tware

iTrader: (12)

no, I have it with FF as well.

this evening I didnt get the blank popups with ubuntu. but still blocked on win machines with KIS or KAV.

Last time, the issue wasnt on this server either. It's certainly possible that its a false positive. It would be one of the very few FP's on a website (not counting FPs on files) I've seen in 3 years of using KAV.

Checkmate58

iTrader: (11)

My antispyware program blocks this everytime I come to the forum front page.

188.120.232.15

Robb M.

We are 99% certain this is a false positive scenario. That IP ^^ is a new one, I'll be sure to add it to our notes on this issue. Thanks.

tware

iTrader: (12)

I run noscript and I dont recall a script from autodiva.ru before.

Brrcats

iTrader: (10)

Just stopped two attacks as soon as I opened the page.

Running outlook, some oracle apps for work, came from graveyarddeals.com, but the notice didnt hit me till I was about halfway done loading the page.

oh, and I noticed something was amiss becuase it looked like java was opening or something, had the initialization screen up for java

kacz07

iTrader: (15)

I got two threats right away that were blocked by Avast. Happened right when I loaded the page.

03threefiftyz

iTrader: (25)

I've been getting warnings today as well........on top of the site running insanely slow.

tware

iTrader: (12)

no no, they are 99% sure its false.. oh, sorry about that 1%.

come on, even if this is a FP, and I'm not that sure it is anymore, IB is big enough to get Kaspersky's attention! This is kinda ridiculous to go on for this long even as a FP. If this turns out to be a real exploit, its beyond excusable. Why would you not start pulling code until you found it? Or checking 3rd party content?! even if only from the angle of lost ad revenue from so many blocked visitors......

Black Z Eddie

One thing kinda peculiar, if it's a false positive, why would different AV softwares detect it as a threat.

FATPUBUS

iTrader: (30)

Ive had the Java warnings all day, which I've ignored and closed, every time I come on, with a Norton popup saying they just blocked an attack.

Robb M.

We are investigating new reports that some kind of javascript exploit is live on the sites.

PerfZ

iTrader: (3)

Kaspersky gives me warnings on every page I go to on this site but I figure at least it is blocking whatever it is.8/2/2010 9:25:17 PM

From Kaspersky log: https://my350z.com/forum/mid-atlanti...on-thread.html Firefox Processing error: HEUR:Trojan.Script.Iframer

tware

iTrader: (12)

if by new you mean over a week.

jonnylaw

iTrader: (3)

Yea, I'm still getting warnings and alerts from Kaspersky that require system restarts to purge.

bkaa

iTrader: (5)

im still having the same problem......

jonnylaw

iTrader: (3)

What is Autodiva.ru?

koren

iTrader: (23)

It is the club for women-drivers in Russia. Why do you asking???

jonnylaw

iTrader: (3)

^lol b/c that is what the website is redirecting to when you first enter it. Wondering if it has to do with the trojan/virus/warnings

Phreakdout

iTrader: (32)

IT just recently uploaded Kaspersky onto my work laptop. Murphy's Law has it I get infectected and IT swarms in like a Phreakin SWAT team. I take it there is some alert system when a user gets infected. Sooo, now my work computer is off limits to My350Z.com. Well, crap!

I hope this is solved soon so I don't have to buy a second computer. Keep at it guys.

Robb M.

I've re-filed a ticket with tech to get this dealt with first thing today.