DONT UPGRADE
DONT UPGRADE
I upload new version, there are in the download files.
http://sourceforge.net/projects/cmsimpl ... _XH%201.5/
http://sourceforge.net/projects/cmsimpl ... Simple_XH/
[ external image ]
http://sourceforge.net/projects/cmsimpl ... _XH%201.5/
http://sourceforge.net/projects/cmsimpl ... Simple_XH/
[ external image ]
Re: DONT UPGRADE
Hi twc,
thanks for the warning. I've downloaded the 3 packages related to CMSimple_XH 1.5.5 again and scanned them, but nothing was reported by my antivirus software (MS Security Essentials). Could others please check that with other (better?) scanners?
But when I look at your screenshot I see that the malware is reported for a file fiberdordrecht_nl[1].htm. This file is not contained in any of the CMSimple_XH packages. Could you please check the CMSimple_XH download again (and only this package)?
Christoph
thanks for the warning. I've downloaded the 3 packages related to CMSimple_XH 1.5.5 again and scanned them, but nothing was reported by my antivirus software (MS Security Essentials). Could others please check that with other (better?) scanners?
But when I look at your screenshot I see that the malware is reported for a file fiberdordrecht_nl[1].htm. This file is not contained in any of the CMSimple_XH packages. Could you please check the CMSimple_XH download again (and only this package)?
Christoph
Christoph M. Becker – Plugins for CMSimple_XH
Re: DONT UPGRADE
Well after the upgrade or new version to FTP, and i go to the websites than hell break loose...cmb wrote:Hi twc,
thanks for the warning. I've downloaded the 3 packages related to CMSimple_XH 1.5.5 again and scanned them, but nothing was reported by my antivirus software (MS Security Essentials). Could others please check that with other (better?) scanners?
But when I look at your screenshot I see that the malware is reported for a file fiberdordrecht_nl[1].htm. This file is not contained in any of the CMSimple_XH packages. Could you please check the CMSimple_XH download again (and only this package)?
Christoph
Malware @ templates.htm ,all .htm content files and main dir html files.
Second time now after 2 times update CMS
Local see nothing after scanning http://www.malwarebytes.org butt after upload to FTP and your wath your website, the Hell break loose.
I think there are hidden script inside the zipp files ?
Re: DONT UPGRADE
Hi twc,
thanks for the details. I've just uploaded the full package (CMSimple_XH_155) to my server and browsed to the site. But it seems nothing unusual happens: no changes to content/content.htm, templates/cmsimplexh/template.htm or index.php.
Did you really find any script injection or is it just reported by Eset? In the latter case: according to http://www.linkedin.com/groups/HTML-Scr ... S.92772104 there was a bug reporting false positives. Do you have the latest version of Eset's database?
I'm checking the issue further, but as several others already have done the update without reporting any trouble, I hesitate to remove the downloads from Sourceforge.
Christoph
thanks for the details. I've just uploaded the full package (CMSimple_XH_155) to my server and browsed to the site. But it seems nothing unusual happens: no changes to content/content.htm, templates/cmsimplexh/template.htm or index.php.
Did you really find any script injection or is it just reported by Eset? In the latter case: according to http://www.linkedin.com/groups/HTML-Scr ... S.92772104 there was a bug reporting false positives. Do you have the latest version of Eset's database?
I'm checking the issue further, but as several others already have done the update without reporting any trouble, I hesitate to remove the downloads from Sourceforge.
Christoph
Christoph M. Becker – Plugins for CMSimple_XH
Re: DONT UPGRADE
Hi
I have allready 6 websites running with the new CMSimple_xh 1.5.5 - no problemcmb wrote:Hi twc,
thanks for the warning. I've downloaded the 3 packages related to CMSimple_XH 1.5.5 again and scanned them, but nothing was reported by my antivirus software (MS Security Essentials). Could others please check that with other (better?) scanners?
But when I look at your screenshot I see that the malware is reported for a file fiberdordrecht_nl[1].htm. This file is not contained in any of the CMSimple_XH packages. Could you please check the CMSimple_XH download again (and only this package)?
Re: DONT UPGRADE
Hi maeg, hi twc,
@twc: so please upgrade to the latest version of Eset Smart Security, update the virus definition database and check again. Indeed the warnings might be caused by false positives.
Until further evidence (actually infected files or a report from a recent malware scanner) I'll rest the case, and assume, that the downloads are clean.
Christoph
Thanks for the information. It's not an absolute proof that the ZIPs are clean, though.maeg wrote:I have allready 6 websites running with the new CMSimple_xh 1.5.5 - no problem
andhttp://kb.eset.com/esetkb/index?page=content&id=SOLN2111 wrote:Version 5 of ESET Smart Security and ESET NOD32 Antivirus has been released. We highly recommend that you upgrade to the latest version
(emphasis by me)http://kb.eset.com/esetkb/index?page=content&id=SOLN2476 wrote:Upgrading is free only if you are upgrading to the latest version of the same product
@twc: so please upgrade to the latest version of Eset Smart Security, update the virus definition database and check again. Indeed the warnings might be caused by false positives.
Until further evidence (actually infected files or a report from a recent malware scanner) I'll rest the case, and assume, that the downloads are clean.
Christoph
Christoph M. Becker – Plugins for CMSimple_XH
Re: DONT UPGRADE
latest version of Eset's database? i have that.......i am up todate always
after upgrade or new version CMS i have thise problem....
after upgrade or new version CMS i have thise problem....
Re: DONT UPGRADE
twc wrote:Well after the upgrade or new version to FTP, and i go to the websites than hell break loose...
Malware @ templates.htm ,all .htm content files and main dir html files.
- I wasn't able to reproduce this.
- Others apparently didn't have the problem either
- Googling for "html/scrinject.b.gen virus eset" brings several messages, where it's said, that only Eset reports the malware, but no other malware scanners
- Several times it is assumed, that these are false positives (i.e. the scanner reports something as malware, that isn't)
- according to http://www.avira.com/de/support-threats ... 6/tlang/de the trojan is known since 7 years, so I would be surprised, if the trojan were not detected by other scanners than Eset
- according to the same source, the damage potential is low to medium
- http://blog.teesupport.com/guides-to-re ... ompletely/ where it is described, that the trojan might be hard to remove and might be very dangerous, so you should contact the "Tee supports agents 24/7 online" (link deliberately omitted )
- http://www.zimbio.com/Spyware/articles/ ... +Gen+Virus recommends to download a tool to remove this malware (I recommend not to download this tool )
If my full scan doesn't find any malware, I must assume, that the problem is on your computer: either Eset Smart Security 4 reports a false positive, or your computer is infected, and perhaps any upload with the FTP client will spread the trojan.
If you like, you can send me one of the files that Eset reports as malware by mail (I receive text mail only, so that shouldn't be dangerous). My mail address can be found on my website.
Christoph M. Becker – Plugins for CMSimple_XH
Re: DONT UPGRADE
well i make backups and after delit all htm files on server and replace my backup files to ftp....no popup malware So verry weird
I had a look for dynamically inserted IFrames on my test site and on http://fiberdordrecht.nl, but there are none.
I had a look for dynamically inserted IFrames on my test site and on http://fiberdordrecht.nl, but there are none.
Re: DONT UPGRADE
That indicates, that your FTP client is "clean".twc wrote:fter delit all htm files on server and replace my backup files to ftp....no popup malware
But I really don't know where to look. Could you please send me one of the infected files?
Christoph M. Becker – Plugins for CMSimple_XH