Jump to content

ZN.O Virus?

meatwad
 Share

Recommended Posts

meatwad Newbie

meatwad

Posted
Posted

I just noticed that when i came to the site, Java tried to pop up and my anti-virus freaked out. Mods, you might want to look at the status of the site... I think it might be trying to attack us.

If no one else noticed this, then I might be on crack, but I'm usually pretty good with computer stuff and thought this might be going on. Anyone confirm?

Link to comment
Share on other sites
Zippysgotagun Newbie

Zippysgotagun

Posted
Posted
I just noticed that when i came to the site, Java tried to pop up and my anti-virus freaked out. Mods, you might want to look at the status of the site... I think it might be trying to attack us.

If no one else noticed this, then I might be on crack, but I'm usually pretty good with computer stuff and thought this might be going on. Anyone confirm?

Ditto for me, but I'm at work where most java functionality is disabled, so it just told me it couldn't run a .jar file (that's a java program).

Link to comment
Share on other sites
ksu sucks Newbie

ksu sucks

Posted
Posted

That hasn't happened to me but for whatever reason the past couple days my browser has been magnifying the screen whenever I go on ZNO. It's hard to explain but everything looks a little blurry. Perhaps this is related? BTW, it can't be my user controls because it does it when I'm not signed in but just browsing the site. I haven't experienced this issue with any other site.

Link to comment
Share on other sites
Dave in Green Newbie

Dave in Green

Posted
Posted

Yep, someone needs to get on top of this quickly. Every time I visit ZN.O now, my Microsoft Security Essentials pops up a severe threat warning that the JS/Decdec.A virus has been detected and needs to be immediately removed. ZN.O is apparently planting a malicious code in the browser cache. Here's what the Microsoft Malware Protection Center has to say in part:

Summary

Virus:JS/Decdec.A is detection for certain malicious JavaScript code injected in HTML pages. The virus will execute on user computers that visit compromised websites.

Symptoms

Virus:JS/Decdec.A uses obfuscation techniques, sometimes in multiple layers, in order to hide its functionality. The malicious script will insert in the current document either an <iframe> or a <script> tag pointing to another malicious HTML page or JavaScript code.

Infection symptoms will vary among variants due to any number of possible code instruction combinations.

Microsoft Malware Protection Center Link

Link to comment
Share on other sites
ksu sucks Newbie

ksu sucks

Posted
Posted
Yep, someone needs to get on top of this quickly. Every time I visit ZN.O now, my Microsoft Security Essentials pops up a severe threat warning that the JS/Decdec.A virus has been detected and needs to be immediately removed. ZN.O is apparently planting a malicious code in the browser cache.

Joy. Both last night and this morning my browser(firefox) crashed the second I clicked "main forums page" on ZNO's homepage.

Link to comment
Share on other sites
Dave in Green Newbie

Dave in Green

Posted
Posted

I'm using Windows XP SP3 with all the latest updates and Internet Explorer 8. The file that's getting flagged by Microsoft Security Essenstials in my browser cache is:

index[1].htm

When I have MSE clean my computer, it deletes that file from my browser cache and says my computer is clean. But if I refresh the page and ZN.O is reloaded, the MSE alert box pops right back up and identifies that the file is back again and flags it as a virus.

Since this has only just started in the last 24 hours, it appears there may have been a modification to the index.htm file on ZN.O.

Link to comment
Share on other sites
Dave in Green Newbie

Dave in Green

Posted
Posted

I lied about having all the latest updates. ;)

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

So I used Windows Explorer to check my browser cache, and found that there is no longer a copy of index.htm placed in the cache when I visit ZN.O. Instead, there is only an index.php file. So maybe the latest version of Java handles things differently in the browser.

Anyone still having a problem may want to try manually updating to the latest version of Java.

Link to comment
Share on other sites
Hilltopper Experienced

Hilltopper

Posted
Posted
I lied about having all the latest updates. ;)

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

So I used Windows Explorer to check my browser cache, and found that there is no longer a copy of index.htm placed in the cache when I visit ZN.O. Instead, there is only an index.php file. So maybe the latest version of Java handles things differently in the browser.

Anyone still having a problem may want to try manually updating to the latest version of Java.

I didn't change a thing since the last time I tried to access ZNO and I am no longer getting the security warning. Win XP and IE8.

Link to comment
Share on other sites
Zip Watcher Rookie

Zip Watcher

Posted
Posted
I lied about having all the latest updates. ;)

I have my Java set to manual rather than automatic update, and hadn't updated in awhile. I just finished manually updating to the latest version of Java, returned to ZN.O, and did not get a Microsoft Security Essentials warning.

So I used Windows Explorer to check my browser cache, and found that there is no longer a copy of index.htm placed in the cache when I visit ZN.O. Instead, there is only an index.php file. So maybe the latest version of Java handles things differently in the browser.

Anyone still having a problem may want to try manually updating to the latest version of Java.

I didn't change a thing since the last time I tried to access ZNO and I am no longer getting the security warning. Win XP and IE8.

I'd love to say that I got right on it and found the source of the problem, but I haven't yet.

Please do keep us advised if the problem resurfaces.

I run Firefox on Ubuntu .. so I'm not that concerned with viruses locally, but do want to be sure your favorite site isn't attacking you.

ZW

Link to comment
Share on other sites
meatwad Newbie

meatwad

Posted
  • Author
Posted

For the record, I haven't noticed it since yesterday morning. Perhaps it is gone?

One computer I was running Firefox and Vista and the other one I was running Firefox and XP.

Glad I wasn't nuts and I wasn't the only one that noticed this.

Link to comment
Share on other sites
Dave in Green Newbie

Dave in Green

Posted
Posted

The fact that the problem appeared across multiple browsers and operating systems suggests that it originated on the ZN.O server, and was not a problem related to a specific browser or operating system.

Since it was short-lived and apparently went away without anyone's intervention, it was most likely caused by a temporary, self-correcting glitch with a corrupted file on the ZN.O server/software. It's also possible, but far less likely, that some hacker may have been messing around with ZN.O.

The key point to me is that my MSE was consistently flagging a file from ZN.O in my browser cache called index.htm every time it was downloaded. The problem went away when index.htm was no longer downloaded from ZN.O to my browser cache, and only index.php appeared. If the problem should reappear, I'll make a copy of the index.htm file before having MSE delete it from my browser cache. Studying the offending index.htm file might give clues as to what's going on.

In any case, it's always good for someone to bring up problems like that so that many forum members can offer input, which can lead to a quick resolution.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...