Some banners xD

Viruses and worms
1

fix this please http://files.mail.ru/1QAQYX
I hope that AVAST will be best antivirus))

2

I am not getting any avast alarm on this website … ???

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=files.mail.ru/1QAQYX

Only this link
Diagnostic page for blogs.mail.ru http://www.google.com/safebrowsing/diagnostic?site=blogs.mail.ru
Malicious software is hosted on 1 domain(s), including tracegirlsonline.com/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including siggiez.com/, mayatek.info/.

3

Site is clean, I believe he meant the file on that page.

4

Banners of Ads are normally rotating and there is a rash of what is determined as ad poisoning, see http://blog.avast.com/2010/02/18/ads-poisoning-–-jsprontexi/ for more information.

So I don’t know if this is what the OP is experiencing as there is no real information in the post.

5

OK I see what you mean.

VirusTotal doesn’t find much 4/42 detections and 3 of those are heuristic/generic so there is room for doubt and requires further analysis.

http://www.virustotal.com/analisis/49a86b0aacc5a184ca86d1f889f7b247101ba1d32f76badfcb8a78c4bee1c06e-1268550924

@ AbaddonRaptus
You should send the file to avast for further analysis:
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and possible undetected malware in the subject. Or manually add it to the avast Chest and send it from there.

6

A threatexpert report on this: http://www.threatexpert.com/report.aspx?md5=4425f41d287f644b48d3d71624c8812f … Looks interesting.

7

Hi AbaddonRaptus, 13thSlayer, Altaris, DavidR & Pondus,

Here is the WepaWet analysis for a hidden link to content3 dot files dot mail dot ru from the main page:
hXp://content3.files.mail.ru/1QAQYX/50ad38b11b3b931863da231b6192b08b

http://wepawet.iseclab.org/view.php?hash=62c8ac86253cc0c88b9df03d386146e0&t=1268582555&type=js

This apparently has the Mal/EncPk-NS malicious behaving spyware - a generic find
exploiting an Adobe exploit - look for malicious BHO like found via HJT as example given below here:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Interesting what cooperation of posters in this thread delivers. Thanks for the input folks,
lesson learned never trust anything, anything at first “site”…I mean at first sight of course

polonus