www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan?

I couldn't access Wilder's today for hours, now is the first time I don't get an IMON warning.
No matter where I would link into www.wilderssecurity.com IMON would alert:

Threat detected.
https://www.wilderssecurity.com/
probably a variant of VBS/TrojanDropper.Bomgen.G trojan

Did anybody else get that warning?
I still got warning after updating to current sigs 1.1218 (20050915).
I submitted the file to ESET. No response yet.
I scanned it with TDS-3, but it came up clean.
What do you think it is/was?

Thanks

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Hi Ronjor,

Just the Spybot teatimer and Spyware Guard.

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

No probs here either.

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Ronjor,

I'm glad you are still here!
I'm curious about it too. Not being able to access Wilder's caused me much grief!
I did submit it. I then took it out of nod32 quarantine so I could scan it with TDS-3. It showed clean. Scanned the index.php local on my machine (outside of quarrantine) with NOD32 again and the warning came up again.
I never executed the index.php file. I then deleted it because I don't like to take chances.
It is no longer in quarrantine. I don't have a good unerase program just the old useless norton unerase wizard that couldn't recover it anyway.
Can you recommend a good unerase program (not forensic quality, just something simple)?
Do you think I should try to recover the deleted index.php and try to submit it somewhere?

Thanks

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Thanks Ronjor!

I've been wanting to try that one for some time.
But Eraser doesn't appear to have an unerase / undelete function, does it?

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Thanks again Ronjor!

Nice program.
I guess the mysterious index.php is really gone. It couldn't recover the file. I guess other data must have overwritten the area in the mean time.
Well at least ESET has it.
If ESET gets back to me, I'll update this thread.

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Restoration http://www.snapfiles.com/get/restoration.html

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Thanks The Hammer.

Next time I won't be so quick to delete it!
As long as it doesn't execute or cause a buffer overflow by opening the file with a program, it should be safe.

 

Re: www.wilderssecurity.com index.php infected with VBS/TrojanDropper.Bomgen.G trojan

Don't know if this is pertinent or not, but for a period of time early this morning (1 or 2 a.m.) Wilders Security Forums was not able to be accessed by me. Later it was not a problem. I thought perhaps the server was down?