The temporary solution is finally lived up to its name. I'm getting trojans on IE again and promptly jumped back on firefox.

I don't know if this means the site was hacked again or what....

I'm getting it too, luckily my Antivirus is quite good! Damn shame though.

Earlier in the day the wanrzcvupf.hk wasn't showing anymore on my Noscript list in Firefox. Seems its back which might be why the temp solution isn't working anymore. This is exactly the reason why I use firefox + noscript though just innocent web browsing on non shady sites can get you hit nowadays even Youtube has been having massive attacks for the past month or two. The big scare that got me finally using noscript when I was already using Firefox was the keyloggers through a link attack that were being posted all over the worldofwarcraft forums. I clicked one of the links early on in the attacks thinking it was an innocent link to a pvp video instead it came up a blank page. I later found out anyone who clicked that link in IE got a gold.exe or whatever installed on their computer their account info stolen and everything on their characters stolen. Then to make matters worse they used the persons account info to put more fraudulent posts with links to the keylogger all over the forums. It was a real mess and made me very glad I was using Firefox that day. Someone in the thread suggested the Noscript plugin and I've been using it since for added protection. Edit : One of the other scripts showing up is symboliclynx.com a quick google seems to suggest its either a site sending out attacks itself or one that got hit itself and is now being used to launch them. Those using IE might want to add that one to the list too.

Talon, I'm getting about 4-5 alerts for each page I go to. Firefox is not an alternative for me at work, so it really limits what I can do to stop this. Right now, the only option is just to not visit this site. I noticed that the last thread that addressed this was deleted/locked and assumed that it was fixed and was fine yesterday, but today it's gone off the chartz again.

ioi, I hope you can get this taken care of as this site does get alot of traffic and could be detrimental to what vgchartz is doing because all people will see is the viruses they get from here and end up not taking the site seriously and avoiding it.

This definitely needs to be addressed...good news for me, i changed to firefox and no problems...but I think it should be concern number one...even more so than weekly numbers. This kind of thing gets out on the net and the next thing you know people consider this site unsafe, deviant, or malicious. I hope its not in one of the ads. Actually, I hope it is, that way it's an easy fix when ioi gets back.

Looking at the page source, I see an IFrame for http://www.[noclick]symboliclynx.com/bin/ (I added noclick -- don't click the link!) which is just a frame to the wanrzcvupf.hk site mentioned earlier. From what I've read elsewhere, that (wanrzcvupf) is a known malware site. symboliclynx.com appears on hacking lists all over -- I think it may be a compromised server. The IFrame is embedded in this site. I'm thinking it must have come from the hacking.

Also, with the help of Ray007, I'm investigating another possible way the infections are happening. My premise is that they are coming in through Flash animations. I have FF + Adblock, but I (was) enabling ads for this site. But I also have Flashblock, which prevents the flash animations from being loaded until I click on them. It gets rid of the majority of the annoying ads. Anyway, I have not yet received one notification from my virus scanner under this configuration -- and I'm not using noscript. Ray is helping to confirm this.

I sincerely doubt ioi gave any access to the mods to change stuff like removing links from the pages or control advertising. Like most site admins, he probably only gave the mods access to things like delete posts and ban people, which is all they need to do their job. Hopefully this information I've found will help him track it down when he gets back.

I would love to be able to Talonman, but security policy on my work computer won't allow me to change it.

I just post from my Nintendo Wii. Seems that should be a solution for everyone... I hope.

If you don't think your site is compromised, it's probably coming in from the ads. Try to disable everything except the goodle ads. (Google has had occational problems, but they are pretty good about monitoring their ads compared to most sites and shut down hostiles quicker, and at least for my hosting, they tend to give better rates anyways).

That's what it looks like to me. Your advertisers are the ones that are getting hit with the viruses and thus passing it on to you.