| |
kevgibbo
Platinum Member
Joined: 08 Feb 2006
Location: Brisbane, Australia
9222.60 GC$
Items
|
 Posted: Thu Feb 09, 2006 1:49 am Post subject: Virus detected for this website |
 |
|
|
I just visited the homepage and received a sophos anti-virus alert for Virus Troj/Onladv-A.
Has anyone else received a similar warning?
_________________
SEO Services UK | Google AdWords Management from a qualified professional |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 2:12 am Post subject: |
|
|
|
You mean this site? No, there's no such critter here.
Not to say that it might not have been detected on your system, but it doesn't have anything to do with this site.
Did the program prompt you to take any action to rid yourself of this?
_________________
 |
|
| Back to top |
|
|
kevgibbo
Platinum Member
Joined: 08 Feb 2006
Location: Brisbane, Australia
9222.60 GC$
Items
|
| Posted: Thu Feb 09, 2006 2:17 am Post subject: |
|
|
|
This is the error I'm getting:
I used the site yesterday from the same PC and it was fine. It only happens on the homepage. Inside any of the forums it seems fine.
_________________
SEO Services UK | Google AdWords Management from a qualified professional |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 2:33 am Post subject: |
|
|
|
Ah, there's your problem.
It's in a Windows Media file (.wmf). Maybe a little funny movie, or something. But it's just in your Temporary Internet Files.
If you empty those, and reboot, you should be okay.
If it gives you trouble, write down the location, reboot in safe mode, and delete it manually.
And, of course, run your AV for a full scan.
_________________
|
|
| Back to top |
|
|
kevgibbo
Platinum Member
Joined: 08 Feb 2006
Location: Brisbane, Australia
9222.60 GC$
Items
|
| Posted: Thu Feb 09, 2006 2:44 am Post subject: |
|
|
|
Thanks I just deleted all temporary internet files and then revisited your site but it rewrote the .wmf file and came up with the same error.
The url the file is from is toolbardollars.biz/[Link broken to prevent anyone accidentally opening or downloading this infected file -mondine]
Is this an advert or something as I wouldn't have thought it's coming from this site.
_________________
SEO Services UK | Google AdWords Management from a qualified professional |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 3:00 am Post subject: |
|
|
|
Yes, that's it, alright.
I don't think it's a matter of 'coming back', so much as probably never left.
I'm not really familiar with this one, but viruses/trojans can do a number of things like 'hide' under another name in your system, or add themselves to your startup folder.
First of all, what's your OS, and do you have all of the latest critical security updates for it, and IE?
Go to Windows Update and check. This exploit was supposed to have been addressed for most systems.
After emptying the files, you need to reboot and run the AV before going online.
If Sophos can't remove it, there are a number of other products (freeware, and free, online) that you can try. But you want to keep trying until this is removed.
_________________
|
|
| Back to top |
|
|
kevgibbo
Platinum Member
Joined: 08 Feb 2006
Location: Brisbane, Australia
9222.60 GC$
Items
|
| Posted: Thu Feb 09, 2006 3:11 am Post subject: |
|
|
|
Ok, thanks for your help.
I'm not sure where that's come from but I'm using a work PC so if a reboot doesn't work I'll get one of the sysadmin guys to have a look at it instead! 
_________________
SEO Services UK | Google AdWords Management from a qualified professional |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 3:16 am Post subject: |
|
|
|
Glad to know you've got some more help there. I'm still looking around.
This is definitely a malicious attempt to infect computers, probably disguised as something that somebody clicked.
The IP is in Russia, though, so it might be hard to get anything done about it.
Anyway, good luck.
_________________
|
|
| Back to top |
|
|
geekerati
Google elgooG
Joined: 17 Jan 2005
Location: Deep in the heart.
21217.12 GC$
Items
|
|
| Back to top |
|
|
darrenstraight
Site Admin & Platinum Member
Joined: 25 Jul 2004
Location: England
173385.09 GC$
Items
|
| Posted: Thu Feb 09, 2006 4:52 am Post subject: |
|
|
|
Ok guys I'm at college and have looked into this as much as possible from here, that includes looking at peoples sigs, avatars and disabling sigs and avatars in case that’s the point or origin, problem is it's not and another problem is that when I get home I wont be able to get this problem as my home pc has the WMF patch applied!
Though to be honest I think the problem comes from the adverts on the pain page of this site at the bottom, though I can’t be 100% positive I have noticed some random html appearing, but for now I must go so I’ll try and check this out later.
Sorry for any problems caused to anybody.
_________________
My Blog | Microsoft Discussion |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 5:16 am Post subject: |
|
|
|
I must aplogise for misleading kevgibbo. You're right, Darren, that script is running in a frame on the index page.
I looked the page source over, and didn't see the reference when I first responded; but I forgot that I had recently installed the Firefox extension NoScript, which had prevented it from showing up.
I do hope we can get that cleared up, soon.
_________________
|
|
| Back to top |
|
|
kevgibbo
Platinum Member
Joined: 08 Feb 2006
Location: Brisbane, Australia
9222.60 GC$
Items
|
| Posted: Thu Feb 09, 2006 5:23 am Post subject: |
|
|
|
No probs, I thought it was weird that the error only came up for that page.
_________________
SEO Services UK | Google AdWords Management from a qualified professional |
|
| Back to top |
|
|
cysite
MOTY 2005
Joined: 25 Jan 2005
Location: Virginia
21719.00 GC$
Items
|
| Posted: Thu Feb 09, 2006 9:50 am Post subject: |
|
|
|
| kevgibbo wrote: | Thanks I just deleted all temporary internet files and then revisited your site but it rewrote the .wmf file and came up with the same error.
The url the file is from is http://toolbardollars.biz/[Link broken to prevent anyone accidentally opening or downloading this infected file -mondine]
Is this an advert or something as I wouldn't have thought it's coming from this site. |
i got the same virus!
_________________
my forums and web shop^^ |
|
| Back to top |
|
|
andrew247
Feel the Power
Joined: 18 Oct 2005
Location: c:\GoogleCommunity
88888.75 GC$
Items
|
| Posted: Thu Feb 09, 2006 9:52 am Post subject: |
|
|
|
| cysite wrote: | | kevgibbo wrote: | Thanks I just deleted all temporary internet files and then revisited your site but it rewrote the .wmf file and came up with the same error.
The url the file is from is http://toolbardollars.biz/[Link broken to prevent anyone accidentally opening or downloading this infected file -mondine]
Is this an advert or something as I wouldn't have thought it's coming from this site. |
i got the same virus! |
Unlucky you! I didn't 
_________________
Football Rumours | Gloog |
|
| Back to top |
|
|
cysite
MOTY 2005
Joined: 25 Jan 2005
Location: Virginia
21719.00 GC$
Items
|
| Posted: Thu Feb 09, 2006 10:38 am Post subject: |
|
|
|
 i have zone alarm it deleted it instantly. i think the ad has a virus in it.
_________________
my forums and web shop^^ |
|
| Back to top |
|
|
Sponsored Links
|
| Posted: 6 Jan 2009 4:20 pm Post subject: Advertisements |
|
|
|
|
|
|
| Back to top |
|
|
