Reply to: We've been hacked!

I was happy being ook. Be warned, however, that as in the books I'm comfortable with the new avatar and strapline.

Leftie Dogooder? Sounds perfect.

I wanna be a pilchard again

I wonder when some of these name changes are going to be made permanent?
I'm sure there are many here who would celebrate sasguru being turned into "cretin", and Atw into "SquirrelBotherer"..

Can set it as your custom title seein' as you are Godlike. PM me if you want that or something else...

I like being do bad, makes up for all the times I've been called a leftie dogooder.

Maybe you're not interesting enough?

I quite liked being Vera Duckworth.

I wanna be Bungle and have mates like ADHD and ArnoldLayne and vera.duckworth and lots of others and why can't I? Why?

Disappointed. Very.

It was being called whenever I loaded a new page; I think it was specifically a forum-page (that's my good guess anyway). Also, I don't see my AV kicking up a fuss anymore, so the change you made seems to have done the trick for now. I'll pm you more deets.

Cheers dmo - this is an interesting one and could well be an artefact from an old exploit. I cannot find any reference to vbulletin_sitemap.js at all - Google and Bing draw blanks for the file name and that is unusual enough to get my attention.

The datestamp on the file is Jan 30th 2012, and so are a lot of other files, so looks like this could be the remnant of a really old exploit.

What I can't work out though is when is the script being called? I can't see it in source, have tried logged in and out in both FF and Chrome but cannot see this JS file being loaded at any point. I have now killed the contents of the file (have a back up just in case) but are you, or any one else, able to help me work out when that JS file is loaded so I can check the template logic and make sure that is clean too.

Cheers,

Admin

Not much online about it, this so far: Encyclopedia entry: Trojan:JS/Iframe.CB - Learn more about malware - Microsoft Malware Protection Center

Still seeing the CB.trojan error in my AV when I visit cUK :/

01/04/2013 17:09:54 HTTP filter file http://forums.contractoruk.com/clien...tin_sitemap.js JS/Iframe.CB trojan connection terminated - quarantined Studio-1558\Me Threat was detected upon access to web by the application: C:\Users\Me\AppData\Local\Google\Chrome\Applicatio n\chrome.exe.

Is everything supposed to be back to normal now? Suity's posts are still garbled.

Ah yes that comment, which I <cough> deleted yesterday I think.

I've been called worse sir!

lol