Jump to content

ZN.O Virus?

meatwad
 Share

Recommended Posts

meatwad Newbie

meatwad

Posted
Posted

I just noticed that when i came to the site, Java tried to pop up and my anti-virus freaked out. Mods, you might want to look at the status of the site... I think it might be trying to attack us.

If no one else noticed this, then I might be on crack, but I'm usually pretty good with computer stuff and thought this might be going on. Anyone confirm?

Zippysgotagun Newbie

Zippysgotagun

Posted
Posted
I just noticed that when i came to the site, Java tried to pop up and my anti-virus freaked out. Mods, you might want to look at the status of the site... I think it might be trying to attack us.

If no one else noticed this, then I might be on crack, but I'm usually pretty good with computer stuff and thought this might be going on. Anyone confirm?

Ditto for me, but I'm at work where most java functionality is disabled, so it just told me it couldn't run a .jar file (that's a java program).

ksu sucks Newbie

ksu sucks

Posted
Posted

That hasn't happened to me but for whatever reason the past couple days my browser has been magnifying the screen whenever I go on ZNO. It's hard to explain but everything looks a little blurry. Perhaps this is related? BTW, it can't be my user controls because it does it when I'm not signed in but just browsing the site. I haven't experienced this issue with any other site.

Dave in Green Newbie

Dave in Green

Posted
Posted

Yep, someone needs to get on top of this quickly. Every time I visit ZN.O now, my Microsoft Security Essentials pops up a severe threat warning that the JS/Decdec.A virus has been detected and needs to be immediately removed. ZN.O is apparently planting a malicious code in the browser cache. Here's what the Microsoft Malware Protection Center has to say in part:

Summary

Virus:JS/Decdec.A is detection for certain malicious JavaScript code injected in HTML pages. The virus will execute on user computers that visit compromised websites.

Symptoms

Virus:JS/Decdec.A uses obfuscation techniques, sometimes in multiple layers, in order to hide its functionality. The malicious script will insert in the current document either an <iframe> or a <script> tag pointing to another malicious HTML page or JavaScript code.

Infection symptoms will vary among variants due to any number of possible code instruction combinations.

Microsoft Malware Protection Center Link

ksu sucks Newbie

ksu sucks

Posted
Posted
Yep, someone needs to get on top of this quickly. Every time I visit ZN.O now, my Microsoft Security Essentials pops up a severe threat warning that the JS/Decdec.A virus has been detected and needs to be immediately removed. ZN.O is apparently planting a malicious code in the browser cache.

Joy. Both last night and this morning my browser(firefox) crashed the second I clicked "main forums page" on ZNO's homepage.

Dave in Green Newbie

Dave in Green

Posted
Posted

I'm using Windows XP SP3 with all the latest updates and Internet Explorer 8. The file that's getting flagged by Microsoft Security Essenstials in my browser cache is:

index[1].htm

When I have MSE clean my computer, it deletes that file from my browser cache and says my computer is clean. But if I refresh the page and ZN.O is reloaded, the MSE alert box pops right back up and identifies that the file is back again and flags it as a virus.

Since this has only just started in the last 24 hours, it appears there may have been a modification to the index.htm file on ZN.O.

zip37 Newbie

zip37

Posted
Posted

I had same message earlier, could not get anything xcpt msg on tool bar line.

It's AOK now, I e-mailed webmaster & was told he would look into it. I just came back & could log on.

Dave in Green Newbie

Dave in Green

Posted
Posted

I lied about having all the latest updates. ;)

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

So I used Windows Explorer to check my browser cache, and found that there is no longer a copy of index.htm placed in the cache when I visit ZN.O. Instead, there is only an index.php file. So maybe the latest version of Java handles things differently in the browser.

Anyone still having a problem may want to try manually updating to the latest version of Java.

Blue & Gold Grand Master

Blue & Gold

Posted
Posted

I just experienced the problem too. It lasted for about an hour(ish?). My security blocked ZNO & said it was trying to "attack" my computer. I'm not a computer guy, so I have no idea what that really means. All I know is that I was able to logon this time.

Hilltopper Mentor

Hilltopper

Posted
Posted
I lied about having all the latest updates. ;)

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

So I used Windows Explorer to check my browser cache, and found that there is no longer a copy of index.htm placed in the cache when I visit ZN.O. Instead, there is only an index.php file. So maybe the latest version of Java handles things differently in the browser.

Anyone still having a problem may want to try manually updating to the latest version of Java.

I didn't change a thing since the last time I tried to access ZNO and I am no longer getting the security warning. Win XP and IE8.

Dr Z Community Regular

Dr Z

Posted
Posted

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

Java Downloads for all OS

Note: No need if you have a Mac it's built into your OS.

Zip Watcher Rookie

Zip Watcher

Posted
Posted
I lied about having all the latest updates. ;)

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

So I used Windows Explorer to check my browser cache, and found that there is no longer a copy of index.htm placed in the cache when I visit ZN.O. Instead, there is only an index.php file. So maybe the latest version of Java handles things differently in the browser.

Anyone still having a problem may want to try manually updating to the latest version of Java.

I didn't change a thing since the last time I tried to access ZNO and I am no longer getting the security warning. Win XP and IE8.

I'd love to say that I got right on it and found the source of the problem, but I haven't yet.

Please do keep us advised if the problem resurfaces.

I run Firefox on Ubuntu .. so I'm not that concerned with viruses locally, but do want to be sure your favorite site isn't attacking you.

ZW

ZachTheZip Newbie

ZachTheZip

Posted
Posted

I don't get anything like that, either from MSE or Ad-Aware. But then again, I avoid both IE and Firefox like the plague. I also have the latest version of Java, Adobe flush, and all those other security hole-ridden programs that we can't seem to browse without.

meatwad Newbie

meatwad

Posted
  • Author
Posted

For the record, I haven't noticed it since yesterday morning. Perhaps it is gone?

One computer I was running Firefox and Vista and the other one I was running Firefox and XP.

Glad I wasn't nuts and I wasn't the only one that noticed this.

Dave in Green Newbie

Dave in Green

Posted
Posted

The fact that the problem appeared across multiple browsers and operating systems suggests that it originated on the ZN.O server, and was not a problem related to a specific browser or operating system.

Since it was short-lived and apparently went away without anyone's intervention, it was most likely caused by a temporary, self-correcting glitch with a corrupted file on the ZN.O server/software. It's also possible, but far less likely, that some hacker may have been messing around with ZN.O.

The key point to me is that my MSE was consistently flagging a file from ZN.O in my browser cache called index.htm every time it was downloaded. The problem went away when index.htm was no longer downloaded from ZN.O to my browser cache, and only index.php appeared. If the problem should reappear, I'll make a copy of the index.htm file before having MSE delete it from my browser cache. Studying the offending index.htm file might give clues as to what's going on.

In any case, it's always good for someone to bring up problems like that so that many forum members can offer input, which can lead to a quick resolution.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...