When I opened this forum just now my antivirus said it detected, blocked, and treated a trojan named vbulletin_read_marker

I have never had this happen before. I closed the window & re opened it & this time it opened normally.

Edit - Check that. This time the popup window was behind the browser. I get the message every time I open the forum.

Which browser are you using? I don't see anything like that using Firefox.

I am using firefox. It just started doing it today.

It did it to me this morning, too.

I get a "virus/malware blocked" notice regularly from this site.

Don

vbulletin_read_marker is not a "trojan." It's a small piece of JavaScript the forum software uses to support the "mark as read" feature. Your malware alerter is a little too sensitive.

Thanks for chiming in, Ron. I've never seen this script get flagged as malware before - as you said, it definitely isn't. I just ran vBulletin's diagnostics to be sure, and all the files check out.

vbulletin_read_marker is not a "trojan." It's a small piece of JavaScript the forum software uses to support the "mark as read" feature. Your malware alerter is a little too sensitive.

If so, then why did it just start yesterday, and why does it not do it on any other vbulletin site I go to?

Why it just started happening, I have no idea. Perhaps your software changed it's signatures it is looking for.

Unfortunately, there are gazillions of versions of vBulletin outthere and hundreds of add-on packages to the extent that no two vBulletin sites are the same. This one (as my site is as well) is running a fairly recent (not the latest 4.2 release which is 4.2.4 and there are some serious security bugs unrelated to the subject of this tread that Hal may wish to check to see if it is worth updating). They're actually up to verion 5 now, but a lot of people are a bit reticent to switch to that because it's not trivial and there has been some problems with it.

At least this board is a whole lot better off than POA or AOPA who are still running 3.x versions.

Well, as of this morning it isn't doing it anymore, and I have not changed any settings on my antivirus.

Well, as of this morning it isn't doing it anymore, and I have not changed any settings on my antivirus.

Same for me. It stopped after it was reported by Mike. I haven't seen it since 8/25.

Don

Got this a minute ago:

Norton Blocked a attack by:
Web Attack: Sweet Orange Exploit Kit Website.

I'm using Internet Explorer.

Thanks for the heads-up, Kyle - I'm not seeing anything malicious on this end. Kaspersky isn't reporting anything, the vBulletin diagnostics don't show any suspect files, and our hosting company just ran a full malware scan that came back clean.

Thanks for the heads-up, Kyle - I'm not seeing anything malicious on this end. Kaspersky isn't reporting anything, the vBulletin diagnostics don't show any suspect files, and our hosting company just ran a full malware scan that came back clean.

It happened when I opened the forum, but could have come from an advertisement on another page I had open simultaneously. Who knows.

Thanks for the follow-up.

As of this AM it is back. I have not changed any settings.

This should be fixed now - thanks for the heads-up, Mike.

It looks like it - It did it this AM when I logged on but not this time.

This AM I am getting the virus warning again

This was resolved yesterday, but I'm seeing indications that the file in question may have been compromised yet again - we're investigating.

This morning is OK - I wonder if something in the software is updating itself causing it to keep coming back?

It is back. Wasn't there this AM when I checked in but just now it is back.

Ugh - thanks for the heads-up, Mike. I've let the hosting company know.

Fixed...again. I'm trying to get to the bottom of why this keeps happening...