The last hours i see a few messages on facebook profile saying that im tagged to a friend photo with a link under h…://195.244.61.38
a turkish site with a download link in it.I assume it is another virus,please inform me about it.
The redirecting domain was just recently registered: http://2013.netorginfo.com/20130131/bon.htm
Going to the site it has in Turkish
Firefox Extension Update
Please Refresh button, Firefox Add-Update yourDue to system errors and security vulnerabilities that are required by pressing the Reload button
Install Firefox Plug-in Update.
As long as you have not updated the site faydalanamayacaksınız features.
Do you recognize having Google Enhancer firefox extension? Is it checked by firefox as a reliable extension?
The update site domain is 20 days old: http://www.statscrop.com/www/bond2-reawer.com
Nothing here: http://urlquery.net/report.php?id=1033633
But detected as a possible spammer: http://www.urlvoid.com/scan/bond2-reawer.com/ also → (http://sitecheck.sucuri.net/results/www.bond2-reawer.com)
Probably your Google Enhancer became incompatible with firefox. The unnecessary part of the request is created by an outdated add-on for Firefox, meaning: requested URL /&sa=U&ei=KykiUebZCc7bqQG6mYHoCQ&ved=0CB8QFjAC&usg=AFQjCNFC5cnxNv7BOheL_jsiiSQ6X9UXbg.
It was going to the updater of that extension.
So nothing to worry about,
polonus
Τhx for your reply could you check another link that i seen to those messages,h…://www.facebook.com/131224037048839
seems it will only work when logged in… and i don have facebook 
http://urlquery.net/report.php?id=1036022 click picture in top right corner
That url, from facebook, redirects to another link h…://www.profonix–cod.tk/
urlQuery http://urlquery.net/report.php?id=1036089 see under Intrusion Detection Systems
Zulu analyser http://zulu.zscaler.com/submission/show/c5e5dff2f24b5afe85aa8800a8b87605-1361215818
VirusTotal html scan
https://www.virustotal.com/nb/file/796d326c8274522f5245b9c12415a64d7bfb205d055f5548337f109408879243/analysis/1361216075/
First seen by VirusTotal
2013-02-18 19:34:35 UTC ( 5 minutter ago )
Virustotal URL scan
https://www.virustotal.com/nb/url/beb1b846a2c52eb2ccddf9eca5be385eb3debe7140b9fabe3fea2f9e2d3ad7ee/analysis/1361216090/
Nope this one h…://www.facebook.com/131224037048839 goes to a picture and redirects to h…://www.profonix–cod.tk/
Thx for you help by the way 
edit above
Thank you for your help
so seems new…
the bad guys always fish in the pond with most fish, and the biggest is facebook
One more address that redirects that message from facebook-h…://www.pvphosting.net/
We have a big problem in Greece as i see from other profiles with that virus or whatever it is.
tested with 5 scanners, got nothing…yet
Facebook moderators, as i see try for the best cleaning all those messages from users profiles, i hope to get rid of with that virus soon.
In case i notice anything suspicious i will inform you again.
Greetings from Greece
Hi Pondus,
Could it be this one: http://pastebin.com/3Yzsv0PW
See the like hostile code flagged here: http://urlquery.net/report.php?id=1036089
I reported on this earlier in our webforum section here: http://forum.avast.com/index.php?topic=102797.0 (218 views, no reactions)
Already high in the IDS alert charts during 2011:
The .tk domain is leased out and highly hostile. if you find some legitimate content in there we’d love to see it.
Other than a couple personal blogs we’ve been unable to do so. (And we really tried!)
2012810 - ET CURRENT_EVENTS HTTP Request to a .tk Domain - Likely Hostile (current_events.rules)
2012811 - ET CURRENT_EVENTS DNS Query to a .tk domain - Likely Hostile (current_events.rules) (reported by/credits to matt jonkman-
Emerging Sigs on EmergingThreats 5/15/2011)
Also PHISHING going on from that IP - and long overdue issues -migrated from 178.211.44.113 178.211.44.113 to 46.45.177.101
polonus
Norman lab confirms infected…
detection added profonix–cod.tk.htm - iframe.VE
i am using firefox and today i click on this link -
- after that every time after 2-3 seconds and as we change the tab a pop up message come and in that written is -
This web page is being redirected to a new location. Would you like to resend the form data you have typed to the new location?
- So suggest me what i do…