Skip to main content

UPDATE! virus Trojan-Clicker.HTML.IFrame.kr SEEMS BE FIXED! THANKS Smile
BUT SOME BROWSER SUCH AS FIREFOX, SHOWING SOME STUPID MESSAGE, AND GOOGLE BROWNSER JUST DO NOT OPEN THE AUCTIVA.COM WEBSITE, ONL IE WORKS NOW Confused strange!

"Reported Attack Site! This web site at checkout.auctiva.com has been reported as an attack site and has been blocked based on your security preferences.
Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners."
Last edited {1}
Original Post

Replies sorted oldest to newest

A message from Google Chrome when i try to make a listing.

"Warning: Visiting this site may harm your computer!
The website at www.auctiva.com contains elements from the site me9x.cn, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for me9x.cn.
Learn more about how to protect yourself from harmful software online."
Wanted to sign up for Auctiva for our new Ebay store when, lo and behold, Chrome pops up a security warning. I dug into this and found some very interesting stuff.

It looks like Auctiva has a security hole someone is actively driving their truck through it. The problem is in http://www.auctiva.com/js/windows.js
If you point your browser there (it's safe, it will read as text) and scroll down the bottom you should see a document.write statement. If you don't see it wait a few minutes and refresh. It looks like someone is trying to fix the file but something else is putting the attack back in which is why it might not be there when you look.

See how the URL looks like gibberish? It's ASCII code for me9x.cn, a Chinese site blacklisted by Google. The code in question writes a GIF file into the page. This is why you're getting it blocked in browsers like Firefox or Chrome, which pull the Google blacklist and enforce it. If your antivirus picked it up, good for you. The GIF file is likely reading your cookies (or worse if you're using IE). Whatever the case, that file is up to no good and if you can see this image Gortusk describes you may already have problems on your computer that you can't see.

I would highly suggest the following
1. Do not log into auctiva.com for now. The forums are clean (they appear to be on a different server) but the main site is clearly compromised.
2. Switch to Firefox or Google Chrome as your browser. Both browsers blocked the attack.
3. Run some anti-malware software, especially if your antivirus didn't catch this attack (not all antivirus has anti-malware). A good place to start is Adaware (http://www.lavasoftusa.com). There are many others out there as well (AVG seems to be catching this already).

Here's hoping for a quick fix. Was hoping to add some tools to my store today.
I NEVER get viruses, yet as of this a.m I've spent my entire day trying to figure out why I had one when I booted up this a.m. (Auctiva was the last site visited yesterday). I have a big red warning from Norton (this pop-up window won't go away!) it says:

HIGH RISK

trojan.malscript!html

So now I can't work - now what? Is every Auctiva user infected? HOW did this happen?
quote:
Originally posted by womandi:
I NEVER get viruses, yet as of this a.m I've spent my entire day trying to figure out why I had one when I booted up this a.m. (Auctiva was the last site visited yesterday). I have a big red warning from Norton (this pop-up window won't go away!) it says:

HIGH RISK

trojan.malscript!html

So now I can't work - now what? Is every Auctiva user infected? HOW did this happen?


calm down, I'm pretty sure a lot others have been infected also. I'm using maxthon which tags on to IE's engine. I still can login, get a bunch of alerts and Auctiva is still functioning as it is.

What I suggest, is if you need to do something urgent, just get infected like me and finish up what need to be done on auctiva, close your browser clear your cache and temp files, run a full antivirus AND antispyware scan(spybot, windows defender,etc) and clean up the system.

If not, check for update here until an admin pops up telling us the problem have been fix. I'm sure the support team is fully aware of the situation and working on it asap. Smile
Hi Community,

Thanks for helping to bring this issue to our attention. We are receiving reports of this nature from several customers and our engineering team is currently looking into why these warnings have started coming up. I'm not sure what is causing this at the moment, but I'll post again to this thread as soon as additional information becomes available.

-Mike
I am also getting this virus threat message. I note that Auctiva are aware of that problem and trying to fix it.
I also listed 5 new items yesterday afternoon but although they said they were being posted, none of them made it through to EBay. They are sitting in my saved listings. I tried to post one of them again and got the same response.
Has anyone else had this problem or know whether it is associated with the virus threat?
Susan
Ditto. McAfee says there's a virus in my c/windows/gameeeeee file. McAfee warns me of this location every page on Auctiva - both my firefox and explorer. Told HELP but was told it was my settings. When I say to McAfee to delete the virus it pops up again on the next page I open in Auctiva. Rebooting doesn't matter. The one listing I made to eBay today showed up there totally cockeyed. Took me 35 minutes to straighten it out on ebay. This is devestating.
I am on a MAC. I am getting the google warning whenever I try to log onto Auctiva today. Even when I tried accessing this group, Google was blocking it! I switched to AOL and got through to post this.
A few of my customers paid last night and this morning. Multiple auctions that were combined and paid are now showing as uncombined and not marked paid on eBay.
Everyone should check Paypal for what is paid since last night.
When a customer clicks on a picture link it will take them to the page that states it is a reported attack site. Big red box, very intimidating like I am trying to attack their computer myself.

Thanks Auctiva for scaring away any of the few customers left on eBay.

Having the site down and slow is one thing since it is free but actually having this problem is just ridiculous and beyond any normal decency. You are directly affecting my ability to make a living. But hey it's free right?

Add Reply

Copyright © 1999-2018 Auctiva.com. All rights reserved.
×
×
×
×
Link copied to your clipboard.
×