hXXp://www.wtso.net/
It’s a site to watch The Simpsons. Don’t even try to go on it, i kept getting about 8 viruses per page!!
hXXp://www.wtso.net/
It’s a site to watch The Simpsons. Don’t even try to go on it, i kept getting about 8 viruses per page!!
Hello and welcome to forum,
please use this format for posting suspicion sites here: hXXp://www.bad-site.com/
those xx would kill the link format in your post.
Thanks.
(please modify your last post too)
Hi PsychoNinjaFlea,
Why did not you make the link non-clickable like www dot wtso dot net or hxtp://www.wtso.net so no one can click it out of curiosity, curiosity killed the … you know…
Exploit Prevention Labs Online Link Scanner gives a clean bill for the site,
DrWeb’s av link checker gives an all green:
Checking: hxtp://www.wtso.net/
Engine version: 5.0.0.12182
Total virus-finding records: 540991
File size: 24.75 KB
File MD5: 6e6ed8677e961c3225b8e85a1872782b
xttp://www.wtso.net/ - archive HTML
hxtp://www.wtso.net//Script.0 - Ok
hxtp://www.wtso.net//Script.1 - Ok
hxtp://www.wtso.net//Script.2 - Ok
hxtp://www.wtso.net//Script.3 - Ok
hxtp://www.wtso.net//JavaScript1.1.4 - Ok
hxtp://www.wtso.net/ - Ok
Checking: hxtp://ads.wtso.net/stats.php
File size: 845 bytes
File MD5: 49a43bba98bbe1eec6afe9824d9064c7
hxtp://ads.wtso.net/stats.php - Ok
Checking: hxtp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=728x90§ion=399873
File size: 4412 bytes
File MD5: 3a187d631c7bd74d97dda9b111e36074
hxtp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=728x90§ion=399873 - archive HTML
hxtp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=728x90§ion=399873/Script.0 - Ok
hxtp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=728x90§ion=399873 - Ok
Checking: hxtp://www.statcounter.com/counter/counter_xhtml.js
File size: 7754 bytes
File MD5: 3b80c9538a5f81a422d81c8103b12ab7
hxtp://www.statcounter.com/counter/counter_xhtml.js - Ok
Checking: hxtp://wtso.net/templates/v3/js/xmlhttppost.js
File size: 1346 bytes
File MD5: 23f3b51a62f37b1e81e2102178e1cf81
hxtp://wtso.net/templates/v3/js/xmlhttppost.js - Ok
One hidden: <IFrame> hidden link - hxtp://ads.wtso.net/stats.php
And this: <script type="text/javascript">
var gaJsHost = (("hxtps:" == document.location.protocol) ? "hxtps://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
checked
Maybe browser has a hijacker infection. Why don’t you give us a hjt logfile txt,
download hjt from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/
and we will like to analyze that for ye,
polonus
I had a quick rummage round on the site and never got pinged by avast once, I too saw nothing obvious. Though I couldn’t do much investigation on dial-up, too media intensive.
So we would need more info from PsychoNinjaFlea.
@ PsychoNinjaFlea.
avast is very hot on any web based malware, so I was surprised not to bump into anything whilst investigating…
What is the Malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx or full URL see #### below) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.
http://www.siteadvisor.com/sites/wtso.net
Avira seem to dont liked it too look on the comments
Well just look at the dates of those browser exploit reports in siteadvisor, 4th March 2009 (avast alert) and 25th Dec 2008 (merry xmas from avira). A week in virus terms is a long time a month a lifetime and 4 months an eternity , so these are I believe unrelated to the current issue.
sorry sorry, i wasn’t aware of this post… i think it should be stickied
i’m gonna post what i posted from there
" sorry, i couldn’t find the noticed on what to do when you find an iframe site… all i remember is that you list it on the forums… Huh
hxxp://www.bizcash.info/go/to.php?id=005 (iframe)
hxxp://www.samra.com/blog/ (Sigh of “JS:ScriptIP-inf [trj]”)
hxxp://www.smileyadv.net/sc46/flashwrapv10.js (iframe)
we shall over come this virus!! Angry
hope i helped. "
There may be a couple of hidden links on the site www(dot)wtso(dot)net.
Google Safe Browsing Diagnostic page for www(dot)wtso(dot)net :
http://www.google.com/safebrowsing/diagnostic?site=www.wtso.net
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="hXXp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=728x90§ion=399873"></IFRAME>
<script type="text/javascript"><!--
var sc_project = 3008679;
var sc_invisible = 0;
var sc_partition = 32;
var sc_security = "035d30ad";
//--></script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script>
<!-- PayPopup.com Advertising Code Begin -->
<div id="PaypopupStartCode" style="display:none">
</div>
<script language="JavaScript1.1">
if (typeof(paypopupScriptStart) == 'undefined') {var paypopupScriptStart = false;}
if (!paypopupScriptStart) {
document.write('<scr'+'ipt src="hXXp://popunder.adsrevenue.net/popup.php?'+(new Date()).getTime()+'&id=joecool6101&pop=enter&t=5&subid=96831&blk=1&fc=24"></scr'+'ipt>');
paypopupScriptStart = true;
}
</script>
<noscript>
<div style="width: 1px; height: 1px;overflow: hidden;">
<a href="hXXp://www.silkletter.com" title="promotional products">promotional products</a>
</div>
</noscript>
<!-- PayPopup.com Advertising Code End -->
***
Wow thankyou all for all this help i apreaciate you taking time over this for me, i am quite new to all this and I have to get my head round all this new info. But i will as soon as i have the time, Thankyou all again and sorry for the link!! I still daren’t go on it tho haha
No problem, glad I could help.
A belated welcome to the forums.
I suspect this site to be infected hxxp://www.yoville.com , it’s an online game, I didn’t notice any problems when I started to play it, but recently my firefox browser gets stuck when I play the game “tick tack toe”, I had google chrome browser installed but uninstalled it just because of this problem, and now the same happens when I use firefox.
add me as your friend and then I would vote/rate your room ;D ;D ;D ;D ;D ;D ;D ;D ;D