# Trojan attack on Fruitcakes Forum.



## nicholsong (May 26, 2009)

I have had a Trojan attack on the Fruitcakes Forum, and on Kathimerini newspaper English page. Both were blocked by my antivirus.

Have any other Fruitcake members had it?

I closed everything, shut down and restarted. It is still there on Fruitcakes, which I closed again.

What to do next to kill it? It is the first time I have experienced an attack.

Geoff


----------



## JanHank (Mar 29, 2015)

nicholsong said:


> I have had a Trojan attack on the Fruitcakes Forum, and on Kathimerini newspaper English page. Both were blocked by my antivirus.
> 
> Have any other Fruitcake members had it?
> 
> ...


I´m OK Geoff.
No expert on these things of course, but as Barry hasn´t answered yet, try a restore from your backup to before you used the funny farm yesterday.

Jan


----------



## nicholsong (May 26, 2009)

JanHank said:


> I´m OK Geoff.
> No expert on these things of course, but as Barry hasn´t answered yet, try a restore from your backup to before you used the funny farm yesterday.
> 
> Jan


Barry has answered my e-mail on this and is on the case

I have sent him the details from the AV blocking message.

Geoff


----------



## JanHank (Mar 29, 2015)

nicholsong said:


> Barry has answered my e-mail on this and is on the case
> 
> I have sent him the details from the AV blocking message.
> 
> Geoff


You have told him you turned it off and then on again I hope, don´t want to waste time do we. >
Jan


----------



## nicholsong (May 26, 2009)

JanHank said:


> You have told him you turned it off and then on again I hope, don´t want to waste time do we. >
> Jan


I know you are joking but I sent same info I posted on here.


----------



## barryd (May 9, 2008)

I Think I should point out that at the moment I am 99% certain there is not a problem with the Fruitcakes website and the issue is local to Nicholsong's PC. (Well his AV)

I suspect its what we call a false positive generated by ESOD AV which is what Geoff is using. The ESOD Forum is extremely slow and the two threads I Can see which I cannot access appear to be related to this issue.


----------



## barryd (May 9, 2008)

Maybe you should amend your thread title.


----------



## JanHank (Mar 29, 2015)

barryd said:


> I Think I should point out that at the moment I am 99% certain there is not a problem with the Fruitcakes website and the issue is local to Nicholsong's PC. (Well his AV)
> 
> I suspect its what we call a false positive generated by ESOD AV which is what Geoff is using. The ESOD Forum is extremely slow and the two threads I Can see which I cannot access appear to be related to this issue.


Yes, absoblinkinlutely, I was about to tell him that. :serious:


----------



## barryd (May 9, 2008)

False alarm!

https://forum.eset.com/topic/7567-jsscrinjectb-and-htmlrefreshbc-false-positive/

and

https://forum.eset.com/topic/7564-false-positives-jsscrinjectb-trojan-blocking-major-websites/

Assuming you can get into them.

Quote from ESET Which is Geoffs AV provider

*"After the update 13102, we started receiving reports about "JS/ScrInject.B" and "HTML/Refresh.BC" detections on various websites. The update was stopped immediately to mitigate the impact on users.

A new engine update 13103 is being prepared that will address the issue. In the mean time, as a hotfix you can switch to pre-release updates and then back.

We apologize for the inconvenience."*


----------



## dghr272 (Jun 14, 2012)

barryd said:


> Maybe you should amend your thread title.


No issues for me Barry, sue the twit !


----------



## Kaytutt (Feb 5, 2013)

fine here, I think you should sue him too but I can't recommend a good lawyer:wink2::wink2:


----------



## nicholsong (May 26, 2009)

barryd said:


> Maybe you should amend your thread title.


Yes, I would like to, and I seem to recall that to do that one has to go into 'Advanced Edit' but I cannot find it on the site.

Geoff


----------



## barryd (May 9, 2008)

Its ok Geoff. The Fruitcakes punishment board is already in session to decide what to do with you.

Im not sure what the punishment will be for broadcasting to the world that we were "infected" but I suspect it will be messy, painful and expensive.


----------



## nicholsong (May 26, 2009)

barryd said:


> Its ok Geoff. The Fruitcakes punishment board is already in session to decide what to do with you.
> 
> Im not sure what the punishment will be for broadcasting to the world that we were "infected" but I suspect it will be messy, painful and expensive.


I apologise to you Fruitcakes God.

From the message received from ESET and the fact that the other computers on this router running the same AV were not affected lead me to think it was a website problem and as Barry posted above ESET said they had reports related to certain websites, so in some way it was website related, but *NOT* from the website end apparently.

Barry was very prompt to get on the case and sorted out the problem for me.

Maybe I would have got a message from ESET like on their website but on Barry's initial advice I had disabled ESET while I ran a Malware programme.

Anyway all sorted thanks to Barry - except my trying to chang the Thread Title.

Geoff


----------



## erneboy (Feb 8, 2007)

nicholsong said:


> I have had a Trojan attack on the Fruitcakes Forum, and on Kathimerini newspaper English page. Both were blocked by my antivirus.
> 
> Have any other Fruitcake members had it?
> 
> ...


Fruitcakes is on ProBoards which is clean.


----------



## barryd (May 9, 2008)

erneboy said:


> Fruitcakes is on ProBoards which is clean.


Unlike the content.


----------



## tugboat (Sep 14, 2013)

Flog him round the fleet, I say.


----------



## nicholsong (May 26, 2009)

barryd said:


> Its ok Geoff. The Fruitcakes punishment board is already in session to decide what to do with you.
> 
> Im not sure what the punishment will be *for broadcasting to the world that we were "infected"* but I suspect it will be messy, painful and expensive.


Before I get sentenced - I seem to have already been found guilty in absentio - may I point out that all I reported was

"I have had a Trojan attack on the Fruitcakes Forum", i.e I was on the Fruitcakes Forum when I was informed by an AV message that they had blocked a Trojan - it did not, and I did not say, that Fruitcakes was 'infected'

I shall therefore appeal the verdict and any sentence.

I shall of course be representing myself - you can pay your own legal costs. I shall of course charge myself handsomely for my representation (useful to have a split-personality) and on winning the Appeal will claim costs. See you in Court:laugh::laugh::laugh:

GN QC (quality control?)


----------



## erneboy (Feb 8, 2007)

nicholsong said:


> Before I get sentenced - I seem to have already been found guilty in absentio - may I point out that all I reported was
> 
> "I have had a Trojan attack on the Fruitcakes Forum", i.e I was on the Fruitcakes Forum when I was informed by an AV message that they had blocked a Trojan - it did not, and I did not say, that Fruitcakes was 'infected'
> 
> ...


The man who knows would call that semantics Geoff, and in this case he'd be right. A swift oops combined with a title change would look better.


----------



## Pudsey_Bear (Sep 25, 2008)

nicholsong said:


> Yes, I would like to, and I seem to recall that to do that one has to go into 'Advanced Edit' but I cannot find it on the site.
> 
> Geoff


Too late now Geoff, but you go to edit your post and one of the options in advanced edit, you do the title in there.

It's just here


----------



## dghr272 (Jun 14, 2012)

nicholsong said:


> Before I get sentenced - I seem to have already been found guilty in absentio - may I point out that all I reported was
> 
> "I have had a Trojan attack on the Fruitcakes Forum", i.e I was on the Fruitcakes Forum when I was informed by an AV message that they had blocked a Trojan - it did not, and I did not say, that Fruitcakes was 'infected'
> 
> ...


Good luck with your court appearance, you know what they say about a defendant representing himself............. but we know that :grin2:

Juror No 3


----------



## nicholsong (May 26, 2009)

erneboy said:


> The man who knows would call that semantics Geoff, and in this case he'd be right. A swift oops combined with a title change would look better.


Alan

I think Barry posted the 'Ooops' from tha AV in post no. 9 above. I only reported what they told me at the time and did say the Trojan was blocked, so there was no suggestion that it came from inside the website, but the AV stated, in their apology that it was website related, without explaining in what way. I also reported that it had occured on the Kathimerini website, which should have allowed readers to assume it was not just related to Fruitcakes.

As for altering the Title, I offered, but was too late, anyway it only reflected the same as the post.

Geoff


----------



## Pudsey_Bear (Sep 25, 2008)

Now if it had said that FC was suffering from nutters, there would be no contest.


----------



## erneboy (Feb 8, 2007)

OK Geoff.


----------



## nicholsong (May 26, 2009)

dghr272 said:


> Good luck with your court appearance, you know what they say about a defendant representing himself............. but we know that :grin2:
> 
> Juror No 3


Wouldn't think of it were I not qualified - only 'half', as I never practised:wink2::laugh:

[I did successfully prosecute when I was the complainant in a criminal trial and the Charging Police Officer went long-term sick and the Stipendary, at Wells St. Mags. (do you have Stipes in NI?) would not allow a substitute Police Officer to take over the prosecution.. The Trade Union Defence thought they were home and dry, not knowing my qualification - mistake]

Geoff


----------



## barryd (May 9, 2008)

nicholsong said:


> Before I get sentenced - I seem to have already been found guilty in absentio - may I point out that all I reported was
> 
> "I have had a Trojan attack on the Fruitcakes Forum", i.e I was on the Fruitcakes Forum when I was informed by an AV message that they had blocked a Trojan - it did not, and I did not say, that Fruitcakes was 'infected'
> 
> ...


Too late. You know how the judicial system on Fruitcakes works. In situations like this you can be Tried and sentenced passed in your absence and without defence. Nobody said it was fair or democratic over there.

You have already been presented with a new badge which your profile will display for eternity or until you supply the £99.99 worth of Leffe you casually mentioned you "will give me next time we meet".

There was talk of flogging you with a wet knotted knicker but that has been dismissed due to it appearing like you enjoyed it too much last time.


----------



## JanHank (Mar 29, 2015)

Just passing a message on Geoff

Jan please pass the following message to the criminal. "The Gnome is sharpening his teeth in preparation for carrying out the sentence".


----------



## nicholsong (May 26, 2009)

Infamy, Infamy, Infamy!


----------

