Owned by a website with loads of malware and Iframes...

Ok, I went to this site: hXXp://link-protector.com/x-18700

Then I got owned by loads of hidden Iframes and stuff. Avast! only detected the picture virus, but other malware came through, then I encountered some new tabs, that had the same website. Repeatly downloading viruses and Avast! didn’t block them. I disabled internet connection, Tryed a boot-time scan, it only found my EICAR Test File and I was mad. Then I tryed Malwarebytes’ Antimalware but it woulden’t even start. So now I’m attempting to download Super AntiSpyware Pro and run a full scan just to be on the safe side, anyways, can you add this site to the network shield? It might be a hidden keylogger reading what I type this very moment…

Here is the Hijack This Log from when it was happening and here is the Avast! boot-time scan log.

Here is what it blocked:
15.05.2009 20:13:45 Network Shield: blocked access to malicious site segulnhen.com/image/pfgt.php [ C:\Program Files\Internet Explorer\IEXPLORE.EXE ( 1456 ) ]

I hope that I don’t have a unknown hidden virus if the site is updated daily with brand new viruses…

~Donovansrb10~

Here is what I found in the websites coding - part 1 - see pictures below.

Here is what I found in the websites coding - part 2 - see pictures below.

SuperAntiSpyware didn’t detect anything so I think I’m secure. Only some browser hacking…

Anybody??

OK, I’ll have a go.
Stop trying to download something for nothing, in a situation where you already know that this package normally requires payment. >:(
You should know better.
If something appears to good to be true, it probably is.
HJT log appears clean.

If something appears too good to be true, it probably is.


:slight_smile:

And the best response you can manage is to correct a typo.
OK, you win.

I don’t know… How should I know?

;D

When you come seeking help being a smart ar** doesn’t help your cause, it just means people won’t bother in the future.

Scan for out-of-date and insecure software using Secunia Online Software Inspector (OSI) and update any vulnerable software: this will help to prevent future infections.

there’s no reason to get pwned just visiting a website.

Hi there Donovansrb10

Okay if I ask whether you trawl around web looking to pick up viruses so then you can put into work your learning on anti-malware options. If malware is trouble, which it is, then you seem to be looking for trouble. So best of intentions then?

If so, perhaps adding a ‘notification of intent’ rider in the opening post of your thread - to help readers / viewers who are following the thread - would add to the usefullness of your contribution.

I actually copied images from reply 1 and reply 2 in the thread so to show to people as examples of the growing use of the ‘iframe’ range of malware attack. It was convenience really. The images happened to be at a convenient time and place - when I wanted to add a few examples to a record I was keeping on various guidelines to safe practice and secure system for home computers. Encouraging prevention behaviours amongst my existing clients, as well as clients to be. What you posted were good examples.

At the risk of sounding ‘know it all’ - when some of my posts may be not far short of unneeded - many people myself included log in to Avast forum to keep up to speed with the changing ways and means of malware attack, and to help empower the unknowing computer users (most of my clients) amongst us to keep their desktops in a running state. For myself, I did my antivirus toil (irritatingly time-consuming and sometimes self-defeating) for two years just using various tools and common sense with no real depth understanding of the malware environment, such that I probably had far better outcomes than I deserved. I’m not so sure whether I could survive today with that kind of approach, especially when you consider the changing face of Microsoft malware defense since last November. And I need to continue forward with a record of far better outcomes. Avast forum is a key play to my future good fortune, maybe the key factor. So just keen to deliver good outcomes, and keep success rate high. So I post this reply.

In no way do I mean offense to you or anyone else (except malware perps). In fact, appreciate your contribution, as I said, I found images in reply 1 and 2 very useful cause of time and place. And would not mind at all to keep things that way. But sometimes intent behind some posts is a bit of a guessing game (and not just you, not picking on you at all - at time my posts can be equally confusing as well). Just trying to do my bit to keep this very useful forum on a very useful bearing. Cause it works for me.

Kia kaha, go well, to all Avast forum contributors.

Download what?

No Comment

Yeah… :stuck_out_tongue:

Hi Donovansrb10,

There were people before that really started collecting malware for a reason. There are those that collect stamps, others collects coins, some collect worms, viruses, Trojan horses, and exploits, like Anthony Aykut. About him: http://www.linkedin.com/pub/anthony-aykut/0/35a/a82
This collector of malware has turned his hobby into a real time job, so you can hear from his podcast. The hundred of thousands of malware samples he collects through Honeypots, Aykut sells to firms that have no spare time to do this themselves, but like to test their apps against malware all sorts. Aykut also analyzes each and every piece of malware and forwards them to av-vendors, which he has now built a favorable relationship with. In the mean time his firm has collected 2,2 million samples over the last few years and these are very well sought after by his customers. Listen to his podcast here:
http://debeveiligingsupdate.nl/2009/05/01/

So it could be that Donovansrb10 one day in the future could become a member of the The Frame4group, Aykut’s firm,

polonus

@Donovansrb10:
I checked the links and also I read the codes you post in pictures, all those urls in those codes are already blacklisted by the MVPS and ads lists in HostsMan, why don’t you immunize your Hosts file to enjoy surfing a web without ads and also block any traffic from your computer to bad urls without any impact in your computer performance and also speed of your web browsing (because ads would not load in your computer and google would not be able to spy your web browsing) ??

I did not get any alert by my anti-viruses because those bad URLs are already blocked in my Hosts file and nothing loaded from those site to get alert because of their content :slight_smile:

Quote from: mkis on Today at 03:42:55 AM Hi there Donovansrb10

Okay if I ask whether you trawl around web looking to pick up viruses so then you can put into work your learning on anti-malware options.
Yeah…

My life is boring. I havent sunk my teeth into a real virus for ages. I live in hope. ;D

Anthony Aykut. About him: http://www.linkedin.com/pub/anthony-aykut/0/35a/a82

Im impressed. :o

why don't you immunize your Hosts file to enjoy surfing a web without ads and also block any traffic from your computer to bad urls

And see which of your newsprint agencies is peppering you with hidden iframe ads as well as giving you the news. Can be a real eye-opener, especially when you find one that actual keeps everything above board. One of my local rags is clean as a whistle, pure news frames only. My estimation of them has risen markedly, even when the news is garbage. :smiley:

Hi mkis,

Here is where we teach the youth, and we know/knew what we were doing when we were young (I am a reverted 16 year old, which translates to 61 as my age, so in my younger days there was no Internet, just an electric typewriter). Young people are so privileged to-day as they have so many opportunities to learn things where we had more room to experiment without restrictions. Also the anonymity found on the Internet can make young people have a choice to go two ways - a dark path and a lighter one, and some even have a chance to switch the path they’re on (free from the Led Zeppelin song). But those that want to succeed need some boot-camp training here, make a lot of mistakes and learn not to repeat those, and then the end result of that the 61 year old calls “experience”,

polonus aka Damian

??? ???

Hi there

Quote from: mkis on Today at 10:18:28 PM And see which of your newsprint agencies is peppering you with hidden iframe ads as well as giving you the news. Can be a real eye-opener, especially when you find one that actual keeps everything above board. One of my local rags is clean as a whistle, pure news frames only. My estimation of them has risen markedly, even when the news is garbage.

Here is first (1) local rag (news website) with clean frames and then under that is (2) different local rag with invisible iframes in pages (between clean ‘news frames’, if you like). I have redded out the names of the particular news sites.

(1) Clean news frames

http://pics.livejournal.com/emkis/pic/0002d3s4/g49

(2) News frames with hidden iframes

http://pics.livejournal.com/emkis/pic/0002eq35/g49

When viewing local news website, I check back through immediate browsing history to see how may iframes ads had been slotted into the web page (i.e into the frame that is actual visible - you cannot actual see those ‘ad.bureau’ frames in (2) - because they are hidden in the page)

I’m in a bit of a hurry but this is the best I can do for now. Also I dont use features on Avast text editor much so hope all comes out okay.

Still have no clue…