Please modify your post and change the http to hXXp this will break the link to avoid accidental exposure to a suspect location.
The Ali Baba rings a bell (appears in the page title at the top of the window) if you do a forum search as this has cropped up before, but a different url, this was for a hacked site rather than what appears like a phishing expedition.
Hi, thanks David have changed above post to hxxp, can’t seem to find anything searching for ali baba apart from the alibabar toolbar, which i suppose it could be related to (thinking it’s identity theft after all)…
Have got a message back from my friend, she didn’t send it and has had the same message from other friends that didn’t send it, so i’m going to assume that the file is a phishy spyware trojan type thing.
Incidentally, i found another very similar page from looking up “ali baba & 40 , LLC” in google.
I assume it’s the same hack you’ve mentioned. Here’s google’s cached copy (again i’ve replaced the http with hxxp):
hxxp://64.233.183.104/search?q=cache:Yu7k0zW0aiQJ:www.sbestfood.com/+%22ali+baba+%26+40+,+LLC%22&hl=en&ct=clnk&cd=1&gl=uk&client=firefox-a
They appear to have replaced the name and photo with her facebook name/direct link to her pic.
Ahh and thanks to FreewheelinFrank ;D that’s the confirmation i needed… do hate these nasty things. I’ll use that virustotal in future to double check these things.
So as avast can’t find it yet, has anyone got any idea how to remove this from my friend’s and her friends computers?