Not Fraud VIRUS!

[2Fast]

anyone care to explain why i get this when going to your main site? Adverts?

 

Glad im well protected, how about everyone else?

ouch.bmp

[ECF]

A very good question. I will contact our server management company to have a look into it.

[2Fast]

- <ESET>
- <LOG>
- <RECORD>
- <COLUMN NAME="Time">
 <DATE>21/08/2008</DATE> 
 <TIME>15:33:34</TIME> 
  <COLUMN NAME="Scanner">HTTP filter</COLUMN> 

 <COLUMN NAME="Name">http://englishdaily.ru/netcat/require/pk/</COLUMN> 
 <COLUMN NAME="Threat">HTML/Exploit.Agent.NAA trojan</COLUMN> 
 <COLUMN NAME="Action">connection terminated - quarantined</COLUMN> 

 <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.</COLUMN> 

 

the is the full output from the page if its any help as the image doesnt show everything.

[studeggle]

I'm afraid you may have adware on your system.

http://englishdaily.ru/netcat/require/pk/

that site is where the virus is coming from, but none of my systems or my works systems load that when visiting tcadmin’s main page. Thoroughly inspected the code loading from TcAdmin’s main site from each of the systems, some had never been to it before so couldn't have been infected already.

 

I have seen claims like this before against major sites, and always found the problem on the complainers computer, and after disinfecting it they quit having problems. Now days antivirus software alone is not enough, and sometimes one version is not enough. I have had McCaffee find stuff Norton Doesn't, and vise versa. This is why I keep 3 of each type (antivirus, antiadware, antispyware) of program around. Not always running, but around to scan my (or a friends) systems with.

 

There are several out there that will hijack your browsers control and cause it to load bad content as well as the site you are visiting making it seem like the site you are visiting is the one with the problem when all the while it is your own system trying to retrieve the bad content.

[2Fast]

Its not my pc, its clean as a whistle its just been formated for starters.. i ran NOD32 full scan, and BitDefender online. not sure what your getting at here "I have seen claims like this before against major sites" I hope you are not saying im doing this to gain some kind of benefit from the site im a paying customer. Unless you have full access to the site you could not "Thoroughly inspected the code loading" as you say.

 

It only happened on visiting this site, non other. The i was not on any other site at the time. NOD32 is running along with Outpost both of which have a fantastic Malware and Spyware sweeper.

[studeggle]

I wasn't accusing you of malicious activity I simply meant people freely telling web site admins to go look at there sites code. I am fully aware of NOD32 and bit defender, and have NOD32 on one of the computers in my network, (dropped bit defender for to many misses) and NO NOD32 does not catch everything!! As I said I use multiples as they ALL miss some, I have never found one that didn’t. Wish there was it’d make life far simpler, which is why I keep trying new ones.

I won’t argue your system as I’m not there to scan it, plus no good telling someone something they don’t want to hear. Just offering advice.

Yes it is possible to inspect every ounce of code that is sent to a computer, and if the code is not sent out then it can have no effect. (and can’t be caught by any program out there) Code must be transmitted to a system to affect that system. It is a fairly simple matter to intercept the code as it reaches the network card and see what it is saying for the computer to do.

[HGN-Daniel]

Nothing on my end, no reference to any external javascripts or anything. Has anyone checked with Internet Explorer?

[ECF]

After I saw the thread I went to the main TCAdmin page where I also received a warning from AVG about a virus.

 

However, Luis and many others are not receivig any messages. So I have to think this is something client side as I do not see any errors here at the office.

[HIS-MOTHER]

I don't get it either on Norton Corp.v9 and v10

[ECF]

Possibly something was updated in AVG and NOD that is causing a false positive?

[HIS-MOTHER]

ECF,

 

We had a client get this on one of his sites because of improperly configured encryption software. He was trying to encrypt his source and it threw a false positive to all veiwers.

 

Not sure if you are running something similar..

[ECF]

None of our site source in encrypted to my knowlege. I have visted the site for moths running AVG as my antivirus and never had an issue before. That is why I am wondering if it doesn't have something to do wit an anti-virus update of some sort.

 

At the office I run Sophos and do not see any warnings or pop-ups.

[2Fast]

well anyways just thought you would like to know..........

 

Metasploits are very popular now adays so its always worth letting people know just in case

[ECF]

Thanks for the heads up.

[JasonF]

I don't get the alert from McAfee, Firefox 3, Windows XP Professional SP3

[DougK94]

I have tried it numerous ways,

 

AVG, Vista Ultimate 64, IE7, Firefox 3, Opera, Safari

McAfee, XP Pro SP3, IE7, Firefox 3, Opera, Safari

Norton, XP Pro SP3, IE7, Firefox 3, Opera, Safari

nod32, Vista Business, IE7, Firefox 3, Opera, Safari

[JasonF]

I tried it on my Apple IIe and it was fine.