I doubt this will get read much here, but I didn't know where else to post it.

Since about 24 hours ago, every time I open a page on this site I get a virus warning from my anti-virus program. I hit the appropriate button to kill it, but then I open a new page and get "Virus identified JS/downloader agent".

My anti-virus can't identify it, and the only thing I've downloaded in the past week was pictures of my car that I took with my cell phone and sent to myself.

Anybody else?

I have noticed a slight difference in how this site is workng as well. I used to be able to just click the back button after reading a topic, but now I have to click it many times to actually go back. Appears my issue is with the Ads on the page (I am guessing there have recently been a couple new ones maybe or an alteration to the settings or timing on the ad rotation.

In some cases, sub web functions are done in JavaScript (JS), which could be causing the problem.

Depending upon how this website allows for ad space, it is possible an actual ad itself is producing the JS problem (not sure which it would be at the moment). Some places only accept images for ads while others allow for links to their image/scripts instead of just housing the image locally. In the case of the using links, this website may have no clue what is actually being linked.

I am constantly scanning all websites I visit and have not recieved any warnings myself (just the odd behavior with the back button, typically caused by certain methods of placing ads on a webpage). I use SpyHunter 3 (after trying many other brands in the past that failed to work well), which was just updated yesterday.

Anyways, chances are if the website is creating the issue it may just be assuming the JS is bad, when it isnt. Best way to tell is to capture the JS code, or determine if your scanner is associating a specific name to the potential problem...if so that will be your best way to find out. You can also disable JS in internet explorer but many things may not work correctly (or at all) if you do.

If it tells you a specific name for the problematic JS, let us know. I may be able to help track it down and find out what it really is and if it is actually coming from this site.

I have noticed problems in using back button. I will notify the admin. Thanks for the heads up. I thought it might just be my computer.

OK, there is potentially a serious problem on the website (potential, as in I have not yet determined the true scope to this yet as I dont have alot of time at the moment)

What Rosso is experiencing is most likely not a fluke, nor innocent. It looks like this site may have been compromised and is loading an invisible Iframe upon visiting this site (I can verify it is happening upon visiting this site and not others) This is allso the cause to my Back button issues as well. I have not yet determined the scope of the problem but this is most likely malware and you DO NOT want it.

An Admin or someone who has access (or can contact an admin of this site) needs to check into this ASAP. There is a javascript that is being reported as Malware being loaded upon visting this site. It is malware that is being targeted to forums (what it actually does I am not certain of yet), but it said to be a 3rd wave attack from China. Starts to add up a little as we've recently had several new members signing up using the forum to place ads for China distributors, which have been getting locked. No clue if they have anything to do with it or not, possibly just coincidence.

However, the issue at hand generally involves someone who makes an account, and through a site vulnerability is able to make themselves an admin (this is generally not too difficult on most sites such as this if they use pre-existing code without modifying it). At which point they ad a few parts to the site. Typically it will include an invisible iFrame added to the home page, as well as adding some parts into the database (SQL is attacked the most it seems, although ASP pages are also targeted for this malware).

IMPORTANT: DO NOT CLICK ON OR TRY TO VIEW THE FOLLOWING PAGE.
This is only shown to provide the initial link that has been added to this site that may be providing the malware. Check this link against your recent activites, your history, etc, but do not actually go to this site. I suggest you also add this to your deny list on any firewall, Internet Explorer, Virus and Adware scanners.

h ttp://xxxmovies.dip.jp/15/js_go_f1.php

A space was included between the H and T on purpose, so that simply copying/pasting or clicking on it will not produce a viable link. Remove the space when using it for adding to any DENY list.

For me, just visiting volvo-forums will cause the above link to show up as the last page visited and is causing my BACK button not to work because it keeps trying to go there instead of where I actually was last.

This malware in intended to attack Internet Explorer users and may not affect anyone using Opera, Mozilla, or other popular browsers.

It is suggested that you TURN OFF JavaScript Running in your Internet Explorer settings to help avoid this issue.

I will try to determine more later when I get time. Until then, someone who knows or can contact an admin directly, please try to get them to look into this...someone with access to the database and the php code needs to look.

Seems to be working fine for me today. I'm guessing somebody squashed it.....?

Well I was having the problem as mentioned above just a fewminutes ago, but now cannot get it to appear anymore.

The only difference I can find with the site is that the new (or what seemed to be new to me) ad that shows at the top of the page is no longer cycling through. I dont recall what the ad was for but it was the only Yellow colored ad. I have been refreshing a ton of times to try to get it to come up again, but it won't. It now seems only the original 2 are appearing (the Noxudol ad and the one for the tires).

The yellow ad that wont appear for me anymore was a Flash ad, and such things can be imbedded into them. It's possible that ad was causing the problem, although I am not sure at this point, but I dont recall having the problem when the ad wasnt there, noticed the problem when I actually noticed the yellow ad was there, and now that I cannot get it to appear anymore I can no longer get the potentially problematic JS and or odd link to appear anymore.

Hopefully it was correctly that easily.

PS: my back button is working here again too :)

Finally got the yellow ad to reappear (it was the Penzoil one), although there was no repeat of the problem when it did.

No clue what was going on, but it appears to be back to normal again.

JKS, does your back button work properly now as well?

you know, now that you guys have mentioned it, my computer is wonky sometimes. byrds http address is right on the money also. i really do think it was one of those **^(%^( chinese member posts. i run two different systems and only the one that i check out the forum gets werid, the other has a seperate harddrive and is clean.

Back button seems to be working now. I posted in the moderators forum to the admin letting them know about the problem. Haven't gotten a reply yet, but maybe they took care of it.