Intl - outdoor Site is now working fine, free from any threats (if there were any). Will keep updated.

—Just went to visit Intl outdoor and my antivirus shut it down and quarantined it, on the d4v2 page, direct from Google.
JS.Cardstealer.AP trojan

Trojan:JS/Cardst
Detected with Windows Defender Antivirus & my avast

Aliases: HTML/C99shell (AhnLab) HTML/Cardst (AhnLab) PHP/Backdoor.C99Shell (AVG) JS/CardStealer (Kaspersky) Backdoor.PHP.C99Shell.a (Kaspersky) Backdoor-DNF (McAfee) JS/CardStealer (McAfee) Mal/Nix-A (Sophos) Troj/DRClick-A (Sophos) PHP.Backdoor.Trojan (Symantec) JS_CARDSTEALER.B (Trend Micro) VBS.AOL.Cardst.B (VirusBuster)
Summary
Trojan:JS/Cardst is detection for a trojan JavaScript within an HTML file attached to an e-mail message. The HTML attachment is used for phishing purposes and contains a form for entering credit card information with a submit button that sends the collected data to a specific server.

I’d advise steering well clear until it’s sorted.

Update, apparently it has been hacked again according to users - with card stealing scripts. DO NOT use a credit/debit card. In fact - take care if using any method for now would be my take on it - you do as you please and feel comfortable with. Hank himself has asked for no one to use cards.

You could send Hank an email?

I've had the same experience today accessing the intl outdoor site when Malwarebytes reports a trojan and blocks the site.

First the corona virus, now this…

Avast says it blocked “js:cardstealer”.

Disambiguation: I am not the guy who runs Intl-Outdoor.
I just happen to have the same first name, and I got here first to claim it as a userid.

I would if I could access his site……but it’s infected with a trojan. :stuck_out_tongue:
If you know him on here perhaps you could pass it on for me please :+1:

info@intl-outdoor.com ?
Will do

http://budgetlightforum.com/user/2005 is Hank Wang, who runs Intl-Outdoor.

Go to the Messages link — left side of the page.

Note, using a well protected Mac, I just looked at his site and did not get any warning.
It’s possible you’re getting a false positive from the Microsoft antivirus. That’s not unusual with any antivirus.

There should be a way with that antivirus to report the suspected detection to Microsoft’s maintainers, so they can check whether it’s valid.

Ok, I mailed him too, found the addy in my email. contact@intl-outdoor.com

It was avast, I got that info off the web.
It’s a bit specific to be a false positive? as in it actually names the trojan?

I got to it with Opera.

Here’s a thorough website scanner:

That finds nothing to report at intl-outdoor, using a large number of scanning tools.

No, the scanners look for unique strings found in problem files, but sometimes they find those strings in, for example, a competing antivirus product’s file.

Then they check their database and give you that comprehensive report from their record. It doesn’t mean they found all that info on the targeted site, just a hint.

OK, a few minutes later, checked again with the Mac, Brave Browser, and got this warning:

It cannot be a trojan. It’s just antivirus software being crappy.
It’s impossible to get viruses or trojans from websites unless you specifically download some executable file and run it on your computer.
The way websites work makes it impossible to execute code on your PC. They can only make use of javascript, which doesn’t allow any access to files on your PC without your consent.
I have no antivirus software on never had for years and didn’t get any malware from the web yet.

Stop using shitty AV software.
Virustotal report

Here’s Microsoft’s page for submitting reports (mainly for Hank Wang, if you’re reading this by now and have a file you’d like to check)

and

https://www.bleepingcomputer.com/forums/t/578697/can-you-get-a-virusmalware-just-by-visiting-a-website/

explains the risk

Found by searching: virus trojan from a web page? - Google Search

That is misinformation.
No, it is not possible, there is no risk at all, even if you use outdated browsers.
The most a website can do is use some of your CPU for mining crypto, while you are on the website.
If you don’t believe me, open some porn sites in a virtual machine then run some virus scan and you will see that the system remains clean. Porn sites are full of malware, but as long as you don’t download and run any program from them you are fine
All they do is annoy you with popups that tell you to download stuff :smiley: