Discovery of a hacked site and hacked email account on Yahoo

Early this morning, a message was posted to a private list giving the from as a good friend in the list, Lance. Since we are a small, friendly group, we took it that the link given in the message was something he wanted us to see. There was no other text, only this link in the body of the message. When I went to the link, Avast! warned me that it was a virus worm location, so I quit out of it immediately, and posted a message to the list. I was quickly informed that the message was forged, and that Lance had not posted it.

Some other members of the list also assumed that Lance wanted us to look at that site, and now we have a problem. Janet found that once she got to the site, she could not quit out of the window until she quit from her browser, which crashed her Windows. Now she finds that her computer intermittently starts playing “La Bamba.”

Janet is running AVG. It has not protected her. Do you know what she is infected with, and will Avast! fix it?

The link to the site is:

#ru#ro#vu#pa.ho#st#ifi#c.c#om

I have added the hatches to prevent anyone from accidentally thinking that they might want to go check this one out.

the report that came up with the Avast! block on this site was:

File Name: h#ttp://3#ttm#an.c#om/o#k2.h$tm{g#zip#}
Malware Name: HTML:Iframe-inf
Malware Type: Virus/Worm
VPS Version: 090716-1, 16/07/2009

As for Lance, since it was a Yahoo account, it seems unlikely that his computer is infected with the email virus, but is it possible that Yahoo is infected?

Any information you may have to help Janet and Lance would be greatly appreciated. I’m OK, and for that I owe you guys a huge thank you.

Hi Dee Dylan, welcome to the forum.

You say the list is private. Does this mean a special password/registration is required to post to it or access it? If so, friend Lances’ computer is definitely likely to be infested with something. Basically someone or something has used his credentials to sign in to that list and post a malicious link to it.
If the list is able to be accessed by anyone who might know a username or email address, the members need to up their security awareness ante a bit.

As to whether Avast can remove this, don’t actually know. You could certainly get her to try. If she does, she should download Avast first, download the AVG removal tool from here, making sure the appropriate tool for her OS is selected. (32bit or 64bit.)

Then the connection to the net turned off, AVG should be exited, then removed via add/remove programs. (Uninstalled.)
The tool should be run.
The computer should be rebooted.
Avast should be installed. As part of the install it will ask to run a boot scan. Answer “Yes”, since the computer is known to be infected.
That scan could easily take an hour or more. Once complete, a log will have been kept. Logon can continue, the net reconnected, and Avast updated.

Another recommended tool which might remove this, and is recommended by a lot of the members here, is MBAM. It can be installed alongside an antivirus, no problem. Good scanner/cleaner for this kind of problem.

If those measures fail to remedy the situation, she is going to have to register here, or at another forum that deals with malware cleanup, and post directly to iit herself. It just gets too difficult doing it remotely anyway, without an intermediary added to the mix; as I’m sure you can imagine.

Hi Dee Dylan,

You took reasonable precautions in avoiding accidental exposure but then forgot to do the same in the avast alert details - Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

I never take any email, etc. (I don’t use IM) at face value as it is so easy to forge who it comes from. It is more likely that someone with your friends IM/email address in their address book/contacts is infected and they use those details to forge the Form address and send to other contacts that they find.