trojan script 473411

**5thfoot** · Sun 10 Oct '10, 5:04am

Through a Google search of the term “trojan script 473411” There appears to be a few forums over the past day or two that have started discussions about this – some are foreign language but I can work out it's in Albums where their problem is too.

**5thfoot** · Sun 10 Oct '10, 8:18am

there is a thread here:

Trojan Horse - Belgiumdigital forum

http://forum.belgiumdigital.com/f59/trojan-horse-333409.html

Forum voor alle off-topic postings, postings die dus absoluut NIETS met fotografie te maken hoeven hebben. Lees de specifieke forumregels erop na in de sticky posting.

unfortunately in Dutch and my translator is making a mess of it... can any dutch speaker confirm the conclusion that it's a false positive?

anti-virus known to be producing this warning (so far):

G-Data
F-Secure
'Virgin Media Security' which uses third party software, possibly Kaspersky ?
BitDefender

anti-virus not producing a awarning:

Avast
Trend Micro
AVG

**Quijar Haderak** · Sun 10 Oct '10, 4:49pm

Today a user on my forum has reported the same warning:

I think it's a false positive, but if anyone knows the cause of this warning, is appreciated the explanation.

Thank

**Trevor Hannant** · Sun 10 Oct '10, 11:31pm

To be on the safe side, you can download a fresh copy of the ZIP file from the Members Area and upload the file in question to your server, overwriting the one that's already there.

**5thfoot** · Mon 11 Oct '10, 3:29am

Thanks for that.

Running the .js (reported there) downloaded from my forum through VirusTotal gives the following:

http://www.virustotal.com/file-scan/report.html?id=2919b90d14be972b08272408adbf3f581f1f15704024e70a47a09edcfcda2ce4-1286796005

**5thfoot** · Mon 11 Oct '10, 4:02am

just ran the same test on a fresh copy downloaded from the members area and the result is unfortunately the same. I don't think overwriting the files will help on this occasion, and unless the new download just got contaminated bringing it onto my local machine, then everyone running this .js will have the same problem

**Nucleus1** · Mon 11 Oct '10, 5:50am

One of the users of my forum recieves the same "
trojan script 473411"

What did you guys find out?
I am also running the all albums software, and VB 3.8.3.
Any solutions if it really is a virus?

Both McAfee and AVG says that my domain is safe(if that has anything to say....)

Thanks in advance.

Kjelll

**5thfoot** · Mon 11 Oct '10, 6:55am

I don't know, but someone needs to do something sooner rather than later, because all operating vbulletin forums with this code are going to be blocked as dangerous by these anti-virus programs, which is not a good advertisement for vbulletin.

**Nucleus1** · Mon 11 Oct '10, 10:13am

Yes I agree with you.
Now several members have asked me if the files are safe or not, and I am not able to find any virus on my domain.

**dbode** · Tue 12 Oct '10, 4:55am

Same for us, we also get the virus warning. Any suggestions?

I also think it's a false positive because all files from our backups over the time look the same - so there is nothing changed.

**big.blue** · Tue 12 Oct '10, 9:43am

Trojan 473411

My vBulletin site also has this Trojan 473411 but only 1 section, Pictures & Albums, nothing else. Must be new, only noticed it recently and not everyones computer virus security sees it. I am currently running v Bulletin version 3.8.5. This is really weird. We all have different vb sites, different host. The only common thread is we all use vBulletin. Any ideas here?

**Lynne** · Tue 12 Oct '10, 9:46am

What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?

**big.blue** · Tue 12 Oct '10, 10:25am

Originally posted by Lynne

What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?

I'm using NetNation (Hostway). I did not request access logs but they did verifie that the server my website resides on hasn't been hacked.

**big.blue** · Tue 12 Oct '10, 10:32am

Originally posted by 5thfoot

I don't know, but someone needs to do something sooner rather than later, because all operating vbulletin forums with this code are going to be blocked as dangerous by these anti-virus programs, which is not a good advertisement for vbulletin.

I turned off my Pictures & Albums till this gets fixed. Hope it does not spread. I have 3 PhotoPost galleries installed inside my vBulletin. So far they are okay.

vBulletin 3 End of Life

trojan script 473411

trojan script 473411

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment