)James Posted October 28, 2015 Report Share Posted October 28, 2015 Received the above message when loading Maxthon browser version v4.4.6.200.My antivirus is Avast and the message readURL: http://safeurl.maxthon.cn/data/img/17/logo1445704305.pngInfection:JPG:PHPAgent-B [Trj]Process:C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe I've used Maxthon as my main browser for over a year without a problem does anyone know what this problem is or have had a similar problem?This site https://www.whitefirdesign.com/blog/2014/07/07/hackers-hiding-malicious-code-in-exif-data-of-images/Suggest this is Hackers Hiding Malicious Code in Exif Data of ImagesSo does anyone know what's going onThanks for any reply james Link to comment Share on other sites More sharing options...
aidanodr Posted October 28, 2015 Report Share Posted October 28, 2015 Hiya James,Yip same thing here this morning.Im getting cheesed off with this now. First we had that mystery icon on the speed dial type page which has now disappeared after this recent update ( apparently sorted now as per other thread ). Now we have this trojan being picked up by avast all of a sudden - JPG:PHPAgent-B [Trj]https://www.whitefirdesign.com/blog/2014/07/07/hackers-hiding-malicious-code-in-exif-data-of-images/To be honest. Understandably? my confidence in this browser is quiet low now, especially if logging into sites and/or buying stuff online and/or online banking?Has it compromised our whole machine at this stage? Link to comment Share on other sites More sharing options...
slank Posted October 28, 2015 Report Share Posted October 28, 2015 Received the above message when loading Maxthon browser version v4.4.6.200.My antivirus is Avast and the message readURL: http://safeurl.maxthon.cn/data/img/17/logo1445704305.pngInfection:JPG:PHPAgent-B [Trj]Process:C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe I've used Maxthon as my main browser for over a year without a problem does anyone know what this problem is or have had a similar problem?This site https://www.whitefirdesign.com/blog/2014/07/07/hackers-hiding-malicious-code-in-exif-data-of-images/Suggest this is Hackers Hiding Malicious Code in Exif Data of ImagesSo does anyone know what's going onThanks for any reply james Has Avast been updated recently? I suggest you visit their forum or contact them directly. They are usually really quick clearing/correcting false positives. Link to comment Share on other sites More sharing options...
slank Posted October 28, 2015 Report Share Posted October 28, 2015 Hiya James,Yip same thing here this morning.Im getting cheesed off with this now. First we had that mystery icon on the speed dial type page which has now disappeared after this recent update. Now we have this trojan being picked up by avast all of a sudden - JPG:PHPAgent-B [Trj]https://www.whitefirdesign.com/blog/2014/07/07/hackers-hiding-malicious-code-in-exif-data-of-images/To be honest - thats it for me. I cannot use this browser any more, you would be an idiot to do so especially if logging into sites and/or buying stuff online and/or online banking.Has it compromised our whole machine at this stage? See ya! Link to comment Share on other sites More sharing options...
aidanodr Posted October 28, 2015 Report Share Posted October 28, 2015 Hey Slank,Thats a bit trite.In fact I edited my post to reflect my concern in a better worded way.It is understandable to be wary or concerned about this. First how were we to know this advert that appeared out of the blue was legit. Now we have this trojan being picked up all of a sudden. Two things like this - one after the other OF COURSE is going to cause concern as we use our browsers with alot of very personal data like logins and online banking. Do you think businesses would be confident with usage of Maxthon with this type of activity going on .. I dont think so.So please, if you are not going to be helpful just dont bother saying anything ... Your "advice" so far seems to based on "Its everyone elses fault and not Maxthons fault". Fine, but thats your opinion which you have every right to. But everyone else has a right to their opinion also like being concerned for there online security. So for the moment I have moved, I have to be careful using browsers & trust antivirus - I cannot afford my paypal or my online banking to be compromised. A reasonable stance to be taken I should think. Link to comment Share on other sites More sharing options...
)James Posted October 28, 2015 Author Report Share Posted October 28, 2015 Has Avast been updated recently? I suggest you visit their forum or contact them directly. They are usually really quick clearing/correcting false positives.Can you say for certain this is a false positive?I''l contact avast but a I think caution should be advised until we have knowldge that this is a false positive.James Link to comment Share on other sites More sharing options...
A.S. Posted October 28, 2015 Report Share Posted October 28, 2015 Where are you from?Recently more and more users complain about viruses in Maxthon. Maxthon does not comment this and does not try to understand the reasons. "This is not our fault". But more and more users write about this. Maxthon has very bad reputation in Russia. Because ex-ambassador created fake MX websites and groups and very often post own build of MX with unwanted software there. For example, Avast says that "guards of settings" from Mail.Ru Group and Yandex are malware. What does Maxthon do to stop russian fake groups and websites? Nothing.More and more users write about build-in DNS Unlocker. What does Maxthon do with this? Nothing again. Just "This is not build in. This is not our fault". What should MX do? They should find the source and protect users. But they just does not try.So I'm asking: Where are you from?If another user ask about the same infection we'll know what we should ask him.*Prt Sc* Link to comment Share on other sites More sharing options...
aidanodr Posted October 28, 2015 Report Share Posted October 28, 2015 For the record. I got the exact same error as James in OP: ( Copied and pasted from AVAST )URL: http://safeurl.maxthon.cn/data/img/17/logo1445704305.pngInfection: JPG:PHPAgent-B [Trj]Process: C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe Link to comment Share on other sites More sharing options...
)James Posted October 28, 2015 Author Report Share Posted October 28, 2015 Where are you from?Recently more and more users complain about viruses in Maxthon. Maxthon does not comment this and does not try to understand the reasons. "This is not our fault". But more and more users write about this. Maxthon has very bad reputation in Russia. Because ex-ambassador created fake MX websites and groups and very often post own build of MX with unwanted software there. For example, Avast says that "guards of settings" from Mail.Ru Group and Yandex are malware. What does Maxthon do to stop russian fake groups and websites? Nothing.More and more users write about build-in DNS Unlocker. What does Maxthon do with this? Nothing again. Just "This is not build in. This is not our fault". What should MX do? They should find the source and protect users. But they just does not try.So I'm asking: Where are you from?If another user ask about the same infection we'll know what we should ask him.*Prt Sc*I'm from the UK James Link to comment Share on other sites More sharing options...
BugSir007 Posted October 28, 2015 Report Share Posted October 28, 2015 Hey guys,Thanks for reaching out.I have asked our team to check the issue.The problem was that our safe url was hacked. Now everything is safe. Link to comment Share on other sites More sharing options...
)James Posted October 28, 2015 Author Report Share Posted October 28, 2015 Hey guys,Thanks for reaching out.I have asked our team to check the issue.The problem was that our safe url was hacked. Now everything is safe.One member on the Avast forum provided me with a link to test possible infected URL's Here's the link https://www.virustotal.com.Running the URL test gave the results as :- The result is as followsURL already analysedThis URL was last analysed by VirusTotal on 2015-10-28 09:13:24 UTC, it was first analysed by VirusTotal on 2015-10-28 09:13:24 UTC.Detection ratio: 0/65You can take a look at the last analysis or analyse it again now.The analyse said URL Scanner ResultCloudStat Clean siteADMINUSLabs Clean siteAegisLab WebGuard Clean siteAlienVault Clean siteAntiy-AVL Clean siteAvira Clean siteBaidu-International Clean siteBitDefender Clean siteBlueliv Clean siteC-SIRT Clean siteCLEAN MX Clean siteCRDF Clean siteComodo Site Inspector Clean siteCyberCrime Clean siteDr.Web Clean siteESET Clean siteEmsisoft Clean siteFortinet Clean siteFraudScore Clean siteFraudSense Clean siteG-Data Clean siteGoogle Safebrowsing Clean siteK7AntiVirus Clean siteKaspersky Clean siteMalc0de Database Clean siteMalekal Clean siteMalware Domain Blocklist Clean siteMalwareDomainList Clean siteMalwarePatrol Clean siteMalwarebytes hpHosts Clean siteMalwared Clean siteNetcraft Clean siteOpenPhish Clean siteOpera Clean sitePalevoTracker Clean siteParetoLogic Clean sitePhishtank Clean siteQuttera Clean siteRising Clean siteSCUMWARE.org Clean siteSecureBrain Clean siteSpam404 Clean siteSpyEyeTracker Clean siteSucuri SiteCheck Clean siteTencent Clean siteThreatHive Clean siteTrustwave Clean siteVX Vault Clean siteWeb Security Guard Clean siteWebsense ThreatSeeker Clean siteWebutation Clean siteWepawet Clean siteYandex Safebrowsing Clean siteZCloudsec Clean siteZDB Zeus Clean siteZeroCERT Clean siteZerofox Clean siteZeusTracker Clean sitemalwares.com URL checker Clean sitezvelo Clean siteAutoShun Unrated sitePhishLabs Unrated siteSophos Unrated siteStopBadware Unrated siteURLQuery Unrated site Link to comment Share on other sites More sharing options...
slank Posted October 28, 2015 Report Share Posted October 28, 2015 Hey Slank,Thats a bit trite.In fact I edited my post to reflect my concern in a better worded way.It is understandable to be wary or concerned about this. First how were we to know this advert that appeared out of the blue was legit. Now we have this trojan being picked up all of a sudden. Two things like this - one after the other OF COURSE is going to cause concern as we use our browsers with alot of very personal data like logins and online banking. Do you think businesses would be confident with usage of Maxthon with this type of activity going on .. I dont think so.So please, if you are not going to be helpful just dont bother saying anything ... Your "advice" so far seems to based on "Its everyone elses fault and not Maxthons fault". Fine, but thats your opinion which you have every right to. But everyone else has a right to their opinion also like being concerned for there online security. So for the moment I have moved, I have to be careful using browsers & trust antivirus - I cannot afford my paypal or my online banking to be compromised. A reasonable stance to be taken I should think. Trite, perhaps, but you did reword your post.Advice? How could saying goodbye be considered advice? You had already made up your mind, I was just being sociable. I thought my advice to the OP was certainly worthy of consideration. He specifically asked if anyone had ever encountered a similar problem and I responded.I also thought your post deserved a response. Link to comment Share on other sites More sharing options...
aidanodr Posted October 28, 2015 Report Share Posted October 28, 2015 Hey guys,Thanks for reaching out.I have asked our team to check the issue.The problem was that our safe url was hacked. Now everything Thanking you BugSir007Can i ask - while your safe URL remained hacked earlier - Could any of our site logins be compromised by this? Link to comment Share on other sites More sharing options...
aidanodr Posted October 28, 2015 Report Share Posted October 28, 2015 Trite, perhaps, but you did reword your post.Advice? How could saying goodbye be considered advice? You had already made up your mind, I was just being sociable. I thought my advice to the OP was certainly worthy of consideration. He specifically asked if anyone had ever encountered a similar problem and I responded.I also thought your post deserved a response.Fair enough ... I will admit my original post was not as clear, but this was a sharp reaction .. a ah no, not again. I reworded it, which i did admit in bold, showing my very reasonable concerns and illustrating why I felt i would have to move away, again all reasonable I would think.I just found your reply at the time unhelpful, almost nothing could be wrong with Maxthon. Maybe because my original post was mis understood. I assume you are as concerned about security as the rest of us. As it happens BugSir007 has now said our concerns are correct "The problem was that our safe url was hacked".So - my apologies for the initial bad wording, my edited wording I think explains my very reasonable concerns .. Link to comment Share on other sites More sharing options...
BugSir007 Posted October 28, 2015 Report Share Posted October 28, 2015 Thanking you BugSir007Can i ask - while your safe URL remained hacked earlier - Could any of our site logins be compromised by this? Thanks for asking.The issue will not have any effect on you. You site logins are not affected. Link to comment Share on other sites More sharing options...
7twenty Posted October 28, 2015 Report Share Posted October 28, 2015 Thanks for asking.The issue will not have any effect on you. You site logins are affected.You might want to clarify that asap as the first part contradicts the second part, and the second part is quite concerning! https://www.whitefirdesign.com/blog/2014/07/07/hackers-hiding-malicious-code-in-exif-data-of-images/I'm not sure what this URL has anything to do with anything? How is it related to the problem that Avast picked up? did Avast mention that url as suspect? The link is just an article on how hackers are using exif data in images to spread dodgy code? Not sure how that is related to Avast? Link to comment Share on other sites More sharing options...
BugSir007 Posted October 28, 2015 Report Share Posted October 28, 2015 You might want to clarify that asap as the first part contradicts the second part, and the second part is quite concerning! I'm not sure what this URL has anything to do with anything? How is it related to the problem that Avast picked up? did Avast mention that url as suspect? The link is just an article on how hackers are using exif data in images to spread dodgy code? Not sure how that is related to Avast? sorry, i miseed a "not"... Link to comment Share on other sites More sharing options...
joemax Posted October 28, 2015 Report Share Posted October 28, 2015 sorry, i miseed a "not"...Kind-a hoped that was the case...\@7twenty, why did you remove posting privileges from slank?Edit: Uhm, apparently he's reached his daily limit? What's the limit, 5 posts????? Link to comment Share on other sites More sharing options...
aldick(186537) Posted October 28, 2015 Report Share Posted October 28, 2015 I'm wondering what is happening I note the new beta post at http://forum.maxthon.com/index.php?/topic/17700-maxthon-cloud-browser-for-windows-v448600-beta-released/ mentions, "Fixed malcious webpage leak" in the changelog.I also note that, the other day maxthon.com was offline for a while. None of my browsers could log into my Maxthon account for an hour or two. http://downforeveryoneorjustme.com/ reported that maxthon.com was not accessible from anywhere. Just before that, or at about the same time, (can't recall) my Windows User Account Control (UAC) on one of my Windows 7 machines asked me if I wanted Maxthon to make changes to my computer and I reflexively answered, OK. Then I wondered. I checked here and see no reference to the event, but now see this thread.I swept my machines for bugs and found nothing but we know that none of the current antiviruses are anywhere near 100% effective in finding bugs.Can anyone explain exactly what happened? Link to comment Share on other sites More sharing options...
-ody- Posted October 28, 2015 Report Share Posted October 28, 2015 I also note that, the other day maxthon.com was offline for a while. None of my browsers could log into my Maxthon account for an hour or two. http://downforeveryoneorjustme.com/ reported that maxthon.com was not accessible from anywhere. don't know about the other issues, but about this one, it was a dns error, I could access the forum after I changed the dns settings to fr open root one Link to comment Share on other sites More sharing options...
-ody- Posted October 28, 2015 Report Share Posted October 28, 2015 Kind-a hoped that was the case...\@7twenty, why did you remove posting privileges from slank?Edit: Uhm, apparently he's reached his daily limit? What's the limit, 5 posts?????I have adjusted the daily limit to 8, hope this helps Link to comment Share on other sites More sharing options...
aldick(186537) Posted October 28, 2015 Report Share Posted October 28, 2015 > it was a dns error, I could access the forum after I changed the dns settings to fr open root one Thanks. Could have been you did that right when the site came back up. The site I used checked from more than one location and with multiple DNS servers using numeric IPs, I would assume to verify that it was not that sort of local look-up problem.I wonder if what is posted in the English language forum is much noticed by the developers and server crews. I mentioned some feature issues some time back and they were acknowledged but nothing ever came of them.Although I appreciate he experience of other users, (Thank you), I'd love to hear from from the Maxthon crew. I mentioned some feature issues some time back and they were acknowledged but nothing ever came of them.I also mentioned this just now and that is something about which I see no other mention.... the new beta post at http://forum.maxthon.com/index.php?/topic/17700-maxthon-cloud-browser-for-windows-v448600-beta-released/ mentions, "Fixed malcious webpage leak" in the changelog.I wonder if I am posting this in the right place, or if it should be somewhere else or start a new thread? Link to comment Share on other sites More sharing options...
-ody- Posted October 28, 2015 Report Share Posted October 28, 2015 > it was a dns error, I could access the forum after I changed the dns settings to fr open root one Thanks. Could have been you did that right when the site came back up. The site I used checked from more than one location and with multiple DNS servers using numeric IPs, I would assume to verify that it was not that sort of local look-up problem.I tried several different dns , google dns did not work, open dns didn't either, fr open root did work, the issue lasted more than half a day and I have been "playing" with thoses dns for quite a while.Bugsir and bugmiss are present every day and reply to most posts, they relay the bugs and requests to devs, but devs have their own priorities which are not always the same as ours... and well, I don't think there's a better place to post. about the devs... same regret on my side Link to comment Share on other sites More sharing options...
7twenty Posted October 28, 2015 Report Share Posted October 28, 2015 @7twenty, why did you remove posting privileges from slank?Edit: Uhm, apparently he's reached his daily limit? What's the limit, 5 posts?????It was 4 actually, but upped by ody. It's only supposed to be for new users with less than 10 posts, but for some reason it's affecting all (or maybe some) users even with high post counts. Being looked into. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.