Ok I'm receving this virus warning

Scan type:  Auto-Protect Scan
Event:  Threat Found!
Threat: Trojan.Virantix.C
File:  C:Documents and SettingsLouiseLocal SettingsTemporary Internet FilesContent.IE5WU11IO0Hinstall[1]
Location:  C:Documents and SettingsLouiseLocal SettingsTemporary Internet FilesContent.IE5WU11IO0H
Computer:  LOUISE-977B67DC
User:  Louise
Action taken:  Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: 27 August 2008  21:02:51

when I sign onto renderosity. I got in the gallerys and just now in the forums. The same trojan. It happened on IE not Firefox so far.

Meant to say... it asked me to download something which i declilned. But only in the gallerys. THis is the info from symantec below

http://www.symantec.com/security_response/writeup.jsp?docid=2008-050916-1055-99

The Same on RDNA and Here !!!

Its NOT FAKE !

yup my virus scanner is going crazy too, this is very annoying because it closes my browser each time.

Yep it's back again.

DO NOT ALLOW THIS INSTALLER TO RUN, IT'S A HIJACK!

oh i know....what it means is...the thing it gives you to download gives you fake allerts and will get you to download other stuff in attempt to infect your machine.....

We are aware, the programmers are on it and it will be resolved very quickly

And mine is it a virus!!!!!

btw

my son spotted as the trojan was trying to load....it gives this website golnanosat.com at the bottom where the website shows loading on the bottom of the webpage.

That's done by memory so it maybe a letter out here or there....but if the techs watch the screen loading that's the information it gives. Dnno if it's any use.

I've been on Renderosity a lot in the last few days and had 3 virus issues that norton resolved.  And just now in the marketplace I got the pop up. 

I get a message Trojans :trojan-Clicker.js.agent.h
initially on most pages, the search of the messages I do not
 

Just an FYI the member homepages will be offline for a bit as the programmers are working on this.

Just FYI ... the FREE AVG does NOT  !! always block or Remove the infected file.. so clean your temp Inet files  and be sure to check out the AVG reports to see what was done to infected file

If it does not say Deleted or moved to Vault ..it might say Infected..
That file is still infected AND on your HD...so YOU must remove it ASAP..

Chris

I just got a warning in the Poser forum that my Mc Fee blocked a virus.

Is the file locker system down too?  Because I get a parse error when trying to laod it :(  Just a heads up..

Yes, the file lockers will be down while this is resolved.

Well good news then!!  The file locker is back uup which hopefully means your fixed :)  Thanks Karen!

You also might consider an official description of what happened and what you did to counter it.

I am not buying anything more from Renderosity until I feel safe.

Btw......heads up to everyone. Even thought my anti virus (NOrtons) caught it the pop ups.... I have so far during a scan 6 variations of Trojan.ByteVerify on my computer.

It's still scanning. I had to scan because my webpages kept refreshing and kept going backwards and forwards as I was trying to type...and this was on firefox.

I'm not very happy as I'm not very well atm and don't need the added stress of this.

I mean you expect this off a "bad site."... like a porn or crack site....but not here. (fyi i dont visit the bad sites......just saying....)

Shouldn't Renderosity contact the FBI, since the server is on US soil?  I did some checking on the URL that seems to be the origin of the problem (golnanosat.com) and it seems to be its own server/host.  Perhaps with this info, you could give the FBI the needed  information to stop these attack.

Oh blimey my computer is playing up i better scan jees dont need this either !!!

Hi Everyone!

I want to give you all the information you need to ensure your browsing protection at Renderosity and at other websites.

Renderosity experienced an unauthorized file injection incident last night and one a week ago. Our technical staff cleaned off the effected areas of the site in less than an hour both times. Since then the programmers and network system administrators have been busy trying to make sure it doesn’t happen again and tracking down the perpetrator in hopes of some legal recourse.

We obtained at lot more valuable information this time, and we have put more safeguards in place. One of those safeguards is to block those with malicious intent, and another is a new version of our Bondware software. This new version of Bondware helps detect and prevent the file injection type of attacks. The detection message gives the warning message:

"Bondware Guard: Suspicious input detected and logged. Aborting ... "

However, it is highly possible that we have filtered out some of the Bondware software’s legitimate scripts in our enthusiasm. Please keep in mind that if you see this message, it may not really be suspicious activity. We ask that you please report this to admin@renderosity.com if you see it so we can fix the legitimate site functions. We hope you can appreciate this precautionary measure we are taking for your safety.

Please also note that our Bondware software does not store any credit card information, and we go above the PCI card protection requirements. We have always taken this security in order to increase the protection of your personal info.

As always, we strongly recommend everyone to always use anti-virus software and reject any and all unsolicited download prompts when visiting ANY website because this type of Trojan is attacking several other large, popular sites.

Thank you for understanding.

Jenifer

I have a Mac and there are no Microsoft applications on my computer and didn't have any trouble or warnings. The interesting thing is also yesterday I was using my husband's computer, he has a PC and has all microsoft applications, to download some big files on Rendo and didn't get any warnings from his virus detector or had any trouble on the site. So my question is, why is it attacking some computers and not others. Could it be that it's an application that attracts the virus and not just PC with Microsoft? I know this may sound stupid and I know nothing about computers and I was just wondering why some were effected and like me, didn't have a problem either time.

Well it was a good job i checked as i had four but im rid of them now and computer is clean with no apparent damage so all is good just for info this is what i cleaned off hugs lou x

Infected: Trojan-Downloader.Java.OpenStream.ac 1     C:Documents and SettingsMEApplication DataSunJavaDeploymentcache6(2).059(2)107cd1bb-1a5183f2 Infected: Trojan-Downloader.Java.OpenConnection.ao 1     C:Documents and SettingsMEApplication DataSunJavaDeploymentcache6(2).059(2)107cd1bb-1a5183f2 Infected: Trojan.Java.ClassLoader.au 1     C:Documents and SettingsMEApplication DataSunJavaDeploymentcache6(2).059(2)107cd1bb-1a5183f2 Infected: Trojan-Downloader.Java.Agent.a 1  

You say to make sure that your anti virus is up to date... and do not download anything.

I got warnings that the site had a trojan & and refused any download....yet I was still infected SIX times. My anti virus was up to date as it was updated last week after the last hack.

Glad your sorted Lou xox

I never experienced any of that. Im curious - are the people that are having this happen using I.E.? I use Firefox and never got any of the problems or alerts that others were reporting. Also the ones that actually got infected, what operating systems? (XP or Vista?)

I run firefox, and XP (SP2) and am also curious if its just an "IE" problem???

i'm curious too. i haven't seen any of this either. SS i have AVG8 and it normally freaks out  when there is a problem.

I have Firefox 2.0.0.9, which is probably older, and Internet Exploder 7 on Vista.
First noticed the day before yesterday on the Rendo home page. IE gave me a download warning saying it was trying to download outlook.exe from the site mentioned earlier. Not seeing any earthly reason to dowload any .exe file, I declined.
Interesting thing was that it was showing as an approved Microsoft file.

I checked in Firefox also and it gave me the "Download Active X" popup, which I also declined. So, depending on your browser security settings, I wouldn't be so sure you didn't get any bad stuff just because you use Firefox.

Maybe it is due to the older version of Firefox that you got the warnings? I ran a thorough deep scan for both virus's and malware on my system during the night and it came back clean as a whistle. I run Vista - Firefox 3 - and Windows Live One as well as AVG on my system. So at this point I AM sure that I didn't get any bad stuff. 

bevans84...
well i have to accept Active x files. also i didn’t download any Microsoft files. i run virus scanner 4 times a week. Nothing.  however i did have some problems since i got service pack 3. so i had to remove it again. And since then noooo problems SS
im not sure if those things are connected somehow or ppl just being online at the "right" time and the "right" place.
maybe i just wasn’t online at the given time and just locked in after renderosity had removed, what ever was there.

Well nothing shows up here. My firefox updated to 3.0 the other day. 

I got several page Trojans from ren the other day and darned if i didn't get some malware too! Does anyone know who is doing this to the poser site stores? Because I just ran clamwin yesterday and found 3 more on current downloads from (1) here and (2) daz.  This has made me decide not to buy until I know what is up, and how to protect my puter against it.

*sigh...

Ariana 

I got this exact message when right after surfing DAZ I went to RuntimeDNA and the web page froze while it opened the main page and then I got 3 windows that opened 2 related to that "Gol" site and the 3rd was my virus protection program telling me it had detected a trojan before it landed on my system in the Java file. It wanted me to download a file and it was telling me that my system had verified it as friendly so it was "ok" to download. Which I didn't mainly because it was unusual to have that pop up when I've been a member for years and haven't seen anything like it before and my virus checker caught it.

I seem to always get this ByteVerify!exploit trojan that my checker catches, funny thing I downloaded a trial McAfee and ran it and it did not pick up the 3 trojans in the Java file. It said my system was clean and virus/trojan free. Ran my free virus checker that I get from my DSL service and it caught the trojans again. So either McAfee's was outdated even tho I was downloaded their updated free trial version, or some scanners will catch and others will not. So now it seems we need to keep 2 different versions on our systems. Can't just trust one to do the job.

Regarding the trojan, according to the virus dictionary it is an old trojan file that dates 5-10 years ago. Saying that it will become active if I were to use a web site that used the same codes and then my system could be taken over. Could it be someone is using an old program thinking it will slip under the radar or someone is infected with this and is uploading stuff in the freebies section and are unaware that they're system is infected? 

Or do you think their goal is to get free Poser content by slipping in and downloading our bought stuff from the Members page. I say this because it seems to be directed to the 3d community. Most likely the sites are known to have business transactions and therefore they install the virus to catch card numbers. I was infected back in November with this and just recently at the date this thread started. I sent RDNA an email about it and gave them all the information I had on the exact time the virus checker caught and all the info from the pop up windows. I haven't heard from them but I haven't checked their forums either to see if anyone has mentioned anything.

Keep your checker updated but during times like these when an outbreak crops up, might be a good idea to run a second checker program JUST to be on the safe side.

Just the idea of someone piggybacking into my purchases is a frightening thing! I have thousands of $$$ tied up in ren alone! *sigh.....

This truly is icky!

Hugs

Ariana