+- Drunkard's Walk Forums (http://www.accessdenied-rms.net/forums)
+-- Forum: General (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=1)
+--- Forum: Forums (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=3)
+--- Thread: Trojan in the Images thread (/showthread.php?tid=13160)
Trojan in the Images thread - RMH999 - 11-19-2018
My Malwarebytes is saying there's a Trojan on pages 3&4 of the latest Images thread - pages 1&2 don't trigger anything.
RMH
RE: Trojan in the Images thread - Bob Schroeck - 11-19-2018
Thanks for the alert.
RE: Trojan in the Images thread - Bob Schroeck - 11-19-2018
Does Malwarebytes give any specifics? My work's security suite isn't reporting anything, and I don't see anything manually digging through the page and its various resources, although that's far from a guarantee.
RE: Trojan in the Images thread - RMH999 - 11-19-2018
(11-19-2018, 08:28 AM)Bob Schroeck Wrote: Does Malwarebytes give any specifics? My work's security suite isn't reporting anything, and I don't see anything manually digging through the page and its various resources, although that's far from a guarantee.
Sorry - at work now (it was my home PC). When I get home I'll pull up what it gave me.
RE: Trojan in the Images thread - Bob Schroeck - 11-19-2018
Thanks. I'll also try looking at it from home as well.
RE: Trojan in the Images thread - RMH999 - 11-19-2018
Well, it's not popping up now, but here's the log report from Malwarebytes
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 6:16 AM
Log File: 98b76848-ebec-11e8-a9fa-7085c2224384.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7913
License: Premium
-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [60452]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(end)
RE: Trojan in the Images thread - robkelk - 11-19-2018
That's my ISP, but not my IP address.
Should I forward this to the sysadmins?
RE: Trojan in the Images thread - RMH999 - 11-19-2018
Well, I tried bouncing through a couple of different threads. I'm only getting Trojan alerts in threads that Robkelk has posted in, but not all. Same IP address, but different ports for the reports.
Trojan reports
Images thread, page 3&4.
Erma thread (last page)
Complain about the weather thread – page 1
No reports
Images thread page 1&2
2 of the Politics threads
Two of the threads that Rob didn’t post in the Introductions forum came up clean as well. It looks like it’s something with the images, but that doesn’t explain no reports for Image thread 1&2, since Rob posted in both of them.
(is molecular biologist, not computer person, so this is about as much as I can give you)
*** edit to add a couple of the reports
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 9:00 PM
Log File: 15749f92-ec68-11e8-a089-7085c2224384.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium
-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [63030]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(end)
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 8:57 PM
Log File: 9ad4ae8a-ec67-11e8-a9eb-7085c2224384.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium
-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [62938]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(end)
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 8:51 PM
Log File: caf51542-ec66-11e8-983f-7085c2224384.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium
-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [62787]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(end)
RE: Trojan in the Images thread - RMH999 - 11-19-2018
And now this thread is giving me Trojan alerts... so it's not something to do with images.
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 9:24 PM
Log File: 74ca8990-ec6b-11e8-980c-7085c2224384.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium
-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [63549]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(end)
RE: Trojan in the Images thread - robkelk - 11-19-2018
I've tried something. Could you reload and check a couple of those pages again, please?
In the meantime, I've forwarded one of your log reports to ncf.ca
RE: Trojan in the Images thread - RMH999 - 11-19-2018
Nothing coming up this time. Checked 3 of the threads that were giving me reports and none of them flagged. Looks like what you did took care of it.
RMH
RE: Trojan in the Images thread - robkelk - 11-19-2018
What I did was change my image avatar from being hosted at web.ncf.ca to being hosted here. Looks like my ISP's web server might be infected. (Folks, if I've sent you an email lately, you might want to deep-scan it...) Since I've already forwarded a log report, the ball's in their court.
RE: Trojan in the Images thread - Bob Schroeck - 11-20-2018
Oh, cool. I mean, sorry your ISP might be infected, but I'm glad it's not the boards outright. And thank you for working this out between you; between a dentist appointment and prepping for US Thanksgiving, I never even got a chance to look at the forums last night.
RE: Trojan in the Images thread - robkelk - 12-19-2018
Heard from the sysadmins today:
Quote:Thanks for the report regarding Malwarebytes blocking web.ncf.ca. There was a hosted site that was serving malicious content, and Malwarebytes flagged our domain as potentially dangerous.
We've removed the malicious content in question, and spoken to Malwarebytes. The domain block will be removed in their next update.
RE: Trojan in the Images thread - Bob Schroeck - 12-19-2018
Thanks for the update, Rob.