My Malwarebytes is saying there's a Trojan on pages 3&4 of the latest Images thread - pages 1&2 don't trigger anything.
RMH
RMH
|
Trojan in the Images thread
|
Thanks for the alert.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold....
Does Malwarebytes give any specifics? My work's security suite isn't reporting anything, and I don't see anything manually digging through the page and its various resources, although that's far from a guarantee.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold....  (11-19-2018, 08:28 AM)Bob Schroeck Wrote: Does Malwarebytes give any specifics? My work's security suite isn't reporting anything, and I don't see anything manually digging through the page and its various resources, although that's far from a guarantee. Sorry - at work now (it was my home PC). When I get home I'll pull up what it gave me.
Thanks. I'll also try looking at it from home as well.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold....
Well, it's not popping up now, but here's the log report from Malwarebytes
-Log Details- Protection Event Date: 11/19/18 Protection Event Time: 6:16 AM Log File: 98b76848-ebec-11e8-a9fa-7085c2224384.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7913 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: web.ncf.ca IP Address: 206.47.12.13 Port: [60452] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) 
RE: Trojan in the Images thread
11-19-2018, 07:22 PM (This post was last modified: 11-19-2018, 07:23 PM by robkelk.)
That's my ISP, but not my IP address.
Should I forward this to the sysadmins?
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown Forever neighbours, never neighbors
RE: Trojan in the Images thread
11-19-2018, 09:17 PM (This post was last modified: 11-19-2018, 09:19 PM by RMH999.)
Well, I tried bouncing through a couple of different threads. I'm only getting Trojan alerts in threads that Robkelk has posted in, but not all. Same IP address, but different ports for the reports.
Trojan reports Images thread, page 3&4. Erma thread (last page) Complain about the weather thread – page 1 No reports Images thread page 1&2 2 of the Politics threads Two of the threads that Rob didn’t post in the Introductions forum came up clean as well. It looks like it’s something with the images, but that doesn’t explain no reports for Image thread 1&2, since Rob posted in both of them. (is molecular biologist, not computer person, so this is about as much as I can give you) *** edit to add a couple of the reports -Log Details- Protection Event Date: 11/19/18 Protection Event Time: 9:00 PM Log File: 15749f92-ec68-11e8-a089-7085c2224384.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7927 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: web.ncf.ca IP Address: 206.47.12.13 Port: [63030] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) -Log Details- Protection Event Date: 11/19/18 Protection Event Time: 8:57 PM Log File: 9ad4ae8a-ec67-11e8-a9eb-7085c2224384.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7927 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: web.ncf.ca IP Address: 206.47.12.13 Port: [62938] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) -Log Details- Protection Event Date: 11/19/18 Protection Event Time: 8:51 PM Log File: caf51542-ec66-11e8-983f-7085c2224384.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7927 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: web.ncf.ca IP Address: 206.47.12.13 Port: [62787] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)
And now this thread is giving me Trojan alerts... so it's not something to do with images.
-Log Details- Protection Event Date: 11/19/18 Protection Event Time: 9:24 PM Log File: 74ca8990-ec6b-11e8-980c-7085c2224384.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7927 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: web.ncf.ca IP Address: 206.47.12.13 Port: [63549] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)
RE: Trojan in the Images thread
11-19-2018, 09:42 PM (This post was last modified: 11-19-2018, 09:57 PM by robkelk.)
I've tried something. Could you reload and check a couple of those pages again, please?
In the meantime, I've forwarded one of your log reports to ncf.ca
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown Forever neighbours, never neighbors
Nothing coming up this time. Checked 3 of the threads that were giving me reports and none of them flagged. Looks like what you did took care of it.
RMH
RE: Trojan in the Images thread
11-19-2018, 10:07 PM (This post was last modified: 11-19-2018, 10:08 PM by robkelk.)
What I did was change my image avatar from being hosted at web.ncf.ca to being hosted here. Looks like my ISP's web server might be infected. (Folks, if I've sent you an email lately, you might want to deep-scan it...) Since I've already forwarded a log report, the ball's in their court.
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown Forever neighbours, never neighbors
Oh, cool. I mean, sorry your ISP might be infected, but I'm glad it's not the boards outright. And thank you for working this out between you; between a dentist appointment and prepping for US Thanksgiving, I never even got a chance to look at the forums last night.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold....
Heard from the sysadmins today:
Quote:Thanks for the report regarding Malwarebytes blocking web.ncf.ca. There was a hosted site that was serving malicious content, and Malwarebytes flagged our domain as potentially dangerous.
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown Forever neighbours, never neighbors
Thanks for the update, Rob.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold.... |
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 3 Guest(s)