Trojan detected

[EHM-2198 Didimo]

Just logged in to the main website and apparently there has been an update to the website that is causing some problems. I have not updated my browsers, still using the same browsers I have been using for quite a while: FireFox v2.0.0.9 and IE 7.0.5730.11.

Until about a week ago when I last logged in the site worked ok with both browsers with the exception of the PP section that only works in IE.

Today however after logged in, when I click on Divisions a new IE window pops up (as opposed to loading into the same frame) with only the menu (http://www.fly-euroharmony.com/site/menu_d.htm). Then clicking on any of these menu items (which is the only thing showing on the page) it does not load the target page.

I don't see any posting about a website update but likewise I have not changed my browsers either. Can somebody confirm that? The same happens on both FF and IE.

The buttons image map at the top has a target frame named I1 or something like that. I see some page error saying something that the frame does not exist or that it is null.

[EHM-1749 Hector]

I cannot get into ProPilot page. When I hit the PP and try to log in, I get a "new Page 3" window and nothing happens. April 12 at 1813Z

[EHM-1670 William]

When the new page 3 opens go back to the original page you clicked from and it opens there. All very strange. :%

[EHM-0654 Murray]

Hmm... now that *IS* strange... not of my doing, I must hasten to add (and yes, it is I that is normally responsible for changes to the website...)

Since the menu that pops open looks "different" (can't explain, there's just something that feels different about it, other than it's opening in it's own window), I'd guess the graphics department have played. I'll have a wee looky at the script for the menus and see if I can't sort it.

BTW Didimo, 2.0.0.9 is *very* old (in Firefox terms...) Current version is 2.0.0.13, and I would very much recommend you upgrade as both .12 and .13 had major security updates in them.

UPDATE: Fixed, thanks all for reporting the error.

[EHM-1944 Jaap]

Thanks Murray,now we can go ahead again.

[EHM-2198 Didimo]

Site is fixed, thanks. Already installed my FF update as well.

May I ask what is it that the PP pages use that only works with IE?

[EHM-0654 Murray]

You'd need to ask Bruno, that's still his (other) baby...  

[EHM-0948 Bruno]

Hi Didimo,

On the time that I developed it, Firefox was still on the early stage so I didn't gave much attention to it.

My mistake of course . We will try to adjust it as soon as we can.

Just to notice that you can download a FF extension that will permit you to use the IE API on Firefox.

Regards,

[EHM-1749 Hector]

Okay now in PP without the New Page 3 message. Everything looking good again.
Thanks Murray.

[EHM-1657 Jay]

Just to let you know the Page 3 message is still coming up in IE 7

[EHM-1703 Philip]

Yes, looks nasty again. I will have Murray take a look when he can, we may have to take the site down for a bit so be prepared.

[EHM-1657 Jay]

I might have an idea as to why this is happening, let me go verify something quickly, will be back shortly

[EHM-0654 Murray]

On it. It's the same thing as last time (that's mostly for the MTs benefit) and since I'm at work it's going to take me a little longer to fix it...

[EHM-1657 Jay]

Oh ok, cool, will check back tomorrow

[EHM-1944 Jaap]

Just tried to enter the PP division.We have now a "new page 3".
I cannot enter the division :$
As I am at Rodos with a B763 on the moment I will take a short holiday.

[EHM-1570 Bruce]

My Anti virus software is flagging up a Trojan on the Home web page.

[EHM-0654 Murray]

Should be fixed again. Apologies for the annoyance...

[EHM-1592 Niels]

Mine as well (ZoneAlarm).

[EHM-0654 Murray]

Thanks gents. Which one in particular? It might help us stop this happening in the future?

[EHM-1570 Bruce]

Hi Murray my anti virus is detecting the following virus: Trojan-Clicker.JS.AGENT.H  hope this helps.

[EHM-0654 Murray]

*Many* thanks for that Bruce.

@Everyone: I have now discovered (and with luck blocked) the vector that was being used to apply this malware to the site (MT should look in our private forum for full information).

It shouldn't happen again in the sort of timeframe it did yesterday/today, but just in case I have taken further precautions; a backup of the files that are being replaced each time, so one quick unpack operation will put them back as was...

[EHM-1944 Jaap]

Thanks again Murray.
I can enter PP again,however funny is that a Mcafee scan did not find any virus.

[EHM-0654 Murray]

Look up the name Bruce reported on McAfee's forum

We're not the first people hit by this malware, and you're not the first McAfee user wondering why it doesn't get detected...

[EHM-2198 Didimo]

IVAO got hit some days ago if I remember correctly I hope my PC did not get infected. I just ran AdAware and did not detect anything extraordinary (tracking cookies only).

Currently running Norton AV with the updates but I hope it finds nothing. Then again... for what it seems NAV fails miserably at detecting some things. Can anybody recommend a better antivirus?

[EHM-0654 Murray]

Personally, I only use NOD32 on my on equipment (thirty day demo available from their website). If you check out AV Comparatives, you discover that Eset NOD32 has won "best of year" two years running. Plus, it's dead light on computer resources, and it's also blindingly fast. Furthermore, it's not tremendously expensive for home use (£27 per year)

And before anyone finds out "by accident" and thinks there's sommat dodgy going on, yes, the company my mate David and I run is a NOD32 reseller, but that's mostly because we were both using it before we started the company and thought reselling would be a nice way of getting it cheaply (and it is )