Nopesport

[Tatty]

Where/how do you get a "free routekit checker" from Can you recommend one please.

[Adrian]

AVG picked the threat up and "healed" it.

[Adrian]

Where/how do you get a "free routekit checker" from Can you recommend one please.

Google came up with http://www.sophos.com/en-us/products/fr ... otkit.aspx

[Nimby]

<edit> another vote for Sophos as just mentioned,
but it's probably better to run a scan after booting from a CD such as
http://www.hiren.info/pages/bootcd

as rootkits can hide themselves very well if you've already booted from an infected system.

[Tatty]

Thank you. Sophos running as I type

[widdershins]

All I can say is:
I am glad that google caught it for me ,

and then headed here and found this thread.

D

[Scott]

AVG picked the threat up and "healed" it.

Purely as a matter of interest, can you get a name for the trojan in question from the AVG log?

[DeerTick]

Must just be me then, probably naive. I'm not detecting anything funny and the source code for the BOF page doesn't show anything that looks as if it shouldn't be there. I use Opera on Windows XP and have AVG.

AP

[Scott]

Apparently the offending bit of JavaScript was removed from the BOF site about 8.45am today (I can confirm that it was definitely there yesterday evening). It'll take a while for the site to get de-blacklisted, though, and last I heard BOF were still waiting for the hosting company to confirm that the original security breach has been fixed.

[DJM]

Quote from Mike Hamilton:

There was a problem late last night through to about 8;45 this morning but the malicious code has now been cleared. Google (and Chrome) will continue to show this message until later today as it is an automated response which will take some time to clear. There remains a security problem with the web site until our web hosting company can confirm they have resolved the security breach.

I can confirm that the site is ok to use however.

[Paul Frost]

There remains a security problem with the web site until our web hosting company can confirm they have resolved the security breach

Then it's not fixed, and it could be re-infected.
I had a similar experience many years ago when every index.html file on the entire server was injected with some code. I remember cleaning every page from several sites (took hours) and then the same thing happened the next day, I think it took 3 attempts before it was blocked permanently by the hosting company.

[Adrian]

AVG picked the threat up and "healed" it.

Purely as a matter of interest, can you get a name for the trojan in question from the AVG log?

Agent_r.AJL

[frog]

Anyone knoe if it's safe to go on it yet? I have a training event to add but don't want to lose my computer for several hours.

[Oldman]

It seems to have been resolved. If you Google BOF, your AV software should show whether the site is safe to visit or not. BOF was flagged as "This site may harm your computer", but is longer given that status.

[ricardito]

<edit> another vote for Sophos as just mentioned,
but it's probably better to run a scan after booting from a CD such as
http://www.hiren.info/pages/bootcd

as rootkits can hide themselves very well if you've already booted from an infected system.

Thanks -downloaded both. (I have Firefox tabs that re-load the fixtures pages every time it starts. No idea yet if they are affected, but it won't hurt to do some health checks anyway).

By the way, for anyone else struggling to see a download button on that hiren.info page, I eventually went to http://www.hirensbootcd.org/download/