JS.Trojan.Seeker-based

JS.Trojan.Seeker-based (Full Version)

All Forums >> [General] >> General Discussion

Message

Janusz -> JS.Trojan.Seeker-based (9/20/2001 12:27:00 AM)
Everytime i visit www.matrixgames.com i got message "Virus JS.Trojan.Seeker-based found" ???

Paul Vebber -> (9/20/2001 3:39:00 AM)
Hmmm, we will look into it, but trojans are typically not spread via websites, but direct insertion, or email. HAs anyone else seen this? CHeck an anti-virus website like www.norton.com you may be the one infected? [ September 19, 2001: Message edited by: Paul Vebber ] [ September 19, 2001: Message edited by: Paul Vebber ]

New York Jets -> (9/20/2001 6:37:00 AM)
I have been getting virus detect messages from my anti-virus program (Norton 2001)when I access the website. Please advise.

Paul Vebber -> (9/20/2001 7:40:00 AM)
Which virus? I have that same software and it says my system and the pages are clean??

Les_the_Sarge_9_1 -> (9/20/2001 8:39:00 AM)
Hey guys, having gotten a virus only twice in my time computing, and once it was likely a wargame related download, (another site though), this all seems to point to the virus affected individuals having not kept their anti virus totally up to date (as was the case in my case). This is absolutely vital when downloading stuff that is essentially stuff that involves running programs. This advice is the stuff most would call obvious, but we obviously hear of lots of people that forget the obvious. In both cases my computer acted funny until I got suspicious and updated anti virus. Which is the point where it first noticed the offending virus. And I must say I know of numerous individuals that even run computers without anti virus protection. Some people say anti virus programs are "intrusive" on the computers operational performance". But then there are no small number of people that say the same of condums too for that matter. Currently I see nothing wrong with Matrix myself. It is clearly obvious that anyone with a hassle getting here, has a bug that affects online performance. And that is clearly the problem of the users computer. Which is in my view, potentially the reason for many "bug" reports in game performance. Cause I have yet to ever see anything ever go wrong in any of my games (other than bad strategies heheh).

New York Jets -> (9/20/2001 9:14:00 AM)
quote: Originally posted by Paul Vebber: Which virus? I have that same software and it says my system and the pages are clean?? The next time I get it I will record it and let you know. Thank you.

New York Jets -> (9/20/2001 11:03:00 AM)
quote: Originally posted by Paul Vebber: Which virus? I have that same software and it says my system and the pages are clean?? Paul, When I go from the entry page to the main menu page I get the following alert from Norton 2001 File: Program Object:Windows Script Host Shell Activity: RegWrite I hope this helps. Thanks.

Big Bill -> (9/23/2001 9:21:00 AM)
When I first got Norton 2001 I had warnings when any of my reguler programs tried to write to the disk. Look at your Norton configuration and see if you can set it to let matrix have access.

New York Jets -> (9/23/2001 12:22:00 PM)
Thank you, Bill. I'm still a little new to some of the technical aspects of this stuff.

Janusz -> (9/24/2001 12:14:00 AM)
OK - next info I use AVP (Kaspersky Lab) and one of the newest version MSIE. Today I turn off AVP Monitor and vist www.matrixgames.com and ... MSIE can't load site ... and don't responding. then I turn on AVP Monitor - web site loads and AVP Monitor "found Virus: JS.Trojan.Seeker-based"

GI Seve -> (9/24/2001 4:10:00 AM)
Well I have experinece this just once. Actually right when I logged in today (23.9 at 11.55 pm). My F-Prot virus detector made that virus alert(Finnish based but multiracially upkeeped virus protection program www.datafellows.com). I said that there were some trojan horse virus on this site. I suggest Matrix administrator to check his system with his virus protection programs latest updated version urgently!!!

Tombstone -> (9/24/2001 6:13:00 AM)
I was getting this from my home machine, but not from my work machine. I was getting the reg write warning from Norton AV. I reinstalled Norton, and went through the live update and everything seems to be ok, but on a side note although none of my files appear to be infected I cannot complete a full system scan with NAV. Dunno, could be something there... Tomo

David Heath -> (9/24/2001 7:56:00 AM)
Hi Guys We use a virus program on our servers and I am sure its not the server. If it was the server EVERY one would have the problem.

KING -> (9/25/2001 12:16:00 AM)
That virus comes to me too from matrixgames.com. I just sended email to Forums administrators before I saw this topic. I use also F-Prot Anti-Virus. If there is not virus in Matrixgames, then there must be some other thing which causes that. Perhaps spyware or something which alarms Anti-Virus. That "virus" wasn�t there few weeks ago when I last time visited in Forums. Have you there in Matrixgames installed some new software or done some changes to pages code or so? Matrixgames.com is the only site which causes that Trojan warning.

Paulus Pak -> (9/25/2001 2:46:00 AM)
I'm sorry but I posted a new topic before reading this. I have exactly the same problem as CHRIS TROG. What's going on??

sinner -> (9/25/2001 7:52:00 AM)
A suggestion from an IT professional: Can you guys move the whole web to an Apache-based webserver? Apache (which runs on WindowsNT, Linux, FreeBSD, AIX, Solaris...) is known for its solidity and securiy. Qwest carries Apache as well. MS-IIS + Windows2000 , unfortunately are not very secure nor reliable. How difficult it would be to do move the whole site? Apache supports .asp and things usualy considered "Microsoft only". You would get better reliability (uptime), if managed in a usual way, no security issues, is less expensive (if you have to pay for the software, like Qwest. So I do not know if this actualy translates to the "end users", like MatrixGames), better handling of heavy traffic loads, less resource-intensive (so the same machine can do more work)... and no users complaining about a worm gotten from your site. Please check the Gartner Group on MS-IIS here: http://www3.gartner.com/DisplayDocument?doc_cd=101034 Gartner Group Salut, Sinner

Paul Vebber -> (9/25/2001 8:11:00 AM)
See my post on the shockwave applet - there is no worm.

nexus -> (9/25/2001 11:19:00 PM)
quote: Originally posted by Janusz: Everytime i visit www.matrixgames.com i got message "Virus JS.Trojan.Seeker-based found" ??? hello. after reading this thread i just checked my system f. viruses. and there was one found in windows/system/..... named "Trojan ???". But i don�t know if i got this thru this webside....could be possible i think. what does such a "trojan" ??? anyone knows?

Paul Vebber -> (9/26/2001 12:56:00 AM)
It lets a hacker access your computer. They are commonly used to perform massive denial of service attacks against web sites. They are commonly inserted into your computer remotely. Anybody that has an IP address that does not change routinely is vulnerable to having a trojan inserted by hacker activity (they are effectively "broadcast" to vulnerable groups of IP addresses and then the hacker waits for those that are successful to report in. They are typically not distributed via a website. We have up to date virus protection on our servers and if you do not have firewall, and have a cabla modem of other type of connection that uses semi-permanant IP address, then you are vulnerable to have one of these programs sent via the internet to your system. THe bottom line is if you rely on your computer and spend a lot of time on the web, invest in personal firewall softwall as well as virus detection

nexus -> (9/26/2001 3:51:00 AM)
quote: Originally posted by Paul Vebber: It lets a hacker access your computer. They are commonly used to perform massive denial of service attacks against web sites. They are commonly inserted into your computer remotely. Anybody that has an IP address that does not change routinely is vulnerable to having a trojan inserted by hacker activity (they are effectively "broadcast" to vulnerable groups of IP addresses and then the hacker waits for those that are successful to report in. They are typically not distributed via a website. We have up to date virus protection on our servers and if you do not have firewall, and have a cabla modem of other type of connection that uses semi-permanant IP address, then you are vulnerable to have one of these programs sent via the internet to your system. THe bottom line is if you rely on your computer and spend a lot of time on the web, invest in personal firewall softwall as well as virus detection do trojan�s delete save games??? overnight all my saved games from SPWAW are gone!! all files in save directory are gone,except an old outosave on slot 1. i�m SHURE i did not deleted them,�cause there were 2 campaigns ongoing. yesterday i downloaded WIR 3.1, btw.... i don�t know what it was,but it�s deleted by my anti virus program.

Paul Vebber -> (9/26/2001 4:38:00 AM)
What was deleted by your anti-virus program...?? Trojans don't typically delete anything but in effect can give control of your PC to a remote operator, just like PC anywhere does. I just DL'd the Wir 3.1 Win and scanned it for viruses and it had none.

Big Bill -> (9/26/2001 5:53:00 AM)
After I was infected with a trojin horse I downloaded Zone Alarm's free firewall, after a year I haven't had any problems with this type of attack. This Trogin horse problem is more prevelent with someone using a high speed connection. The hackers use a bot program to scan the internet for these connections and then place the Trojin, Zone Alarm makes your computer invisable to this kind of attack. It's free and it works.

nexus -> (9/26/2001 11:21:00 PM)
quote: Originally posted by Big Bill: After I was infected with a trojin horse I downloaded Zone Alarm's free firewall, after a year I haven't had any problems with this type of attack. This Trogin horse problem is more prevelent with someone using a high speed connection. The hackers use a bot program to scan the internet for these connections and then place the Trojin, Zone Alarm makes your computer invisable to this kind of attack. It's free and it works. hello and thanx. can you give me the website adress please??

majama -> (10/2/2001 2:01:00 AM)
I have comunicat by my AVP Monitor : Virus : JS.Trojan.Seeker-based in C:\Windows\temporary internet...content.IE5\CP6VCT2Z\default(1).js AVP cannot remove this virus : dangerous situacion i MUST LESS TRUST MATRIX SITES ? majama

Paul Vebber -> (10/2/2001 2:13:00 AM)
No, We have and continue to monitor the site for viruses, this appears to be a flase alarm caused by Macromedia SHockwave. Neither Norton nor mcAfee says there are any virus present.

majama -> (10/3/2001 4:38:00 AM)
OK, thanks

Halgary -> (10/5/2001 6:20:00 PM)
quote: Originally posted by Paul Vebber: No, We have and continue to monitor the site for viruses, this appears to be a flase alarm caused by Macromedia SHockwave. Neither Norton nor mcAfee says there are any virus present. Hope so. This troyan jumped on me when I went to see info about Combat Leader. Strangely enough, it didn't happen when I used Opera, but when I switched to IExplorer... WHAM! I feel a bit nervous, since my anti-virus -program says it can't be removed. I'm using F-Secure anti-virus software, if that helps.

Paul Vebber -> (10/5/2001 9:40:00 PM)
Script based viruses are generally pretty obvious if you "view source" of the web page. If you "view source" and there is a block of code that calls registry edits, creating or renaming files etc, then you have to watch out. Unfortunately in an attempt to get "protection" out there many products just block all scripts period. Once they get a bit more sohisticated, there will "false alarm" less often. We take site security very seriously, but the script threat is one that a coule minutes of investigation of the source can clear up as a valid concern, or a false alarm. We need the specific page link that caused teh problem, the virus checker and version, and a copy of any suspicious script you find for a report of web virus to be helpful.

Halgary -> (10/6/2001 7:57:00 PM)
Hmm. Every page on your server that has some kind of Flash-animation causes this. I think I'll report this to F-secure. Propably a bug in the anti-virus -software. I'm using F-Secure Anti-Virus 5.30 build 7262 [ October 07, 2001: Message edited by: Halgary ]

Galahad -> (10/7/2001 6:13:00 AM)
I encountered the virus alert as well. Hopefully, this information will help. It seems to be most prevelant on the link to the new napoleon game page. I use Norton Anti Virus, and just updated the virus definitons two or three days before finding the alert here. The alert is a was a registry edit script. Norton gave me the option of ending the script, which I did. That shut down all open windows of Internet Explorer. I tried again on a different and expendable platform. I ran a virus check, and it was virus free. I went to the Nap game page, and allowed the script to run. No apparaent effects, BUT A virus scan then showed an infection with the WScript.KakWorm virus. Hope this helps. Galahad (Formerly Repo Man, with all of 6 posts)

Page: [1] 2 next > >>

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

4.75