Page 1 of 1

Trojans in some of the forum discussion topics

Posted: Dec 8th, '08, 02:37
by chessmastery2001
FYI Administrators: Some of the forum topics will download trojans (backdoor, vundo). Upon opening a discussion forum topic the page sends out an signal to another site to download the trojan.

Posted: Dec 8th, '08, 03:27
by groink
It appears to be random - embedded in the advertisements. But yes, it is true that the trojans are there. I just right now received a warning from my security software:

HTTP Acrobat PDF Suspicious File Download
http:/xxx.xxx.xxx.xxx/zzyu298298/pdf.php?id=7655

Removed the IP for security reasons. The IP address is owned by valuepromo.net. The network traffic coming from the IP address matches a signature of a known attack.

--- groink

Posted: Dec 8th, '08, 03:56
by AkumaX
attempts to open up embbeded pdf file in your browser:

here's what i got:

http://76.74.***.***/zv00108/pdf.php?id=31455&vis=1

search "zv00108" and "pdf" in google for some more info

I figured as much

Posted: Dec 8th, '08, 04:23
by aliensporebomb
Looks like drive by downloads being sent by compromised websites.

In most cases it's spammers or the like trying to use your PC as part of a spam
generation network or russian botnet folks trying to assimilate your pc.

I work in I.T. and highly recommend downloading www.malwarebytes.org's application
to rid yourself of this malicious garbage.

Posted: Dec 8th, '08, 08:37
by chessmastery2001
Yar, I'm also in studying in the fields of IT Security. Malwarebytes is a good software, but I recommend adding Spybot Search & Destory + NOD32.

Posted: Jan 9th, '09, 00:14
by MoerkJ
I'm bringing this up because there seem to be some users who still have these problems. The source of the problem could be a infected or hijacked ad-network server which randomly sends these pdf files or an already virus-infected computer on the user's side.

So, if you have problems like reported above you should first scan your computer for virusses or malware. Second you should disable auto-opening of pdf-files in your browser. Just change your browser application settings for MIME-type "application/pdf" from open with ... to save to file. This way you can decide yourself if you want to accept an incoming pdf file or not.

There have been several discussions about this on the web. But so far I couldn't find out the root of the problem and if it still exists. :|

Google Malware warnings on D-Addicts

Posted: Jan 19th, '09, 00:08
by releanoyed
This is a first for me, but starting today whenever I try to look at a page on d-addicts.com google spits up a Malware warning. (I'm using the Safari browser)It looks like it may be linked to the banner ads. One of the site it lists as positive for malware is ebannerz.net but that isn't the only page that gets listed as the source of the problem, most that are listed are just jumbles of numbers and letters. Anybody else running into this problem?

Posted: Aug 29th, '09, 14:06
by Keiko1981
It could be either me or some of the ads at DA.
3 times in 2 days I've gotten a pop-up message (I've never clicked this message - used Alt + F4) saying that I need to scan my computer it take. If I'm not fast enough it automatically takes me to a page where you see what ones HDs, CD/DVD reader.
The website's address is the following:

Code: Select all

http://live-virus-scanner7.com
When this happened the last time, a few minutes ago I had only Gmail (inbox), a Sweding-English dictionary:

Code: Select all

http://lexin2.nada.kth.se/sve-eng.html
and D-Addicts open.
I got this message as exactly as I was leaving "Torrents" page, and went to the "Home" page.
And yesterday I got it when did log out.
Earlier today I did scan my computer with AVG 8, no viruses found, all warnings were tracking cookies, I deleted them. Yesterday I did also run CCleaner.

Posted: Aug 30th, '09, 16:44
by aimlesswanderer
I had something dodgy install itself a few months ago from here. After scans with half a dozen scanners I found and removed a few dodgy files.

Now I use Chrome, and it sometimes warns me that threats are on certain pages, though none here so far. More security = good.