AG still setting off anti-virus alerts!

[builthatch]

randomly my anti-virus program (avast!) will warn me about AG. this happens without any real pattern and this site is the only one that does it. it's been happening for a while...it was fixed when it got really bad...then it started again. the problem is, once it does it, that thread will not work or it won't let me reply.

for instance, because of the alert, now i can't reply to this thread - http://www.autogeekonline.net/forum...8051-light-scrathes-aluminum-door-sill-2.html

what's the story? i'm going to see if i can report a false positive the next time to see if that helps. but, what makes it happen? this is the only vbulletin forum, or any forum, for that matter, where this happens for me.

 

[AdminAdmin is verified member.]

does it give you the name of the the alert, or what it is? I will do a search and see if I can find anything. Sometimes there could be hidden scripts inside images or links that go to a website that has been flagged. Do you remember any of the other post that gave you a warning.

 

[AdminAdmin is verified member.]

its very odd i just check and we are currently in the green with avg-
http://www.avgthreatlabs.com/website-safety-reports/domain/autogeekonline.net

let me know if you find another thread.

 

[SonOfOC]

randomly my anti-virus program (avast!) will warn me about AG. this happens without any real pattern and this site is the only one that does it. it's been happening for a while...it was fixed when it got really bad...then it started again. the problem is, once it does it, that thread will not work or it won't let me reply.

for instance, because of the alert, now i can't reply to this thread - http://www.autogeekonline.net/forum...8051-light-scrathes-aluminum-door-sill-2.html

what's the story? i'm going to see if i can report a false positive the next time to see if that helps. but, what makes it happen? this is the only vbulletin forum, or any forum, for that matter, where this happens for me.

This happened right around the Autopia site takeover. You will need to go into avast and disable web scanning or add "Autogeek" URL into the exclusion list.

 

[builthatch]

thanks. i'll do that next. i'm not totally comfortable having a site excluded just in case there is a real threat but at least i'll be able to use the forum without issue!

here is what it says when it happens -

EDIT: welp, AG image attachment size limits strike again. hold on...let me go host it somewhere else :sheesh:

here:

 

[builthatch]

in addition to the above, here is another thread that did it:

http://www.autogeekonline.net/forum/off-topic/88116-improve-autogeekonline-phone-app-suggestion.html

i'm not going to add AG to my exclusions list. i hate to do that but i have no choice, haha.

 

[joe_sun]

Getting the same error, here's a screen shot

 

[Mike PhillipsMike Phillips is verified member.]

Recently I've seen a number of old thread brought back to life. Nothing wrong with this in my book because in most cases the information contained is just as relevant today as when the thread was created.

That said,

I've noticed a bunch of old threads and even new threads replied to by new members and the posts are more or less gibberish. At least the single sentence doesn't really align with the conversation taking place in the thread.

So I hit the Quote reply so I can then go to Editor Mode and take a peak at their code and I've been noticing a common denominator and that is the new person making the post has included a picture file that ends in .png

But the picture doesn't show up?

I recently remarked about this new trend in a thread that was just moved to the Moderators forum for these reasons.

However, I documented my reply by taking a screen shot to show you instead of copying and pasting my reply.


Here's the screenshot....

Maybe someone with a lot of spam background can shed some light?

 

[dpk20x]

Darn you Lupemartin!!

 

[joe_sun]

Recently I've seen a number of old thread brought back to life. Nothing wrong with this in my book because in most cases the information contained is just as relevant today as when the thread was created.

That said,

I've noticed a bunch of old threads and even new threads replied to by new members and the posts are more or less gibberish. At least the single sentence doesn't really align with the conversation taking place in the thread.

So I hit the Quote reply so I can then go to Editor Mode and take a peak at their code and I've been noticing a common denominator and that is the new person making the post has included a picture file that ends in .png

But the picture doesn't show up?

I recently remarked about this new trend in a thread that was just moved to the Moderators forum for these reasons.

However, I documented my reply by taking a screen shot to show you instead of copying and pasting my reply.


Here's the screenshot....

Maybe someone with a lot of spam background can shed some light?

Okay so I know I'm new here but I've been a lurker for a while and just decided to sign up.

This is been intriguing me so I did some research tonight and it seems that code can be embedded into a .png file that when saved onto a server can spread a virus.

Here's an article I found

PNG Image Metadata Found Leveraging iFrame Injections | Threatpost | The first stop for security news

 

[Mike PhillipsMike Phillips is verified member.]

Okay so I know I'm new here but I've been a lurker for a while and just decided to sign up.

Welcome to AutogeekOnline! :welcome:

This is been intriguing me so I did some research tonight and it seems that code can be embedded into a .png file that when saved onto a server can spread a virus.

Here's an article I found

PNG Image Metadata Found Leveraging iFrame Injections | Threatpost | The first stop for security news

Excellent, excellent Super Sluething!


I was intrigued (and interested), in how a tiny little .png file hidden from view in a message could cause trouble but the article you linked to explained it very well.

I did show this thread to the Admin last night for our forum and he was aware of the problem associated with the malware being used in .png files and told me to delete every post by andara


I'll pass this info along to our Moderators and moving forward, ANYTIME we our our forum members see a new member join and start to post one-liner gibberish replies to new or older threads then please REPORT it so at least someone can take a look to see if the .png file is in fact in their posts.

By the way, anyone that knows their way around vBulletin can do this. Simply use the QUOTE reply to snag the full text of the persons post and then view it in Editor Mode.


How to use the "Editor Mode" to break a single quoted message up into smaller quoted sections



Great intro post by adding the missing pieces to this puzzle Joe.


:dblthumb2:

 

[aim4squirrels]

That is good stuff.

I reported a post early Sunday morning as somebody ran through the board and ring up about 15 posts with that kind of gibberish. One was even in a thread about a sale that was long over.

I figured they were attempting to take advantage of a long weekend before anyone would catch on.

 

[dpk20x]

Yeah I saw that guy lupemartin do the same thing a couple weeks ago.

I just assumed he was spamming and thought it was funny that his picture wasn't working. I had no idea it was a virus.

 

[joe_sun]

if I might make a suggestion, could you set it so that you need a minimum number of posts before you can attach a file?

 

[joe_sun]

if I might make a suggestion, could you set it so that you need a minimum number of posts before you can attach a file?

come to think of it it might just be simpler if you could restrict images to only .jpg?

 

[Mike PhillipsMike Phillips is verified member.]

Just found and removed 2 more members posting .png malware


What I find is it's usually a new member posting a very fluffy one-line or gibberish.

You can see the .png file if you "quote" them and then look at their post in Editor Mode.

YOu can also see it if you click on their name and from the drop down list choose,

Find more posts by ________


When you click that optoin a list of all their posts will show up and the code for the .png file will be visible like this,

So stay alert and if in doubt... report the member and be sure to include in the comment that you think they are a .png spammer.

 

[stalker878]

Hi moderators,

this seem to be a problem again. it keeps setting off Avast AV. The AV basically blocks the site completely, and I cannot access it without pausing protection.

I have sent a report to avast, awaiting their reply

 

[RedXray]

Hi moderators,

this seem to be a problem again. it keeps setting off Avast AV. The AV basically blocks the site completely, and I cannot access it without pausing protection.

I have sent a report to avast, awaiting their reply

I added autogeek as an exclusion and all is good. Must be a false/positive deal since only Avast users are effected.

 

[DaveT435]

Ok, one of you guys that knows computers or viruses. If there is a link or picture that isn't showing up in one of these threads and you click on it will it infect your computer? McAfee recently found a virus on my computer and I'm wondering if maybe that's where it came from??

 

[AdminAdmin is verified member.]

do you have a url we can look at. its most likely its a false positive but would like to look further.
thanks.