new server. No reports when visiting with kaspersky or avast. Then restoring the DB Backup (no other files like images etc were included): The scanners avast and kaspersky showed the same HITS. 3. I grepped for those URLs inside the DB Dump... even Base64 encoded. Nothing was found. I really have no further clue at this point and i am really in need of assitance. 1. Is it really an Malware Infection or maybe a "false alarm" ? 2. how can i hunt down the infected file or maybe the infected forum post ?! (The malware mentions are happening on EVERY forum page visit) i am really hoping for help here. In the mybb community i get no response at all :/ Thnx in advance PS: I know, it is not a "normal pc infection"...but i did not know where to ask :/ PPS: I just checked againt. Now NORTON/SYMANTEC gets a hit too: Neutrino Exploit Kit Website 4 But after som reasearch: That exploit kit attacks java... but mybb forum ist no java! I am really stuck at this point. :( Just added another scanner: ESET NOD32 gets no hits at all on the forum Clean report while surfing. Strange, 3 Scanners reported different (possible) malware. Norton reported the exploit kit, but now it reports nothing. Eset reports nothing at all, like other scanners too. I really need an opinion IF there is malware inside the forum or if those hits were false positives. (Which is not good for the reputiation of the forum) [/QUOTE]
Insert quotes…
Verification
Post reply
Top