Attention: TDR Forum Junkies 
Steve St.Laurent
Staff Alumni
FYI - at least 3 of our users have been infected by a new type of virus. As soon as I was made aware of it I researched it as best I could quickly and then shut the forums down to stop the spread. This virus watches for message post forms on your browser and if it sees you posting a message it inserts text and a link to the virus installer. If you click on that link and run the program then your PC is infected and all your posts from that point forward will have the text and link in it as well. I can't find where any of the anti-virus companies have found this virus so far. I have found 3 other vBulletin sites that have posts with this problem on it and several yahoo groups. It didn't appear until June 23rd it looks like. Keep in mind that thi virus is NOT here on our servers - it is on the individual users PC and simply puts a link on here. Thus far the text it inserts is:
and then there is a link to a site with a . exe (without the space) file. The users that I know are infected on our site right now are EricBu12, Grizzly, and B. G. Smith. If you have clicked on that link then you are infected as well and that link will be added to all of your posts as well.
For now I have added a filter that will filter out . exe (without the space) which will stop this from spreading to other users. It will not however stop the text or the link from being added to your posts - it will just make the link not work. If you have been infected by this please after you make a post go back and edit your post and remove that text. I'm starting work on a filter that will find that text and the url and remove it if it's in posts but it probably won't be up and running until tomorrow.
Your help on keeping the posts clean until that's in place would be GREATLY appreciated. Keep in mind that if you are infected with this it will probably affect you on any forums or discussion areas you post to (I've found it on several yahoo groups as well as 3 other vB sites). Those sites probably don't have a filter in place to remove the exe extension so it will propagate further from your posts there. If you have been infected by this virus then you need to contact your anti-virus software supplier and get them working on the problem. Being that this is a very new virus they may not even be aware of it at this point in time.
UPDATE:
Ok folks. I have the filter in place now. Now if anyone has this virus the text will be removed and the link will be changed to say that executable files cannot be linked. I'll post right below this just what the virus would post so you can see it:
…
LINKS TO EXECUTABLE FILES NOT ALLOWED
So that's all you'll see on your posts if you have the virus. This will protect from it spreading further. I'm sure that other variants will come out so if you see wierd stuff at the beginning of posts please let me know and I can add that text to the filter. By stopped executable links that will stop any spread.
There is one issue however. If a website address has . exe in it that address is going to be killed as well. For example an address like www.executive.com would come out like this:
LINKS TO EXECUTABLE FILES NOT ALLOWEDcutive.com
I couldn't come up with a solution to that problem. But given the option of spreading a virus or this problem protecting our users is more important.
-Steve St. Laurent
Webmaster
and then there is a link to a site with a . exe (without the space) file. The users that I know are infected on our site right now are EricBu12, Grizzly, and B. G. Smith. If you have clicked on that link then you are infected as well and that link will be added to all of your posts as well.
For now I have added a filter that will filter out . exe (without the space) which will stop this from spreading to other users. It will not however stop the text or the link from being added to your posts - it will just make the link not work. If you have been infected by this please after you make a post go back and edit your post and remove that text. I'm starting work on a filter that will find that text and the url and remove it if it's in posts but it probably won't be up and running until tomorrow.
Your help on keeping the posts clean until that's in place would be GREATLY appreciated. Keep in mind that if you are infected with this it will probably affect you on any forums or discussion areas you post to (I've found it on several yahoo groups as well as 3 other vB sites). Those sites probably don't have a filter in place to remove the exe extension so it will propagate further from your posts there. If you have been infected by this virus then you need to contact your anti-virus software supplier and get them working on the problem. Being that this is a very new virus they may not even be aware of it at this point in time.
UPDATE:
Ok folks. I have the filter in place now. Now if anyone has this virus the text will be removed and the link will be changed to say that executable files cannot be linked. I'll post right below this just what the virus would post so you can see it:
…
LINKS TO EXECUTABLE FILES NOT ALLOWED
So that's all you'll see on your posts if you have the virus. This will protect from it spreading further. I'm sure that other variants will come out so if you see wierd stuff at the beginning of posts please let me know and I can add that text to the filter. By stopped executable links that will stop any spread.
There is one issue however. If a website address has . exe in it that address is going to be killed as well. For example an address like www.executive.com would come out like this:
LINKS TO EXECUTABLE FILES NOT ALLOWEDcutive.com
I couldn't come up with a solution to that problem. But given the option of spreading a virus or this problem protecting our users is more important.
-Steve St. Laurent
Webmaster
Last edited:
