G35Driver - Infiniti G35 & G37 Forum Discussion

G35Driver Feedback & Suggestions NO Car Questions! For posting Feedback, Suggestions or Questions regarding G35Driver website ONLY.

Trojan

Thread Tools
 
Search this Thread
 
Rate Thread
 
  #16  
Old 07-22-2010, 02:25 PM
BuckeyeG's Avatar
Registered User
iTrader: (6)
Join Date: Jan 2006
Posts: 2,123
Received 3 Likes on 3 Posts
Im getting it on myg37 as wel.
 
Reply Like
  #17  
Old 07-22-2010, 04:16 PM
av8or's Avatar
Registered User
Join Date: Jan 2008
Location: escondido, ca
Posts: 381
Likes: 0
Received 6 Likes on 5 Posts
Originally Posted by BuckeyeG
This is what its telling me

The requested URL could not be retrieved

While trying to retrieve the URL:

https://g35driver.com/forums/

The following threat was encountered:

The requested object is INFECTED with the following viruses: HEUR:Trojan.Script.Iframer
same here since yesterday... can't open page on my laptop... viewing this from work..
 
Reply Like
  #18  
Old 07-22-2010, 04:57 PM
GR6RR's Avatar
Registered User
iTrader: (9)
Join Date: Mar 2007
Location: Sonny35 / SOCAL :)
Posts: 4,041
Received 152 Likes on 118 Posts
On the Boat as well. Symentec found isolated and deleted..
 
Reply Like
  #19  
Old 07-22-2010, 10:37 PM
RiversideS13's Avatar
Registered User
iTrader: (2)
Join Date: Jun 2010
Location: Riverside, Loma Linda, Hacienda hts
Posts: 229
Likes: 0
Received 1 Like on 1 Post
yes it is a corporate issued computer too and corperate edition of kaspersky. it is quite annoying that it pop out at every page relate to this forum.
 
Reply Like
  #20  
Old 07-23-2010, 08:33 AM
Robb M.'s Avatar
IB Staff
Join Date: Feb 2010
Location: Barrie, ON
Posts: 658
Received 41 Likes on 28 Posts
We strongly believe that Kapersky & Avast! are throwing a false positive due to some of our iFramed content. There is absolutely no virii on our servers, or linked anywhere in our content. We've done an exhaustive scan since yesterday, with no results.

cheers,
robb
 
Reply Like
  #21  
Old 07-26-2010, 08:27 AM
av8or's Avatar
Registered User
Join Date: Jan 2008
Location: escondido, ca
Posts: 381
Likes: 0
Received 6 Likes on 5 Posts
^^^ short of me turning off kapersky, is there anything else you have done to remedy this? can't even open the page just error report.. viewing this at work...
 
Reply Like
  #22  
Old 07-26-2010, 08:52 AM
Robb M.'s Avatar
IB Staff
Join Date: Feb 2010
Location: Barrie, ON
Posts: 658
Received 41 Likes on 28 Posts
Some users on my350z suggested filing a false positive report to Kapersky.

We are 99% certain this is the case. Tech will do some more digging today once they are in the office however.
 
Reply Like
  #23  
Old 07-26-2010, 04:57 PM
blAk mAx's Avatar
Registered User
iTrader: (4)
Join Date: Oct 2007
Location: o-town & west palm beach FL
Posts: 5,267
Received 354 Likes on 214 Posts
Has anyone sent a report?
 
Reply Like
  #24  
Old 07-26-2010, 06:31 PM
TIAN's Avatar
Hold The Line

iTrader: (20)
Join Date: Oct 2006
Location: SFL
Posts: 17,779
Received 622 Likes on 406 Posts
Checked through Virus Barrier X6 V-10-2 with no flags on my mac.
 
Reply Like
  #25  
Old 07-28-2010, 12:17 AM
blAk mAx's Avatar
Registered User
iTrader: (4)
Join Date: Oct 2007
Location: o-town & west palm beach FL
Posts: 5,267
Received 354 Likes on 214 Posts
What is the fix? I can only view on my iPhone
 
Reply Like
  #26  
Old 07-28-2010, 04:51 AM
K.ste2's Avatar
Registered User
iTrader: (1)
Join Date: Jul 2009
Location: Seattle, WA
Posts: 58
Likes: 0
Received 1 Like on 1 Post
Never liked Kapersky. ESET Nod32 FTW! Never cared for anything else since then.
 
Reply Like
  #27  
Old 07-28-2010, 11:53 AM
spoolinupblue's Avatar
Registered User
iTrader: (3)
Join Date: Nov 2009
Location: Houston, TX
Posts: 291
Likes: 0
Received 2 Likes on 2 Posts
Just did it to me this morning.

Coporate XP pc with TREND.

I went to g35driver and clicked the pic. A box popped up asking me if I wanted to run a file (sorry forgot to screenshot it) and I said cancel. Then my TREND detedted it 3 times. Looks to be something with java.
 
Reply Like
  #28  
Old 07-28-2010, 12:12 PM
Robb M.'s Avatar
IB Staff
Join Date: Feb 2010
Location: Barrie, ON
Posts: 658
Received 41 Likes on 28 Posts
This is what I've got from tech:
Robb, we have scoured the entire database; I've searched as well, we are not finding an issue here. Let's keep a look out still however.
 
Reply Like
  #29  
Old 07-28-2010, 12:24 PM
spoolinupblue's Avatar
Registered User
iTrader: (3)
Join Date: Nov 2009
Location: Houston, TX
Posts: 291
Likes: 0
Received 2 Likes on 2 Posts
if it happens again, I will grab a screenshot for ya
 
Reply Like
  #30  
Old 07-29-2010, 05:43 PM
Bigtime's Avatar
Registered User
iTrader: (1)
Join Date: May 2009
Location: Where the girls are prettier (562), CA
Posts: 702
Received 2 Likes on 2 Posts
This is what Norton is telling this is: MSIE ADODB.Stream Object File Installation Weakness

Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to exploit a remote code execution vulnerability using the RDS.DataSpace Objects.
Additional Information
Microsoft Data Access Components (MDAC) provide components for database access, including functionality for querying local and remote databases of various formats.

The MDAC RDS.Dataspace ActiveX control is prone to a remote code execution vulnerability. This issue exists because the control fails to behave securely when it is hosted on a web page. Sufficient restrictions are not placed on the control to prevent it from performing privileged actions when hosted remotely.

An attacker could exploit this issue to install programs, view, modify, or delete data, or create new user accounts on the computer.
Affected

* Hitachi DA Broker for ODBC 01-00, 01-02
* Hitachi DBPARTNER ODBC 01-00, 01-03, 01-06, 01-11
* Hitachi DBPARTNER2 Client 01-05, 01-12
* Hitachi HITSENSER5 01-00, 01-10, 02-80
* Microsoft MDAC 2.5 SP3, 2.7, 2.7 SP1, 2.8

Response
Workaround:
Microsoft has described various workarounds to help prevent exploitation. Please see the referenced security bulletin for more information.

Solution:
Windows 95/98/ME users should obtain fixes from the Windows Update website.

Fixes are available:

Microsoft MDAC 2.8.0 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 Service Pack 1 (KB911562)


Microsoft MDAC 2.8.0 SP2:
Microsoft Patch Security Update for Windows XP x64 Edition (KB911562)
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Windows Server x64 Edition (KB911562)


Microsoft MDAC 2.5 SP3:
Microsoft Patch Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB911562) - English


Microsoft MDAC 2.7 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.7 Service Pack 1 (KB911562)


Microsoft MDAC 2.8 :
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 (KB911562)

Possible False Positives
There are no known false positives associated with this signature.
Additional References

* CVE-2006-0003
* CVE-2006-3510
* Vulnerability in the MDAC Function Could Allow Remote Code Execution
* Microsoft Security Bulletin MS06-014
* SecurityFocus BID: 10514
* SecurityFocus BID: 17462
* SecurityFocus BID: 18900
I don't know what this means, but I hope it helps.
 
Reply Like


You have already rated this thread Rating: Thread Rating: 0 votes, average.
Show Printable Version
Email this Page

Advanced Search
Quick Reply: Trojan


Reply Closed Thread Share

All times are GMT -4. The time now is 01:20 AM.