ChrisH Posted March 21, 2009 Share Never had to worry about this stuff cos I've always worked on Mac. Even the Virus writers don't write software that runs on a Mac. Link to comment Share on other sites More sharing options...
Matt Posted March 21, 2009 Share I've done a quick search on this warning and here's what Symantec has to say: "Trojan.Giframe is a generic detection for specially crafted GIF images that may contain HTML tags that redirect users to malicious websites." http://www.symantec.com/security_response/writeup.jsp?docid=2008-082500-0801-99&tabid=2 I'm trying to pin point the image which is causing this. I presume it's someone's avatar or a picture in their post which has come from another site. If you know the exact page (URL) you where on when you received this warning please let me know or send me a screenshot if it happens again - it will be a great help and should speed up the process. Link to comment Share on other sites More sharing options...
Azonic Posted March 21, 2009 Share Can't you just run a SQL query on your user table where avatar URL NOT LIKE 'www.thehubsa.co.za' ? Should point out all externally linked avatars. I myself have an external avatar, JPG though hosted on my own server. Link to comment Share on other sites More sharing options...
Matt Posted March 21, 2009 Share Can't you just run a SQL query on your user table where avatar URL NOT LIKE 'www.thehubsa.co.za' ? Should point out all externally linked avatars.I myself have an external avatar' date=' JPG though hosted on my own server.[/quote'] Thanks, Will do that now! It could also be in a post or signature as well which makes it more difficult to track down. It seems that in most reports of this on other sites the Antivirus actually gives the URL of the offending image. If you have received this warning please check on the Antivirus log if the actual image is specified. Thanks Link to comment Share on other sites More sharing options...
Sammajoor Posted March 21, 2009 Share Matt Can you please check why we can not flip to the last page of the post.. You have to go page by page Link to comment Share on other sites More sharing options...
Azonic Posted March 21, 2009 Share Yep, I saw this morning at 1am already that the dropdown boxes don't fire. Link to comment Share on other sites More sharing options...
4ph3X Posted March 21, 2009 Share my dropdown box works fine... i just get these messages. Link to comment Share on other sites More sharing options...
JimFrase Posted March 21, 2009 Share The GIF/Iframe!generic was detected in SMILEY25[1].GIF. File Status: File was cured; system cure performed. Link to comment Share on other sites More sharing options...
JimFrase Posted March 21, 2009 Share The GIF/Iframe!generic was detected in EDIT_POST_ICON[1].GIF. File Status: File was cured; system cure performed. Link to comment Share on other sites More sharing options...
JimFrase Posted March 21, 2009 Share DELETE_SM[1].GIF File was cured; system cure performed GIF/Iframe!generic EDIT_POST_ICON[1].GIF File was cured; system cure performed GIF/Iframe!generic POST_BUTTON_SMILEY[1].GIF File was cured; system cure performed GIF/Iframe!generic POST_BUTTON_IMAGE[1].GIF File was cured; system cure performed GIF/Iframe!generic POST_BUTTON_HYPERLINK[1].GIF File was cured; system cure performed GIF/Iframe!generic NEW_POLL[1].GIF File was cured; system cure performed GIF/Iframe!generic REPORT_ICON[1].GIF File was cured; system cure performed GIF/Iframe!generic SMILEY12[1].GIF File was cured; system cure performed GIF/Iframe!generic SMILEY25[1].GIF File was cured; system cure performed GIF/Iframe!generic Link to comment Share on other sites More sharing options...
Matt Posted March 22, 2009 Share So all seems to be back to normal again aside from email notifications which I'm looking into now. So those interested the "Virus" was a malicious IFRAME which was injected into our pages. After a bit of research it seems this can happen through vulnerabilities on the server or compromised FTP accounts which allow 3rd parties to inject malicious IFRAMES into the code of legitimate websites. I've taken this up with our Web hosts and have changed all FTP access details using much stronger passwords. Hopefully this won't happen again. But I suggest that everyone ensures that they have a good, up to date, Anti virus installed. There are some good free ones available: AVG - http://free.avg.com/ Avast - http://www.avast.com/ I'm sure some members can suggest others too. If you still have trouble with menus disappearing or drop downs not working try pressing Ctrl + F5 to force a page refresh (thanks CVANC). Link to comment Share on other sites More sharing options...
markStockton Posted March 22, 2009 Share Sadly the problem continues. Link to comment Share on other sites More sharing options...
Guest Big H Posted March 22, 2009 Share Sadly the problem continues. Huh?????............... I have been "clean" since last night?????? Link to comment Share on other sites More sharing options...
turtlek Posted March 22, 2009 Share yup m,y anti virus is working overtime still and i dont have drop down menues and i cant go to the last page of the threads unless i page through them individually [} Link to comment Share on other sites More sharing options...
wackwack Posted March 22, 2009 Share Mine is still going mad!!!!! Link to comment Share on other sites More sharing options...
Azonic Posted March 22, 2009 Share Could be that your browser is still loading site images from your internet cache. I recommend everyone delete all their temp internet files, history and cookies and see if this still occurs. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now