Runboard.com
You're welcome.
Australian X-Trail Website Members Rides

Site Search

Facebook Aussie Forum Website Twitter Aussie Forum Website YouTube Aussie Forum Website Flickr PhotoBucket MSN Messenger Skype RSS Feed Events Calendar Admin Mailbox Nissan Australia myNissan Capped Service Fuel Consumption Monitor Tyre Size Calculator Australian X-TRAIL Forum Live Chat

Forum Rules   
   Register for a free global account (learn about it) | LOG IN: globally (click here) (Lost Password?)




Page:
 1  2 

 
tj81 Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 


Date Registered: 05-2014
TOTAL POSTS: 56
Reply | QUOTE
Possible Malware Issue


Hi all,

Word of warning, was browsing forum this afternoon, then all of a sudden this appears:

Image

This site was the only site i had open, luckily i have up to date AV and Malware protection.

Appears to be a password stealing Trojan, PWS:Win32/Zbot.

Just a FYI and heads up

---
Member # X-3683

T31 Xtrail, 4wd TS, 2.0 Diesel Manual. Tempest Blue
Lightforce 170 HID, Nudge Bar
Geelong VIC
17/Sep/2014, 7:56 pm Link to this post Send Email PM   Send Private Message Blog
 
jalalski Profile
Live feed
Blog
Friends
Miscellaneous info




Date Registered: 02-2004
Location: SUTHERLAND, SYDNEY
TOTAL POSTS: 29094
Reply | QUOTE
Re:


Sorry mate, in the 12 years I have been on the forum I never seen any pop-ups but maybe because I have upgraded my membership to Premium and don't see any advertising displayed at the top of the forum. This looks like a pop-up served by one of these adverts rather than the forum itself, as it is Java Script based which the forum doesn't use.

---

17/Sep/2014, 8:20 pm Link to this post Send Private Message MSN Blog
 
tj81 Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 


Date Registered: 05-2014
TOTAL POSTS: 56
Reply | QUOTE
Re:


Its not a pop up, its actually triggered a download of a malicious file, and if someone unsuspecting actually did and ran it, then there would be certain infection.



---
Member # X-3683

T31 Xtrail, 4wd TS, 2.0 Diesel Manual. Tempest Blue
Lightforce 170 HID, Nudge Bar
Geelong VIC
17/Sep/2014, 8:42 pm Link to this post Send Email PM   Send Private Message Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 

Head of Runboard staff

Date Registered: 11-2005
TOTAL POSTS: 8
Reply | QUOTE
Re: Possible Malware Issue


Hi tj,

Any virus you had or may still have didn't come from here. It sounds like you already had a virus on your computer, and the first virus tried to download the bk.coretag.js file.

Even having updated AV software doesn't always catch it. In addition to my regular AV, I run Malwarebytes once in a while. It may take an hour or two to do a full scan, depending on how full your hard drive is, but it's good at catching stuff that my regular AV might miss.

I also have WinPatrol (download here), which will alert me every time a program wants to run at startup. Sometimes these startup programs are necessary, like if I have knowingly downloaded a program that needs to run at startup, but when it's something I didn't ask for, I'll Google the file in question, and run Malwarebytes immediately if it's something I don't want.

Download Malwarebytes here. I have always used the free version, and have never needed to upgrade to the premium version.

Removal instructions for bk-coretab.js/bkrtx.com virus - That page refers to popup advertisements, which isn't what you showed, but another site says, "Occasionally, Web browsers affected by this problem will display a message that reads 'Do you want to open or save bk-coretag.js from tags bkrtx.com?'"

PWS-zbot removal instructions - Since you mentioned it. It's possible that there could still be files on your computer that are left over from that virus, and it's good to be thorough.

I don't know if one of those viruses introduced the other to your computer, but I bet Malwarebytes alone will find something your regular AV has missed. I'll keep an eye on this topic. Please let us know if this helps.


Jalal, we don't currently have ads on any of the boards. When we did, the text-only ads we used here wouldn't have caused a virus; only the rich media ads like flash can do that. Currently, the only thing we use on boards for monetization is VigLink, which turns ordinary links to places like Amazon and ebay into affiliate links.

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
18/Sep/2014, 2:59 am Link to this post Send Email PM   Send Private Message Blog
 
jalalski Profile
Live feed
Blog
Friends
Miscellaneous info




Date Registered: 02-2004
Location: SUTHERLAND, SYDNEY
TOTAL POSTS: 29094
Reply | QUOTE
Re:


Thanks for your help Lesa.

Tim: Lesa is the head of the Runboard Support Staff and I asked her to help you identify this problem, so please work with Lesa to get rid of this virus and let us know how you go. Thanks

Last edited by jalalski, 18/Sep/2014, 7:24 am


---

18/Sep/2014, 7:23 am Link to this post Send Private Message MSN Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 

Head of Runboard staff

Date Registered: 11-2005
TOTAL POSTS: 8
Reply | QUOTE
Re: Possible Malware Issue


You're welcome, Jalal. emoticon

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
18/Sep/2014, 7:47 am Link to this post Send Email PM   Send Private Message Blog
 
tj81 Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 


Date Registered: 05-2014
TOTAL POSTS: 56
Reply | QUOTE
Re:


Well, after running Malwarebytes, and three other AV programs additional to the one i had installed.......nothing found...

---
Member # X-3683

T31 Xtrail, 4wd TS, 2.0 Diesel Manual. Tempest Blue
Lightforce 170 HID, Nudge Bar
Geelong VIC
18/Sep/2014, 8:34 pm Link to this post Send Email PM   Send Private Message Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 

Head of Runboard staff

Date Registered: 11-2005
TOTAL POSTS: 8
Reply | QUOTE
Re: Possible Malware Issue


Thanks for the update, Tim. That's good news!

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
19/Sep/2014, 4:14 am Link to this post Send Email PM   Send Private Message Blog
 
tasaholic Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 


Date Registered: 01-2014
Location: St. Helens , Tasmania
TOTAL POSTS: 9
Reply | QUOTE
Re: Possible Malware Issue


I'm a computer tech as well as an X Trail owner.....best of both worlds , hey ?? emoticon
 I run some pretty stringent security software on all my systems as well as the usual essential ones for end-users , such as those already mentioned by Lesigner Girl , and I totally concur with her.
  One other thing to add is that if all scans show nothing , it's most likely a "false positive"...not uncommon but just as necessary to clear up.
  All sites I visit are monitored very closely and absolutely nothing has ever shown up on either runboard or this particular forum .
  There are enough really nasty pieces of malware running about these days that everybody should be running top-rated security software. I always recommend a top rated antivirus in conjunction with both Malwarebytes Anti-malware ( free edition) and also Ccleaner (free version...watch the install and uncheck unwanted stuff like Ask Toolbar etc).
   There are also many good antivirus programs that will check social media sites as well ( I use Sunbelt Vipre), and it is surprising how many infections come via sites such as Facebook...usually in shared posts, but also in ads.

---
2012 T31 X Trail ST-L Series 5 CVT 4WD
Brilliant Silver , Genuine bonnet protector , Front L & R narrow weathershields.
Hayman Reese towbar , Mongoose rear camera system.
23/Sep/2014, 12:39 pm Link to this post Send Email PM   Send Private Message Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

X-TRAIL NEWBIE
 

Head of Runboard staff

Date Registered: 11-2005
TOTAL POSTS: 8
Reply | QUOTE
Re: Possible Malware Issue


Thanks for your input, tasaholic! emoticon I have CCleaner, too, but don't run it as often as I probably should.

Although AV alerts can often be false positives, I don't believe that was the case here, based on what I found when I looked up bk.coretag.js. Since Tim's last scan came up clean, I figured his AV probably cleaned things up before he took the additional steps I suggested. I could be wrong, but it's better to be safe than sorry, right? emoticon

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
23/Sep/2014, 3:29 pm Link to this post Send Email PM   Send Private Message Blog
 


Reply




Page:
 1  2 





You are not logged in (login)

forum sticker
Back to top Back to top

Back to top

<-- end container -->