Website founded by
Milan Velimirović
in 2006

14:11 UTC
ISC 2022



Remember me

Forgot your
Click here!
to create your account if you don't already have one.

Rating lists


MatPlus.Net Forum Internet and Computing Warning: is infected with malicious javascript code (suspected as variant of Gumblar virus)
You can only view this page!
(1) Posted by Vladimir Tyapkin [Tuesday, Dec 15, 2009 21:22]; edited by Vladimir Tyapkin [09-12-15]

Warning: is infected with malicious javascript code (suspected as variant of Gumblar virus)

as many other Joomla, WorldPress and some other open source blog platforms, see for example

Stay away from this site, unless you have good anti virus(ESET Nod32 caught it on my computer)

Piotr, there is an instruction in my link on how to clean it up.
(Read Only)pid=4437
(2) Posted by Siegfried Hornecker [Wednesday, Dec 16, 2009 01:05]; edited by Siegfried Hornecker [09-12-16]

I don't use wordpress (Nucleus CMS), but would you still do a test on my blog please?

Also do you have any idea how I can save a local backup of my blog? It's all done on server-side and I don't seem to be able to copy the files. Thinking about closing it next year or so (to make place for a more general one) but I want to offer a downloadable copy then. Internet is not anymore what it was before the capitalists entered it. They even offered me - me! - to bribe me so I put their ads up, but I rejected. Sorry for rant!
(Read Only)pid=4438
(3) Posted by Vladimir Tyapkin [Wednesday, Dec 16, 2009 20:55]; edited by Vladimir Tyapkin [09-12-16]

You can do it yourself. Read the link provided and do a search for the three var names mentioned there. The malicious script usually at the bottom of the page.

I still recover my computer because it was partially infected despite having the latest anti-virus updates. This is a new virus, so anti virus software may not protect your computer completely.

Also, if you have visited recently, check for siszyd32.exe in the startup folder(c:/Documents and Settings/<YOUR LOGIN NAME>/Start Menu/Programs/Startup) or better run the anti virus scan on the whole c: drive. You won't see it in Windows Explorer unless you clear 'hide protected operating system files' because it has a 'hidden' attribute. If you found it that means you computer is likely infected.
(Read Only)pid=4440
(4) Posted by Siegfried Hornecker [Thursday, Dec 17, 2009 02:41]; edited by Siegfried Hornecker [09-12-17]

I have no way to access the index.php file - or at least none I'd be aware of. Since neither the text "var" nor "Attribute" occurs in the website source text (tested on main site and an article) it's not infected. Or am I wrong?

No such exe file here and I didn't visit recently (and even then, I have NoScript).
(Read Only)pid=4441
(5) Posted by Vladimir Tyapkin [Thursday, Dec 17, 2009 03:05]

Right click on the page in Firefox and select 'view page source'. Malicious javascript code could be found there at the bottom of the page.
(Read Only)pid=4442
(6) Posted by Siegfried Hornecker [Thursday, Dec 17, 2009 04:40]

That's what I did.
(Read Only)pid=4443
(7) Posted by Alexander Leontyev [Monday, Feb 8, 2010 10:56]; edited by Alexander Leontyev [10-02-08]

I have made on-line checking of V. Tyapkin's link (ryan istra...) by and got that it's infected. This was the first time in my practice, that such on-line checking by Dr. Web finished with such result. Also I have a question - is still infected? On-line Dr. Web showed OK but I am sure that such checking is not a 100% guarantee.
(Read Only)pid=4715
(8) Posted by Mikalai Sihnevich [Monday, Feb 8, 2010 13:21]

Recently Piotr has changed his web site, new address is:

Though the previous one ( is still available, and now it shows the same content (maybe, simple redirect).
Now it is not infected (just look at the source code of web page in your browser - there are no suspicious javascript functions in it).
(Read Only)pid=4718
(9) Posted by Vladimir Tyapkin [Monday, Feb 8, 2010 19:23]; edited by Vladimir Tyapkin [10-02-08]

I can confirm: the page I linked to in my initial post is now infected. Apparently, hackers targeted it because it provided instruction on how to clean out malicious code. has a new look-and-feel and mostly empty now(and clean from viruses).
(Read Only)pid=4719
(10) Posted by Piotr Murdzia [Thursday, Apr 8, 2010 21:49]

I have created a new website It needs some work of course, but the main thing is it works:-)
I hope now it is with no infection:-)

This is a website mostly for Polish chess society, however I believe every solver can get an useful information from there.
I am also thinking of creating an English version of it. So be patient, I need more time.

Best wishes,
Piotr Murdzia
(Read Only)pid=5190
(11) Posted by Alexander Leontyev [Monday, Apr 7, 2014 07:50]; edited by Alexander Leontyev [14-04-07] is infected! See the results of online checking -
(Read Only)pid=11946
(12) Posted by Siegfried Hornecker [Monday, Apr 7, 2014 07:53]; edited by Siegfried Hornecker [14-04-07]

2 of 51 hits. Could be an infection indeed with something not found yet by most scanners, or a false positive of the two scanners. Best is to not visit the site until the issue is cleared. Please keep us updated, i.e. make another check later.
(Read Only)pid=11947

No more posts

MatPlus.Net Forum Internet and Computing Warning: is infected with malicious javascript code (suspected as variant of Gumblar virus)