Virus through site?

[pulli]

Hi there,

Can it be that this site is infected with a small virus? My virus scanner seems to trigger on each page load - and I can also verify it manually. Each page load creates an executable local application datafolder; something like:

%appdata%/local/0.XXXXXX.exe

with XXXXXX being random numbers. This executable immediatelly spawns a process & seems to try (though in a very crude way - virus scanners should immediatelly notify you) to the windows registry & startup data.

I'm not really sure if it is the site - but I keep getting this file each pageload from the forums. And I tested it with other forums and I never get the virus there! The virus is identified with 'IDP.GenericN.5D5293F3'

[Dorjan]

Hi there. The quantcast tag seemed to have been bringing in a java-app. It has been removed.

We're investigating what the hell happened but it seems likely they were compromised at this time. We'll keep you informed.

edit1:
DO NOT GO TO THIS LINK
http://www.opengl.org/cache/yCNrSgWJULcGEJJe.html
DO NOT GO TO THIS LINK

The link that was posted goes to opengl.org's cache service. This delivers some sort of exe that is run locally. I do not want to investigate the exe so I just terminated it and am now currently scanning my system to see if any damage was done. I'll let you know what you need to do (if anything).

Hell this might be a false alarm. Lets hope!

Still, this had nothing to do with our servers

[Elly]

It was a java script tag at quantcast (http://www.quantcast.com/) the site analytics people which was causing problems. Rush has removed it now as we don't use quantcast any more since moving to google. I don't know why it was causing a ding though.

[Siege Valgore]

Smart move going with Google Analytics. They are and have been for some time now, the best.

[pulli]

just to inform you: it is back (though now "idp.program." is the signature of the threat).

[VHD]

Yep, I'm still getting alerts that Chrome needs to install a Java plugin.

[Diab]

Not sure if this is related or not but after going to a page in the trade values forum, my Avast blocked something:

http://img99.imageshack.us/img99/2305/avastblocked1.png
http://img266.imageshack.us/img266/8...stblocked2.png

[The Lord of Darkness]

This happened to me twice a couple hours ago. What's the deal?

[The Lord of Darkness]

Do something about your damn site. My AV is going nuts when I visit this site.

[NBarnes]

Is this related to the <****** src=http://www.spiderwebforums.com
html that's being appended to everybody's forum posts?