[b]EDITING PER INFORMATION SEEN ON REPLIES “AFTER” I POSTED THE URL HERE ERRONEOUSLY…SORRY!
The time/date of my correction posting here is CST/USA February 20, 2010 @ 8:41PM (I guess that’s about 1:41AM on Sunday, Feb. 21 Avast Forum time?)…
Yes, I do see I did a TYPO and I’m so sorry! Yes…it was supposed to be “talk” radio instead of “ralk”.
Ok, I will now exit this correction and make a new reply.
P.S. If I’m not supposed to make a correction like this, please, please tell me, ok?
Shalimar (Thank you!)
Thanks for the correction. Apparently all efforts were taken to hide it from the curious ;D .
It is mighty important that avast protect you from getting infected by this trojan clicker because if infected no matter how many times you remove it, it’ll keep coming back with every boot-up process, because you are then part of a network. If infected you are under consistent attacks. Users should very careful while clicking, and I checked and Norton does not protect you going to this site,
Thank you for your replies, and I’m so sorry about the typo in the URL I originally posted! Thank you for catching my error! :-[
QUESTION: Should I take responsibility in notifying ALL TALK RADIO . NET via email that their website has been compromised by KEY MY DOMAINS . COM? ???
Of note is I discovered that website accidently. I downloaded an old 2005 app to my desktop from CNet called Easy Radio1.4 and scanned it with Avast first. When I opened it, the very first radio station I decided to try listening to was called ALL TALK RADIO . NET. At first, I thought something really was wrong with that application, but I decided to check out the website first before uninstalling it…and I’m glad I did!
You could try and notify them, especially if you would like to try it without avast alerting. The problem being unless you know the email address without having to go into the site. normally it is easy enough to do a whois search for alltalkradio.net, that normally gives some email contacts, though webmaster (at) the-domain-name.com on occasion works.
If you try to analyze get at that site you get a detection of a redirect to:
hXtp://www.talkradio.net/273147948
that is a pid at sohu dot com dot cn
搜狐-中国最大的门户网站
1 suspicious inline script found.
71 hidden external links found.
Long suspicious script found there:
ar $=getObject=function(element){if(arguments.length>1){for(var i=0,elements=[],length=arguments.l...
Presenting us with the following threats:
Report of threats:
Total number found: 4
Heuristic viruses
Threats found: 3
Here a full list of these:
Name of threat: Bloodhound.Exploit.281
Location: hxtp://1833.img.pp.sohu.com.cn/images/blog/2009/12/6/11/14/12611fd138cg215.jpg
Name of threat: Bloodhound.Exploit.281
Location: htxp://1853.img.pp.sohu.com.cn/images/blog/2008/8/18/22/8/11c7c81c6c2g213.jpg
Name of threat: Bloodhound.Exploit.281
Location: htxp://1824.img.pp.sohu.com.cn/images/blog/2009/7/5/16/12/122f6dfe99fg215.jpg
Virus
Threat found: 1
Here the full list:
Name of threat: Trojan.Maliframe!html
Location: htxp://1852.img.pp.sohu.com.cn/images/2008/10/19/20/6/11dbcbaf778g214.jpg
So certainly not a welcome redirection, malicious by design…
Just an update…I spent a long time in trying to find more information about the website so as to contact them (without clicking on the URL!!!), but the telephone number I found on the internet is no longer in service.
I noticed that Google had given that website a clean slate on February 19…one day before this happened to me on Feb. 20. (Wouldn’t that be something if malware-lovin’-injectors sometimes purposely peruse unmaskparasites.com to check out the last date websites were given clean slates by Google and then insert malware the very next day!) I tried filling in a form for Google to go back and check it out again, but had problems with the form going through.
I almost was ready to give up but then found a site to contact for submitting suspicious URLs. You’re already probably familiar with it, but it was new to me…it’s called: [b]http://www.malwareurl.com/[/b]
The database section of this website gives the following alert: “WARNING: All domains/IPs listed on this website should be treated with extreme caution.
Some of them will automatically infect your computer.”
So, anyway, for what it’s worth, I tried to get more attention to this website so that others won’t needlessly get infected…and I hope it’s of some benefit. :
Again, thanks so much for all your work!
Thanks again for reporting. Thanks to attentive users like you we also get better and better in this malware hunt, and as you know now the avast shields are among the best protection against the dangers of visiting sites that have been hacked and injected with malcode around, avast developers can be proud.
Another full proof protection against script related website infections is using the Firefox or Flock browser in combination with the NoScript extension to block malcode all sorts.
Well you know now where and what to look for (unmasked parasites, malwareurl, Norton_Safe_Web site to check domains against etc.), stay safe and secure and a big welcome to our forums here,
Believe me when I say it’s truly great having this forum available with such competent and caring people helping out. Yes, I love Firefox and I’m so glad I have NoScript, too. I do, however, hope you will let me know when I shouldn’t be making certain comments. I must admit that I unfortunately have a habit of putting too much detail in my comments, so I’m trying to improve on that…but it’s so hard for me to be “brief”! ;D
By the way, I’ve been wanting to post an off-topic comment about something, and since I actually paid attention recently, I see you do have an off-topic category…so I shall zoom over there! Thanks, again!!!
OOPS! I just discovered the “Off-Topic” forum has been CLOSED!
Briefly, where could I post something like this?:
I have many images I copied (graphic/animation) and when I link on them to get back to their websites, I end up at gmx.com webmail sign-in page (where I had previously had them stored for awhile). :o
I don’t see how that’s possible and I sure would like to find out why that has happened!
