Go Back   3D Realms Forums > General Topics > 3DR Forums Help & Assistance

Reply
 
Thread Tools
Old 03-05-2009, 08:32 AM   #1
KleyMEN

KleyMEN's Avatar
Ooo JS:ScriptSH-inf [Trj] Trojan Horse found...
Uh... When I was wandering in the forums, suddenly Avast! started to alarm saying that a trojan horse was found. It says me to abort connection and even if I abort the connection it says that it has found a trojan horse over and over until I close the website... Any explanation to this weird occurence?


Here are details:

File Name: http://forums.3drealms.com/vb/external.php?type=RSS2\{gzip}
Malware Name: JS:ScriptSH-inf [Trj]
Malware Type: Trojan Horse
VPS version: 090305-0, 05/03/2009

__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 09:26 AM   #2
Joe Siegler
Former 3DR Staff

Joe Siegler's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Somehow I doubt that, or everyone would be reporting it. Does it continue to happen, or was it a one time fluke?
__________________
Apogee / 3D Realms Employee: Dec 14, 1992 - May 22, 2009

"Lifting up the Cross to the waiting lost" - Petra | John 3:16
Joe Siegler is offline   Reply With Quote
Old 03-05-2009, 10:34 AM   #3
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Joe Siegler View Post
Somehow I doubt that, or everyone would be reporting it. Does it continue to happen, or was it a one time fluke?
It's persistent. Everytime I come to the forums, it pops and says a trojan horse was found. (And it started today to behave like that.)

Here, an image to show you what kind of a warning i'm getting:

__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 10:35 AM   #4
Phait

Phait's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Sounds like a false-positive. I use Avast and have never gotten this.
__________________
Music: http://www.oquilluksound.com Album: http://machinefaultred.blogspot.com Album Calendar Youtube: http://www.youtube.com/oquilluksound

"but I promise you this, I'll always look out for you, that's what I do" -Coldplay
Phait is offline   Reply With Quote
Old 03-05-2009, 10:37 AM   #5
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Phait View Post
Sounds like a false-positive. I use Avast and have never gotten this.
It's possible, I doubt that there's any malicious software lying behing the forums or something.
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 10:48 AM   #6
IwantMORE

IwantMORE's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Try looking here...

http://forum.avast.com/index.php?topic=41676.0
IwantMORE is offline   Reply With Quote
Old 03-05-2009, 10:55 AM   #7
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by IwantMORE View Post
Thanks, i'll post here if I'll come up with any solutions.

Damn viruses
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 11:21 AM   #8
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I've started getting this exact error today, so unless we've both got the same virus, it's probably something to do with Avast!'s latest update causing a false positive

Edit: the message appears four times on each forum page... is this a subtle way to stop me going to the Post Thread?

Edit 2: this didn't happen last night, and started happening today when I started my computer and immediately went to this site. 'Tis most strange, but hopefully a false positive
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Last edited by Dave-ros; 03-05-2009 at 11:29 AM.
Dave-ros is offline   Reply With Quote
Old 03-05-2009, 11:40 AM   #9
Shielder
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I'd like to point out that the exact same thing has just happened to me as well, and I'm also using Avast.
Shielder is offline   Reply With Quote
Old 03-05-2009, 11:48 AM   #10
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Dave-ros View Post
I've started getting this exact error today, so unless we've both got the same virus, it's probably something to do with Avast!'s latest update causing a false positive

Edit: the message appears four times on each forum page... is this a subtle way to stop me going to the Post Thread?

Edit 2: this didn't happen last night, and started happening today when I started my computer and immediately went to this site. 'Tis most strange, but hopefully a false positive
Damn this is weird...

Now I have to write on the forums while that nuke sign is whirling on the corner of my screen...
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 12:55 PM   #11
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Judging from the source code for the site, it's the RSS script that's triggering Avast!, so hopefully it's just a false positive, and someone hasn't hax0red the site after its move!

---------- Post added at 06:55 PM ---------- Previous post was at 06:15 PM ----------

More useful (?!) information: this only happens in Firefox (and yes, it happened before I updated it to 3.0.7 or whatever) -- doesn't happen in IE7, on which I am writing this. In Firefox it happens throughout the forums.3drealms.com website, even if I'm logged out...
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Dave-ros is offline   Reply With Quote
Old 03-05-2009, 04:46 PM   #12
Shielder
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Just to throw a spanner into the works, it happens to me regardless of the browser i'm using, whether it be IE7, Firefox, Opera, etc...

I've even gone as far as trying to access other vBulletin based forums to see if its something to do with that, but no.
Shielder is offline   Reply With Quote
Old 03-05-2009, 05:06 PM   #13
Joe Siegler
Former 3DR Staff

Joe Siegler's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I use avast at home, and haven't seen this at all.
__________________
Apogee / 3D Realms Employee: Dec 14, 1992 - May 22, 2009

"Lifting up the Cross to the waiting lost" - Petra | John 3:16
Joe Siegler is offline   Reply With Quote
Old 03-05-2009, 05:16 PM   #14
KleyMEN

KleyMEN's Avatar
Irritated Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Dave-ros View Post
More useful (?!) information: this only happens in Firefox (and yes, it happened before I updated it to 3.0.7 or whatever) -- doesn't happen in IE7, on which I am writing this. In Firefox it happens throughout the forums.3drealms.com website, even if I'm logged out...
Yes, IE8 for me works well but as soon as open 3DR Forums website on Firefox, I get that warning insistantly saying that a trojan horse was found...

Joe, are you using FF or IE as a browser?
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 05:18 PM   #15
Joe Siegler
Former 3DR Staff

Joe Siegler's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Firefox.

I do have IE, Opera, & Chrome on this system, but generally just for testing. The lion's share of my browsing is Firefox.
__________________
Apogee / 3D Realms Employee: Dec 14, 1992 - May 22, 2009

"Lifting up the Cross to the waiting lost" - Petra | John 3:16
Joe Siegler is offline   Reply With Quote
Old 03-05-2009, 05:25 PM   #16
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I've just tried disabling all the add-ons and plugins I had installed on Firefox and enabled them one by one to see if it has something to do with the add-ons. Apparently, turning off the add-on named "Cool Iris" solved the problem for me. Annoying pop-ups are no more!
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 05:28 PM   #17
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Confirmed -- disabling Cool Iris stops the trojan alert from appearing! Damn, and I already submitted a "false positive" report to Avast!... should we tell the makers of Cool Iris that they're causing problems?
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Dave-ros is offline   Reply With Quote
Old 03-05-2009, 05:33 PM   #18
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Dave-ros View Post
Confirmed -- disabling Cool Iris stops the trojan alert from appearing! Damn, and I already submitted a "false positive" report to Avast!... should we tell the makers of Cool Iris that they're causing problems?
I think there's a conflict between Avast! and Cool Iris when we open these forums. But why did it start today? I don't remember Avast! updating itself...
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 05:36 PM   #19
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Avast! updates itself every time I turn my computer on -- indeed, it defaults to updating every couple of hours! I've fired off an e-mail to the Cooliris people as well, though God knows what they'll make of it...

Shielder, do you have Cooliris installed on your other browsers (as I note it's not just a Firefox thing)?
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Dave-ros is offline   Reply With Quote
Old 03-05-2009, 05:44 PM   #20
KleyMEN

KleyMEN's Avatar
Irritated Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Dave-ros View Post
Avast! updates itself every time I turn my computer on -- indeed, it defaults to updating every couple of hours!
Well usually when the program updates itself, it shouts "Virus database has been updated!" and if my memory serves me well, I don't recall hearing such a voice today, well... Nvm, at least the problem is solved
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 05:56 PM   #21
GOK

GOK's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I get a very similar using Firefox and Avast - but only when I try to load this thread ----> http://forums.3drealms.com/vb/showth...422#post837422 in the Programming/HTML forum (titled "Anyone know what this Javascript means?").

Edit: Same message in IE.
__________________
Wang Bang Heaven: more bang for ya buck.
GOK
GOK is offline   Reply With Quote
Old 03-05-2009, 05:58 PM   #22
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by GOK View Post
I get a very similar using Firefox and Avast - but only when I try to load this thread ----> http://forums.3drealms.com/vb/showth...422#post837422 in the Programming/HTML forum (titled "Anyone know what this Javascript means?").
Haha, me too. Seems like Avast! doesn't like Javascripts.
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-05-2009, 06:02 PM   #23
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Aha, that could be something -- does Cooliris somehow "scatter" a bit of JavaScript contained in one thread, and propagate it through the entire forum? (Do I even know what the hell I'm talking about?!) One thing's for sure, that particular thread is what's causing it (Avast! causes it to "disappear" after reporting the trojan), and somehow Cooliris is causing it to "attack" my system four times every time I look at any other thread! Why it's doing so when there's a bit of JavaScript in the text of the thread, rather than the header (where it would actually do some damage), is anyone's guess...
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Dave-ros is offline   Reply With Quote
Old 03-05-2009, 09:19 PM   #24
Joe Siegler
Former 3DR Staff

Joe Siegler's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by GOK View Post
I get a very similar using Firefox and Avast - but only when I try to load this thread ----> http://forums.3drealms.com/vb/showth...422#post837422 in the Programming/HTML forum (titled "Anyone know what this Javascript means?").

Edit: Same message in IE.
OK, now I got it. Happens to me at home when I hit this URL.

I submitted a false positive report as the forum admin here. Let's see if they respond to me.
__________________
Apogee / 3D Realms Employee: Dec 14, 1992 - May 22, 2009

"Lifting up the Cross to the waiting lost" - Petra | John 3:16
Last edited by Joe Siegler; 03-05-2009 at 09:22 PM.
Joe Siegler is offline   Reply With Quote
Old 03-05-2009, 10:45 PM   #25
PartyBooper

PartyBooper's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Indeed it IS weird to see a rotating nuke symbol over 3DR's forums. If it wasn't for the really loud and annoying voice of Avast, it wouldn't even stand out.

I can confirm the CoolIris/Avast/3DR forums thing too by the way.
PartyBooper is offline   Reply With Quote
Old 03-06-2009, 06:05 AM   #26
Tekedon

Tekedon's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I have this problem too now.

Edit: Seems I fixed it by disabling a Veoh plugin in firefox.
Last edited by Tekedon; 03-06-2009 at 06:09 AM.
Tekedon is offline   Reply With Quote
Old 03-06-2009, 02:29 PM   #27
Shielder
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Dave-ros View Post
Avast! updates itself every time I turn my computer on -- indeed, it defaults to updating every couple of hours! I've fired off an e-mail to the Cooliris people as well, though God knows what they'll make of it...

Shielder, do you have Cooliris installed on your other browsers (as I note it's not just a Firefox thing)?
I have to admit that I've never heard of it, but I don't think it's installed anyway although i'm checking to see whether something has been installed without my knowledge.

However, it could be something else that cooliris uses that is on my machine that could be causing it. Wild shot in the dark though.

Quote:
Originally Posted by Tekedon View Post
I have this problem too now.

Edit: Seems I fixed it by disabling a Veoh plugin in firefox.
Funny you should mention Veoh, it's something i've had installed at one time in the past - then uninstalled again when it told me that it's content is only available in the US and not the UK.
Last edited by Shielder; 03-06-2009 at 02:33 PM.
Shielder is offline   Reply With Quote
Old 03-06-2009, 04:41 PM   #28
ProAsm

ProAsm's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Thanks for pointing me here Joe.

I've had the exact same problem and uninstalling Cool Iris also solved my problem.
http://www.proasm.com/images/pics/3drv.jpg
Thanks guys
__________________
http://www.proasm.com
ProAsm is offline   Reply With Quote
Old 03-08-2009, 08:08 AM   #29
Blade Nightflame

Blade Nightflame's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I have Cooliris on, but since I don't have an antivirus installed nor enabled, I don't get the problem.
__________________

Blade Nightflame is offline   Reply With Quote
Old 03-08-2009, 01:39 PM   #30
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
You get the virus instead

---------- Post added at 06:39 PM ---------- Previous post was at 05:03 PM ----------

Just to let you guys know, I've been e-mailing the Cooliris team about this, and they say they're looking into it -- since obviously the program is somehow causing us to get the virus warning on every page of these forums, and not just the one with the alleged malicious JavaScript in it
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Dave-ros is offline   Reply With Quote
Old 03-09-2009, 05:38 AM   #31
Llama Gibbz

Llama Gibbz's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I get a warning from avast trying opening this thread in the programming forum.
__________________
That's not dog,its imitation.
Last edited by Llama Gibbz; 05-14-2009 at 05:28 PM.
Llama Gibbz is offline   Reply With Quote
Old 03-09-2009, 09:27 AM   #32
Phait

Phait's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
I just got it too Extensions I have
__________________
Music: http://www.oquilluksound.com Album: http://machinefaultred.blogspot.com Album Calendar Youtube: http://www.youtube.com/oquilluksound

"but I promise you this, I'll always look out for you, that's what I do" -Coldplay
Phait is offline   Reply With Quote
Old 03-09-2009, 12:21 PM   #33
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Phait View Post
I just got it too Extensions I have
Try disabling them one by one and see which one is causing the problem. Especially look for those which use Javascript in any way.
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-09-2009, 12:31 PM   #34
Llama Gibbz

Llama Gibbz's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Disabled all of mine and that thread still sets it off.
__________________
That's not dog,its imitation.
Llama Gibbz is offline   Reply With Quote
Old 03-09-2009, 12:36 PM   #35
Joe Siegler
Former 3DR Staff

Joe Siegler's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
What about running Firefox in safe mode? If you still have your Firefox program group, there should be an icon for that in there.
__________________
Apogee / 3D Realms Employee: Dec 14, 1992 - May 22, 2009

"Lifting up the Cross to the waiting lost" - Petra | John 3:16
Joe Siegler is offline   Reply With Quote
Old 03-09-2009, 01:12 PM   #36
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Joe Siegler View Post
What about running Firefox in safe mode? If you still have your Firefox program group, there should be an icon for that in there.
Running Firefox in safe mode didn't change anything for me. Still that thread is inaccessible. There's an add-on named No Script or something like that which might help, haven't tried it yet though.

EDIT: Nope, that's not helping either.
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
Last edited by KleyMEN; 03-09-2009 at 01:15 PM.
KleyMEN is offline   Reply With Quote
Old 03-09-2009, 06:23 PM   #37
Dave-ros

Dave-ros's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
This has been mentioned -- that one specific thread sets off Avast!, presumably because it sees the malicious JavaScript in the body and still thinks it might be dangerous. So it's really up to Avast! to stop it being triggered... or else, it's really dangerous to spell out malicious JavaScript in a web page

It's not due to Firefox -- I get the same error trying to open that thread in IE7. The difference is, it actually opens in Firefox and the thread can be read while the error is on screen, but in IE7 it never appears at all!
__________________
In Mother Russia, all your base are belong to Chuck Norris!
Dave-iant Art
Dave-ros is offline   Reply With Quote
Old 03-09-2009, 07:12 PM   #38
KleyMEN

KleyMEN's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
Quote:
Originally Posted by Dave-ros View Post
I get the same error trying to open that thread in IE7. The difference is, it actually opens in Firefox and the thread can be read while the error is on screen, but in IE7 it never appears at all!
Really? I can't open that thread in FF either.
__________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Swim swim :rolleyes: <><
KleyMEN is offline   Reply With Quote
Old 03-10-2009, 11:12 AM   #39
Llama Gibbz

Llama Gibbz's Avatar
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
For me its Avast web shield thinking there's malicious java code is there.
__________________
That's not dog,its imitation.
Llama Gibbz is offline   Reply With Quote
Old 03-10-2009, 05:58 PM   #40
unforgiven
 
Re: JS:ScriptSH-inf [Trj] Trojan Horse found...
It's False Alarm , According to Reports Avast Blocks a few websites which used Apache Mod_Gzip or mod_deflate module , those modules allows output from server to be compressed before being sent to the client over the network. so it seems the Avast web filter can't determine the compressed data by GZIP/DEFLATE and thought it's Binary or Encrypted JavaScript file
unforgiven is offline   Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:00 AM.

Page generated in 0.19253802 seconds (100.00% PHP - 0% MySQL) with 15 queries

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.

Website is 1987-2010 Apogee Software, Ltd.
Ideas and messages posted here become property of Apogee Software Ltd.