Firefox7

I only joined this forum a couple of days ago, and my firewall has detected 2 Trojan Horse viruses from posting here - particularly when using direct thread links from email addresses where replies to posts here are sent.

The virus is Trojan Horse SHeur.CBNJ

This is a key register virus that will log *any* keystrokes you make - so beware if using online banking/credit card details, online shopping or anything where personal details are logged.

It's taken me over three hours to remove this from my computer.

Regrettably, I will not be using this forum again - sorry, it's just too risky. Administrators - you need to get this sorted out, and *FAST*

Shame....

jdr

Are you sure it`s here ?
With thousands of hits a day and you with only three posts, it seems a bit strange no one else has got them.

Ka Ora!

Only three results in Google http://www.google.com/search?hl=en&q...G=Search&meta=

betris

I got two two days ago( variant win32/spy perfkey trojan.)( win32/ spy perfkey NAA trojan) but it proberly came from the big jug girly sites.at least you know your virus protection is working.no big deal some times you get attacked.some times you dont.

ibbytravel

If anyone else has seen this on BritishExpats, please do let us know as soon as possible. Information that would be helpful to be us:

• The URL of the page you were visiting when you received the anti-virus warning
• Anything you can tell us about any ads running on the page, such as what companies' ads were being shown, if they were text ads or image ads
• What type of browser you are using (e.g. Internet Explorer, Firefox, etc.)
• What type of anti-virus software you're using (Norton Antivirus, Symantec, etc.)
• The name of the virus your anti-virus software is detecting, if that's available

Thanks for your help with this.

twyntub

Sheur.xxx signifies that it's from the heuristics engine of AVG, and it's probably a false positive (AVG, like other AV products, can and will provide false positive reports). I remember writing some software for a very large global business a few years back and it briefly brought down their entire IT network - pure fluke, but some of the code looked to their well known and expensive AV software like a virus...

Of course, if I did have an infection, and had spent three hours cleaning my PC... then the very last place I would go is right back to the forum I suspected I'd got the virus from in the first place, doh!

Still, good job I don't use a PC

poshnbucks

Just got the latest piccy in of Mitzyboys new office

toyboy23

My Kaspersky is very hot on security. My daughters do a lot of ‘strange’ surfing and it leaps into action immediately when anything is found.

I visit BE regularly and absolutely nothing has shown up following my visits. Kaspersky helpfully gives details of where the baddies were located.

When I work on customers’ PCs and find garbage like this it often tracks back to days or weeks before. I suspect this is the case with Firefox7, but I don’t suppose they’ll be coming back any time soon.

Alternatively, maybe it’s an attack of the ‘slagging off BE’ kind?

Beachcomber

Please pardon my scepticism but I find it curious that someone who only joined the forum 'a couple of days ago' allegedly finds two viruses when those of who have been here for several years, presumably with varying types of firewalls and anti-virus programs have never had a problem.

Also, why choose to mention this in the Spain forum rather than 'Site Feedback' or 'The Lab'?

GrapeEater

I suspect so as well, soon as saw FireFox7 as a user name. It's a spoof 99% sure. I have good Virus and Firewall protection. Regular scans have never shown BE as bad. Meafee SiteAdvisor gives it a green light also.

Firefox is a war monger - and we won't be seeing him/her again. Block "Firefox7" I say.

Bijilo123

I was virussed when I visited the site for the Kuwait Scientific Centre - I'm taking the kids there this afternoon so we'll see what happens to them!

twyntub

AVG does have a history of false positives in its heuristics engine, as do many others. And, yes, you're right about the source usually being days or weeks before.

Users, unfortunately, are notoriously poor at understanding virus and trojan technology and behaviour - however this lack of basic C++ / java / win32 PE development experience rarely prevents people sending out knowledgable emails and posts to all and sundry giving a 'detailed warning about the virus'. Yes, that's right, get a virus, then immediately warn everyone you know about it... safe in the knowledge that if you really did have a virus that you've just passed it on to all of your friends!

GrapeEater

Personally I'd pefer this sort of techo-babble in a computer forum. I doubt even 5% of the BE audience have clue about heuristics, false positives or C++ ?

bil

Wow. Just like mine!

twyntub

heuristics engine: in order to try to detect viruses that haven't even been written yet (they come out so quickly, before AV vendors can release the 'fix') - they use something called a heuristics engine as well as 'pattern matching'. This spots computer code that 'looks like it might be a virus' - particular combinations of things that are popular amongst viruses e.g. encryption to prevent detection, certain types of techniques used to replicate, etc. The upside is that this can sometimes detect a virus before it's even been written, if it contains these virus-like attributes. The downside is...

the false positive: your anti-virus software tells you that you have a virus. In reality - you don't... it just thinks you might have. AVG has had several of these in the last year, including one occasion when it targeted anyone that had a copy of Quickbooks...

C++ / etc - that's my point... not understanding how viruses work doesn't prevent people becoming 'experts'... just like the building trade, satellite installation, pool installation, etc here in Spain... everyone's an expert!