The Dude Posted September 6, 2007 On the main sab website (http://www.shaman-australis.com.au) my version of Kasperski found this "Trojan-Downloader.JS.Psyme.me". Someone might want to look into this. Share this post Link to post Share on other sites
apothecary Posted September 6, 2007 I don't discount the possibility entirely, but it is more likely that this trojan has infected your browser rather than the SAB site. Share this post Link to post Share on other sites
Torsten Posted September 6, 2007 nope. certainly not in that directory. I've asked tech support to check it out, but as they run trojan filters anyway I doubt it would get through. Share this post Link to post Share on other sites
The Dude Posted September 6, 2007 nope. certainly not in that directory. I've asked tech support to check it out, but as they run trojan filters anyway I doubt it would get through. wow that's weird as. It only blocks it when i go onto www.shaman-australis.com.au. I'm real confused, so that means i have an infection that only pops up when i visit that address, and then has kasperski pop up to delete it.. when i already have it anyway??? Share this post Link to post Share on other sites
FungalFractoids Posted September 6, 2007 Delete your cookies... Share this post Link to post Share on other sites
chilli Posted September 6, 2007 Arthur: What happens now? Bedevere: Well, now, uh, Lancelot, Galahad, and I, uh, wait until nightfall, and then leap out of the rabbit, taking the French, uh, by surprise. Not only by surprise, but totally unarmed! Arthur: Who leaps out? Bedevere: Lancelot, Galahad, and I, uh, leap out of the rabbit, uh, and uh... Arthur: Ohh. Share this post Link to post Share on other sites
The Dude Posted September 7, 2007 Arthur: What happens now?Bedevere: Well, now, uh, Lancelot, Galahad, and I, uh, wait until nightfall, and then leap out of the rabbit, taking the French, uh, by surprise. Not only by surprise, but totally unarmed! Arthur: Who leaps out? Bedevere: Lancelot, Galahad, and I, uh, leap out of the rabbit, uh, and uh... Arthur: Ohh. dudum tsshh Share this post Link to post Share on other sites
tonic Posted September 12, 2007 I am getting the same problem, can't visit the SAB store. Share this post Link to post Share on other sites
Thelema Posted September 13, 2007 yes i had a brief flash at the bottom of my screen directing to a lady-love website or something when I last visited last week. it never materialized however. Share this post Link to post Share on other sites
Torsten Posted September 13, 2007 damn, I found the ladylove website and have deleted it. This was written into the file from inside the server as my HD copy of the file was clean. I scanned the files with kaspersky's online scanner and it didn't find anything. Share this post Link to post Share on other sites
SaBReT00tH Posted September 14, 2007 who wrote the virus in?? are you controlling our computers Torsten!! ? Share this post Link to post Share on other sites
Torsten Posted September 14, 2007 I don't know much about how this works and would love to hear from those who might know. I presume that a script made it onto my server and is propagating itself onto certain pages. Just not sure how it made it onto that one cos there are no actual scripts on that page. Share this post Link to post Share on other sites
apothecary Posted September 14, 2007 OK not really sure how this virus works, but a little bit of research shows it is some sort of worm run by the Russians (hardly unusual). Judging by the hojillions of hacked pages that you can see on google by searching psyme-me (DO NOT CLICK ANY OF THOSE LINKS!) it's probably spread by the Russians exploiting some hole as soon as it is discovered and hitting all the websites they can. Check this forum out http://www.delta3d.org/forum/viewtopic.php...showtopic=10236 Share this post Link to post Share on other sites
ethnodude Posted September 23, 2007 i just did a virus scan and Trojan-Downloader.JS.Psyme.me came up. i decided to do a search for it and low and behold i found this post. i had just been looking through some of sab's stock. i won't be ordering anything until i know this has been cleared up. don't want to panic anyone but watch your tracks. big brother is among us. you've been warned. hopefully t can get this cleared up asap. Share this post Link to post Share on other sites
Torsten Posted September 24, 2007 it is cleared up! the virus was deleted weeks ago. you must be getting a cached copy from your ISP. in any case, this was only on the homepage. there have been no reports of any viruses on other pages. you can enter the store without going to the homepage by going here: http://www.shaman-australis.com.au/Website...ageframeset.htm Share this post Link to post Share on other sites
tonic Posted September 24, 2007 I am getting it on that page too. Share this post Link to post Share on other sites
ethnodude Posted September 24, 2007 (edited) thanks for that t, is this a common virus that i may have picked up somewhere else? its just a rather large co-incidence that i was browsing SAB when i found it and i this post was found. glad to hear its not from sa. Edited September 24, 2007 by ethnodude Share this post Link to post Share on other sites
ethnodude Posted September 24, 2007 I am getting it on that page too. well there you go. so is it cleared up or not t? if your not sure i think its irresponsibles to say it is. either way i wont be ordering until i'm sure. last thing i want is for some russian to steal my identity. Share this post Link to post Share on other sites
Torsten Posted September 24, 2007 I am getting it on that page too. this is the source code I get for that page as of 24/9/2007 [no psy.me]. if you get something different then your ISP is using an old version. are you on dial up or ADSL? Shaman Australis Ethnobotanicals (Australian & International Ethnobotanicals) Shaman Australis Community http://www.shaman-australis.com.au/Website/Shamanmainpageframeset.htm"> src="Aboriginaldance1asmall.jpg" border="5"> Native & Exotic Ethnobotanical Seeds, Plants, Herbs & more http://www.shaman-australis.com/%7Eclaude/index.html">http://www.shaman-australis.com/%7Eclaude/index.html"> http://www.shaman-australis.com/%7Eclaude/index.html" target="_blank">Claude de Contrecoeur memorial https://204.157.37.250:2096/"> color="#FFFF33">member's mail Share this post Link to post Share on other sites
tonic Posted September 24, 2007 (edited) I have ADSL T. It's Telstra though and have had various problems and hiccups with these bastards since I have had the broadband. It's a bummer as I was looking at ordering some stuff from the store soon and don't want to as I can't really be dealing with a virus at this point. Unless it's got something to do with this kapersky program, which seems to be the main program picking up on this psy.me thing. Bloody internet! Can't live with it, can't live without it. EDIT: This is the only code I can get as I am totally blocked out unless I 'allow' this virus into my system. <html> <head> <title>Kaspersky Internet Security 6.0</title> </head> <body> <h1>Kaspersky Internet Security 6.0</h1> <p>The requested URL <u>http://www.shaman-australis.com.au/Website/Shamanmainpageframeset.htm</u> is forbidden</p> </body> </html> Edited September 24, 2007 by Phosphene_Dream Share this post Link to post Share on other sites
Torsten Posted September 24, 2007 sorry, not much I can do about it. mayb you can complain to telstra to refresh the cache for that page? Share this post Link to post Share on other sites
apothecary Posted September 24, 2007 Ok, I just checked on a fresh windows XP install, using Kapersky Internet Security 7.0 trial version, checked the SAB main page, webstore and forums with no Psy-me found. Also examining the source of the page torsten posted I see no malicious scripts. My recommendation is to use CTRL+SHIFT+R on the website to clear the cache and request a fresh copy from the server. Share this post Link to post Share on other sites
ethnodude Posted September 28, 2007 za security suite keeps getting spyware on the s-a store main page. something like young blonds with big tits. just a heads up. Share this post Link to post Share on other sites
ethnodude Posted September 28, 2007 just deleted cookies and seems ok now. strange. Share this post Link to post Share on other sites
Torsten Posted September 28, 2007 I haven't edited anything on that page, so it's got nothing to do with my end. Share this post Link to post Share on other sites