Jump to content

Not Fraud VIRUS!


2Fast

Recommended Posts

- <ESET>
- <LOG>
- <RECORD>
- <COLUMN NAME="Time">
 <DATE>21/08/2008</DATE> 
 <TIME>15:33:34</TIME> 
  <COLUMN NAME="Scanner">HTTP filter</COLUMN> 

 <COLUMN NAME="Name">http://englishdaily.ru/netcat/require/pk/</COLUMN> 
 <COLUMN NAME="Threat">HTML/Exploit.Agent.NAA trojan</COLUMN> 
 <COLUMN NAME="Action">connection terminated - quarantined</COLUMN> 

 <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.</COLUMN> 

 

the is the full output from the page if its any help as the image doesnt show everything.

Link to comment
Share on other sites

I'm afraid you may have adware on your system.

that site is where the virus is coming from, but none of my systems or my works systems load that when visiting tcadmin’s main page. Thoroughly inspected the code loading from TcAdmin’s main site from each of the systems, some had never been to it before so couldn't have been infected already.

 

I have seen claims like this before against major sites, and always found the problem on the complainers computer, and after disinfecting it they quit having problems. Now days antivirus software alone is not enough, and sometimes one version is not enough. I have had McCaffee find stuff Norton Doesn't, and vise versa. This is why I keep 3 of each type (antivirus, antiadware, antispyware) of program around. Not always running, but around to scan my (or a friends) systems with.

 

There are several out there that will hijack your browsers control and cause it to load bad content as well as the site you are visiting making it seem like the site you are visiting is the one with the problem when all the while it is your own system trying to retrieve the bad content.

Link to comment
Share on other sites

Its not my pc, its clean as a whistle its just been formated for starters.. i ran NOD32 full scan, and BitDefender online. not sure what your getting at here "I have seen claims like this before against major sites" I hope you are not saying im doing this to gain some kind of benefit from the site im a paying customer. Unless you have full access to the site you could not "Thoroughly inspected the code loading" as you say.

 

It only happened on visiting this site, non other. The i was not on any other site at the time. NOD32 is running along with Outpost both of which have a fantastic Malware and Spyware sweeper.

Link to comment
Share on other sites

I wasn't accusing you of malicious activity I simply meant people freely telling web site admins to go look at there sites code. I am fully aware of NOD32 and bit defender, and have NOD32 on one of the computers in my network, (dropped bit defender for to many misses) and NO NOD32 does not catch everything!! As I said I use multiples as they ALL miss some, I have never found one that didn’t. Wish there was it’d make life far simpler, which is why I keep trying new ones.

I won’t argue your system as I’m not there to scan it, plus no good telling someone something they don’t want to hear. Just offering advice.

Yes it is possible to inspect every ounce of code that is sent to a computer, and if the code is not sent out then it can have no effect. (and can’t be caught by any program out there) Code must be transmitted to a system to affect that system. It is a fairly simple matter to intercept the code as it reaches the network card and see what it is saying for the computer to do.

Link to comment
Share on other sites

After I saw the thread I went to the main TCAdmin page where I also received a warning from AVG about a virus.

 

However, Luis and many others are not receivig any messages. So I have to think this is something client side as I do not see any errors here at the office.

Link to comment
Share on other sites

None of our site source in encrypted to my knowlege. I have visted the site for moths running AVG as my antivirus and never had an issue before. That is why I am wondering if it doesn't have something to do wit an anti-virus update of some sort.

 

At the office I run Sophos and do not see any warnings or pop-ups.

Link to comment
Share on other sites

I have tried it numerous ways,

 

AVG, Vista Ultimate 64, IE7, Firefox 3, Opera, Safari

McAfee, XP Pro SP3, IE7, Firefox 3, Opera, Safari

Norton, XP Pro SP3, IE7, Firefox 3, Opera, Safari

nod32, Vista Business, IE7, Firefox 3, Opera, Safari

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Who's Online   0 Members, 0 Anonymous, 13 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use