Jump to content

Mapcore Trojan

e-freak

By e-freak
in Off-Topic

 Share

Recommended Posts

  • Replies 142
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Thrik

Thrik

Posted
Posted

Try going to some other phpBB 3 forums that have similar pages to the one where you get the virus warning.

It seems more likely it's a false positive as I don't see how a genuine virus could possibly be there.

e-freak

e-freak

Posted
  • Author
Posted

It seems phpbb3 is online but I still get the warning with Avira Antivir... :?

If it isn't fixed in the new version, i'll upload it at Antivir so they check if it's bad or not.

same here

and i get it on the now blank index page. that's hilarious...

Thrik

Thrik

Posted
Posted

The only thing on the index page that I can see causing a false positive is the Javascript that preloads images and such. That's generated by phpBB though and I don't think you can get rid of it without causing problems somewhere.

Is it just one shit virus software reporting this or is it happening with lots of software? And have you tried other phpBB 3 boards (which presumably also have the Javascript) to see what happens?

"I'm getting it again" is honestly 500% unhelpful and doesn't help us track down the problem at all. Unless you want to keep enjoying the detections you must look into it a little. :cool:

Mojo

Mojo

Posted
Posted

lol, gg IE.

I loaded with IE here at work. Nothing.

All that is on the front page is just some php loading the background and the Background image itself. The front page used to grab stuff from the forums which might mimic how that trojan works. The thumbnail images were either submitted by Frie, Klein or myself, so unless one of us made some crazy iamge h4x, I think its safe to assume its not mapcore.

If you get it, take a screenshot and report what software you are using, instead of "omg its back"

Fergo

Fergo

Posted
Posted

Here it is:

th_Screenshot91.png

Only using Firefox, MSN, ICQ, ZoneAlarm (firewall), my screencap app and Avira Antivir.

It finds the "trojan" always in the Firefox temporary folder, and it seems to be only triggered when I load the mapcore portal for the first time (of course, after that Avira deny the access to the file, but when I reboot the problem comes back).

Fergo

-Stratesiz-

-Stratesiz-

Posted
Posted

It's real. The site tries to randomly ask me to install a microsoft data remote access something, but my virus program terminates my IE session as soon as I get the message on top of the browser. Doesn't sound too unintentional or unhostile to me.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...