Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Trojan in the Images thread
Trojan in the Images thread
#1
My Malwarebytes is saying there's a Trojan on pages 3&4 of the latest Images thread - pages 1&2 don't trigger anything.

RMH
Reply
RE: Trojan in the Images thread
#2
Thanks for the alert.
-- Bob

I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber.  I have been 
called a hundred names and will be called a thousand more before the sun grows dim and cold....
Reply
RE: Trojan in the Images thread
#3
Does Malwarebytes give any specifics? My work's security suite isn't reporting anything, and I don't see anything manually digging through the page and its various resources, although that's far from a guarantee.
-- Bob

I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber.  I have been 
called a hundred names and will be called a thousand more before the sun grows dim and cold....
Reply
RE: Trojan in the Images thread
#4
(11-19-2018, 08:28 AM)Bob Schroeck Wrote: Does Malwarebytes give any specifics?  My work's security suite isn't reporting anything, and I don't see anything manually digging through the page and its various resources, although that's far from a guarantee.

Sorry - at work now (it was my home PC).  When I get home I'll pull up what it gave me.
Reply
RE: Trojan in the Images thread
#5
Thanks. I'll also try looking at it from home as well.
-- Bob

I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber.  I have been 
called a hundred names and will be called a thousand more before the sun grows dim and cold....
Reply
RE: Trojan in the Images thread
#6
Well, it's not popping up now, but here's the log report from Malwarebytes

-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 6:16 AM
Log File: 98b76848-ebec-11e8-a9fa-7085c2224384.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7913
License: Premium

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [60452]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)
Reply
RE: Trojan in the Images thread
#7
That's my ISP, but not my IP address.

Should I forward this to the sysadmins?
--
Rob Kelk

Sticks and stones can break your bones,
But words can break your heart.
- unknown
Reply
RE: Trojan in the Images thread
#8
Well, I tried bouncing through a couple of different threads.  I'm only getting Trojan alerts in threads that Robkelk has posted in, but not all.  Same IP address, but different ports for the reports.  

Trojan reports
Images thread, page 3&4.
Erma thread (last page)
Complain about the weather thread – page 1

No reports
Images thread page 1&2
2 of the Politics threads

Two of the threads that Rob didn’t post in the Introductions forum came up clean as well.  It looks like it’s something with the images, but that doesn’t explain no reports for Image thread 1&2, since Rob posted in both of them.

(is molecular biologist, not computer person, so this is about as much as I can give you)

*** edit to add a couple of the reports
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 9:00 PM
Log File: 15749f92-ec68-11e8-a089-7085c2224384.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [63030]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 8:57 PM
Log File: 9ad4ae8a-ec67-11e8-a9eb-7085c2224384.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [62938]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)
-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 8:51 PM
Log File: caf51542-ec66-11e8-983f-7085c2224384.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [62787]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)
Reply
RE: Trojan in the Images thread
#9
And now this thread is giving me Trojan alerts... so it's not something to do with images.

-Log Details-
Protection Event Date: 11/19/18
Protection Event Time: 9:24 PM
Log File: 74ca8990-ec6b-11e8-980c-7085c2224384.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7927
License: Premium

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: web.ncf.ca
IP Address: 206.47.12.13
Port: [63549]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)
Reply
RE: Trojan in the Images thread
#10
I've tried something. Could you reload and check a couple of those pages again, please?

In the meantime, I've forwarded one of your log reports to ncf.ca
--
Rob Kelk

Sticks and stones can break your bones,
But words can break your heart.
- unknown
Reply
RE: Trojan in the Images thread
#11
Nothing coming up this time. Checked 3 of the threads that were giving me reports and none of them flagged. Looks like what you did took care of it.

RMH
Reply
RE: Trojan in the Images thread
#12
What I did was change my image avatar from being hosted at web.ncf.ca to being hosted here. Looks like my ISP's web server might be infected. (Folks, if I've sent you an email lately, you might want to deep-scan it...) Since I've already forwarded a log report, the ball's in their court.
--
Rob Kelk

Sticks and stones can break your bones,
But words can break your heart.
- unknown
Reply
RE: Trojan in the Images thread
#13
Oh, cool. I mean, sorry your ISP might be infected, but I'm glad it's not the boards outright. And thank you for working this out between you; between a dentist appointment and prepping for US Thanksgiving, I never even got a chance to look at the forums last night.
-- Bob

I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber.  I have been 
called a hundred names and will be called a thousand more before the sun grows dim and cold....
Reply
RE: Trojan in the Images thread
#14
Heard from the sysadmins today:
Quote:Thanks for the report regarding Malwarebytes blocking web.ncf.ca. There was a hosted site that was serving malicious content, and Malwarebytes flagged our domain as potentially dangerous.

We've removed the malicious content in question, and spoken to Malwarebytes. The domain block will be removed in their next update.
--
Rob Kelk

Sticks and stones can break your bones,
But words can break your heart.
- unknown
Reply
RE: Trojan in the Images thread
#15
Thanks for the update, Rob.
-- Bob

I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber.  I have been 
called a hundred names and will be called a thousand more before the sun grows dim and cold....
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)