Showthread.php - Kryptik.ABPF trojan

[Bob DAmico]

Various anti-virus software is popping up for users with a warning on our Forums index page:
"....hxxp:patmcleod.osa.pl/showthread.php?t2 [nonactive]  a variant of Win32/Kryptik.ABPF trojan"

NOD32 is catching and quarantining it on my PC as well as a file that is immediately downloaded to:
\Users\Bob\Local\Temp\fsa66917.exe

I run a thorough NOD32 Virus scan two or three times per week on this PC even though it takes nearly 8 hours. As of yesterday the PC was clean.
I also run Spybot S&D each week, no issues.

Google Webmaster Tools advises no issues.

Am thinking that that best solution is to upgrade to SMF 2 however are there any immediate fixes I can do with SMF 1.1.16?

URL: hxxp:bringseanhome.org [nonactive]

[Bob DAmico]

I should have added that the site is on a dedicated server and my provider ran a full scan yesterday without finding anything amiss.

[busterone]

What else are you running besides SMF, or do you have some custom code installed?  showthread.php is not an SMF file.

[Kays]

Hi Bob DAmico, welcome to SMF.

If your forum was converted from vBB, there could be a showthread.php. What I would suggest you do is to go through all of the folders with an ftp client and look for any files which have been changed recently. Open them up and check to see if any code has been added either at the begin or at the end of the file. Also look for any files with odd looking names.

[Bob DAmico]

Thank you - I was looking for showthread.php yesterday and couldn't locate it on the server.

Kays is correct, the Forums were converted from vBB in 2010.

I just did the large upgrade to SMF 2.02 and it's working without any problems. I use vBB on one of my commercial sites and have to say that SMF is a thousand light years ahead of vBB installation and upgrade processes.

[JimM]

Welcome to SMF Bob.

Glad the upgrade solved your issue. Please mark this topic solved by clicking the Mark Topic Solved link at the bottom left.