nasha-russia.tv - HTML:Iframe-inf

hxxp://nasha-russia.tv/

A virus or unwanted program has been detected
in the HTTP data on the requested page.

Requested URL: hxxp://nasha-russia.tv/
Information: Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

Hi sewaq,

DrWeb’s av link checker gives it as red - infected -
Checking: hxtp://nasha-russia.tv/
Engine version: 5.0.0.12182
Total virus-finding records: 539455
File size: 45.05 KB
File MD5: 4c7dd71d5934d7cab5a3aeefe3dfd339

hxtp://nasha-russia.tv/ - archive HTML

hxttp://nasha-russia.tv//JavaScript.0 - Ok
hxtp://nasha-russia.tv//Script.1 - Ok
hxtp://nasha-russia.tv//Script.2 - Ok
hxtp://nasha-russia.tv//Script.3 - Ok
hxtp://nasha-russia.tv//Script.4 - Ok
hxtp://nasha-russia.tv//Script.5 - Ok
hxtp://nasha-russia.tv//JavaScript.6 - Ok
hxtp://nasha-russia.tv//JavaScript1.1.7 - Ok
hxtp://nasha-russia.tv//JavaScript1.2.8 - Ok
hxtp://nasha-russia.tv//JavaScript1.3.9 - Ok
hxtp://nasha-russia.tv//JavaScript.10 - Ok
hxtp://nasha-russia.tv//JavaScript.11 - Ok
hxtp://nasha-russia.tv/ - Ok

Checking: hxtp://pagead2.googlesyndication.com/pagead/show_ads.js
File size: 29.44 KB
File MD5: 24c7aba78e61147132b46e48e6743e71

hxtp://pagead2.googlesyndication.com/pagead/show_ads.js - Ok

Checking: hxtp://lotbetworld.cn/in.cgi?income36
File size: 8978 bytes
File MD5: 98ccf1db761c14c99d26177ac88722b1

hxtp://lotbetworld.cn/in.cgi?income36 - archive MAIL
xttp://lotbetworld.cn/in.cgi?income36/ - archive HTML

hxtp://lotbetworld.cn/in.cgi?income36//Script.0 infected with Trojan.DownLoad.35036

Checking: hxtp://nasha-russia.tv/includes/jscript.js
File size: 2849 bytes
File MD5: 50f24195e48db586910fffb5f7f5a614

hxtp://nasha-russia.tv/includes/jscript.js - Ok
Re: hxtp://virusinfo.info/showthread.php?t=44061

polonus


Well, Polonus beat me to it but here is a little more information.

One iframe infection is outside the html tag at the top of the page and looks like this :

(I changed the http to hxxp to disable the link)

I counted at least 12 javascript infections through out the page.

There are 2 more iframe infections outside the html tag at the bottom of the page :

Click the images below to enlarge.


Went to the site without pro version and got infected. :-X


Since Polonus and I had already checked it out, why did you go there? ???

We already said it was infected. You need a little more experience before doing such things.


I wanted to see what the virus does. ;D Besides, I think I can remove the virus vai Boot-Time Scanning!

Hi Donovansrb10,

People that download viruses to see what they do aren’t just average users. These people download viruses in a special lab settings, where they cannot infect outside a virtual machine. They have to take a lot of precautions and need a lot of special analyzing tools. Well if you download Vitro file infector, you can see what is meant, if you do that you can completely f-disk, format and re-install your Operational System, so-called total recall, not a nice thing to experience, seeing your computer being ruined by a virus. Malware is no plaything, and malware should be kept from computers by all means. The real hero here is the man or woman or kid that did not have a virus for years and years, because he or she or it is computer-savvy and security aware,

polonus

That goes double when you have absolutely no idea what the payload at the other end of the link could be.

One member who I would also say is more experienced tried this and with out a robust back-up and recovery strategy (hard disk imaging, etc.) he ended formatting his system and reinstalling everything. What he got hit by was Vitro/Virut and you only have to check this forum to see the destruction it reaps with most ending up on a fdisk, format and reinstall.

So this strategy is IMHO totally stupid, unless you are on a test machine that you wipe after the test.