www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan?

Discussion in 'NOD32 version 2 Forum' started by Devinco, Sep 15, 2005.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I couldn't access Wilder's today for hours, now is the first time I don't get an IMON warning.
    No matter where I would link into www.wilderssecurity.com IMON would alert:

    Threat detected.
    https://www.wilderssecurity.com/
    probably a variant of VBS/TrojanDropper.Bomgen.G trojan

    Did anybody else get that warning?
    I still got warning after updating to current sigs 1.1218 (20050915).
    I submitted the file to ESET. No response yet.
    I scanned it with TDS-3, but it came up clean.
    What do you think it is/was?

    Thanks
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Are you running any other realtime security scanners?
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Hi Ronjor,

    Just the Spybot teatimer and Spyware Guard.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Hi Devinco :)

    I was curious to know because I had no warnings on Wilders with the latest NOD update and I have no other realtime scanners running.
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    No probs here either.
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Ronjor,

    I'm glad you are still here!
    I'm curious about it too. Not being able to access Wilder's caused me much grief! :D
    I did submit it. I then took it out of nod32 quarantine so I could scan it with TDS-3. It showed clean. Scanned the index.php local on my machine (outside of quarrantine) with NOD32 again and the warning came up again.
    I never executed the index.php file. I then deleted it because I don't like to take chances.
    It is no longer in quarrantine. I don't have a good unerase program just the old useless norton unerase wizard that couldn't recover it anyway.
    Can you recommend a good unerase program (not forensic quality, just something simple)?
    Do you think I should try to recover the deleted index.php and try to submit it somewhere?

    Thanks
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Thanks.

    If you submitted it, I'm sure they will look at the file. It may have been a conflict between scanners.

    Eraser
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Thanks Ronjor!

    I've been wanting to try that one for some time.
    But Eraser doesn't appear to have an unerase / undelete function, does it?
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    I'm sorry. I was thinking delete. :D Free undelete
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Thanks again Ronjor!

    Nice program.
    I guess the mysterious index.php is really gone. It couldn't recover the file. I guess other data must have overwritten the area in the mean time.
    Well at least ESET has it.
    If ESET gets back to me, I'll update this thread.
     
  11. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Restoration http://www.snapfiles.com/get/restoration.html
     
  12. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Thanks The Hammer.

    Next time I won't be so quick to delete it!
    As long as it doesn't execute or cause a buffer overflow by opening the file with a program, it should be safe.
     
  13. jayt

    jayt Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    345
    Location:
    PA - USA
    Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

    Don't know if this is pertinent or not, but for a period of time early this morning (1 or 2 a.m.) Wilders Security Forums was not able to be accessed by me. Later it was not a problem. I thought perhaps the server was down?
     
Thread Status:
Not open for further replies.