phpBB • Creating Communities Worldwide

[DjDoxy]

Warning: This post contains links to virus... be careful and do not clic them unless you know what you are doing

One of my user have a strange problem:

When he posts on the forum, his messages are altered by a "virus" and finaly look like this:

have you seen this?
[link removed (some one is bound to try the link) - karlsemple]

... real message here...

Dont forget to see [link removed (some one is bound to try the link) - karlsemple]

or like that:

... real message here...
just look [link removed (some one is bound to try the link) - karlsemple]

Note: I left the URL as is, except that I added a space to avoid any of you to clic by error on the link... as it is linked to a virus !

I asked the concerned user to check his machine with a antivirus, but no virus were found.

I checked, this "show.exe" contains a virus (a Trojan named "Peacomm") .

I tried to use the word censoring, but if it correctly mask the display of the link, the URL is still valid and it is still possible to clic on the link and go to the malicious page.

So I have 2 questions:

- Does anybody ever heard of such a virus (or malware or whatever its name is) and know a way to clean up the user's machine
- Is it normal that the censoring only affect the URL display and not the actual link ?

[espicom]

Anyone who downloads an EXE file and ignores the warnings of their browser and/or antivirus software is, well, let's avoid using derogatory names right now.

Cleaning it out involves letting the antivirus software do its job. If the attack has been out for more than 24 hours and the user's antivirus software has not been updated to detect it yet, they should submit the information to the AV company to have them fix that.

[DjDoxy]

Anyone who downloads an EXE file and ignores the warnings of their browser and/or antivirus software is, well, let's avoid using derogatory names right now.

I agree, but remember that not all users are as experienced as we are.
Some people does not even now what "an EXE file" is.

By the way, there is a new URL in this user messages:
[link removed (some one is bound to try the link) - karlsemple]

[DjDoxy]

[link removed (some one is bound to try the link) - karlsemple]

Oops
Sorry, I did not see that the URL was concealed in my original message.

[ChrisRLG]

DjDoxy

here we would not be able to assist you or the member to get clean.

Not sure if the provision of this link here would be counted as spam either - if so - I am sorry Mods - done only to provide assistance.

This is NOT a link to my own forum - but a link to a 'federation' of forums that assist victims of malware - any forums on that list would be able to assist you both, in making sure you are both clean from malware.

http://asap.maddoktor2.com/