There is a trojan in the Donkeymails PTP rotator. The bad page in the rotator is httXXp://gavriell.blogspot.com. The malicious content is a Pay-Ads iframe imbedded on the bottom of the page. the iframe runs script that attempts to download the trojan to your computer. The trojan masquerades as Norton Antivirus and if your security settings on your computer are set properly you get a warning message telling you that the website wants to download "Norton antivirus By Symantec Corporation." I don't know about everyone else, but i have never had a website offer to give me Norton antivirus for free and to be so helpful as to automatically try to download it onto my computer without asking me first, but i have had plenty of viruses and other bad stuff try to do that. I have submitted this info to Sebas via the site contact form.
The Pay-Ads iframe code is pasted below.
/></a><br /><script>ads_id="gavriel";b=window.document;b.write('<iframe src="http://www.pay-ads.com/ads.php?usr='+ads_id+'" width="480" height="60" frameborder="0" scrolling="no">Your browser does not support IFRAME</iframe>');</script><br /><iframe
Full Version: Trojan in Donkey PTP rotator
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Nasties, trojans, 0iframes and downloads when surfing : Info and discussions
This bad page is still in Donkey's PTP rotator. I just got hit again. The trojans it attempted to download were downloader and dropper. I still haven;t received a response from sebas to my email a couple of nights ago warning him that this was on his site.
I don't know whats going on with all these PO's, whether they''re too busy to deal with these things promptly or just don't care but it is getting out of hand.
I don't know whats going on with all these PO's, whether they''re too busy to deal with these things promptly or just don't care but it is getting out of hand.
**UPDATE***
I received a response from Sebas that he went and manually clicked through all of the sites in their rotator until he found the bad ones and has now removed them. Thank You Sebas!
I received a response from Sebas that he went and manually clicked through all of the sites in their rotator until he found the bad ones and has now removed them. Thank You Sebas!
this is another trojan ???
avast detected this in donkey rotator
file: hxxp://otlili.cn/sys/index.php?id=0002
virus name: JS:Agent-Q [Trj]
file type: horse trojan
from this site:
hxxp://www.planet-traffic.com/traffic/ct.php
avast detected this in donkey rotator
file: hxxp://otlili.cn/sys/index.php?id=0002
virus name: JS:Agent-Q [Trj]
file type: horse trojan
from this site:
hxxp://www.planet-traffic.com/traffic/ct.php
The blog is no more there.. i went to check site you mention with some detector.
But the blog has been closed and do not have any 0 iframe now...
Probably someone else already complain about the blog.
edited : Just see other message.. Probably this ad removed from donkey was the proble getting donkey to not load,,,,
Some bad stuff take all the place and use lot of cpu ressources.
Mtlgold
QUOTE (MisterChris @ Dec 11 2007, 10:18 PM) 
There is a trojan in the Donkeymails PTP rotator. The bad page in the rotator is httXXp://gavriell.blogspot.com. The malicious content is a Pay-Ads iframe imbedded on the bottom of the page. the iframe runs script that attempts to download the trojan to your computer. The trojan masquerades as Norton Antivirus and if your security settings on your computer are set properly you get a warning message telling you that the website wants to download "Norton antivirus By Symantec Corporation." I don't know about everyone else, but i have never had a website offer to give me Norton antivirus for free and to be so helpful as to automatically try to download it onto my computer without asking me first, but i have had plenty of viruses and other bad stuff try to do that. I have submitted this info to Sebas via the site contact form.
The Pay-Ads iframe code is pasted below.
/></a><br /><script>ads_id="gavriel";b=window.document;b.write('<iframe src="http://www.pay-ads.com/ads.php?usr='+ads_id+'" width="480" height="60" frameborder="0" scrolling="no">Your browser does not support IFRAME</iframe>');</script><br /><iframe
The Pay-Ads iframe code is pasted below.
/></a><br /><script>ads_id="gavriel";b=window.document;b.write('<iframe src="http://www.pay-ads.com/ads.php?usr='+ads_id+'" width="480" height="60" frameborder="0" scrolling="no">Your browser does not support IFRAME</iframe>');</script><br /><iframe
I was wondering why I couldn't get page then got then didn't again! Thanksfor the update!
QUOTE (mtlgold @ Dec 25 2007, 03:18 AM)
The blog is no more there.. i went to check site you mention with some detector.
But the blog has been closed and do not have any 0 iframe now...
Probably someone else already complain about the blog.
edited : Just see other message.. Probably this ad removed from donkey was the proble getting donkey to not load,,,,
Some bad stuff take all the place and use lot of cpu ressources.
Mtlgold
I just tried it:
Not Found
The requested URL /pages/enter.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.39 Server at nd10034.lucidityhosting.com Port 80
That is what I got
QUOTE (MisterChris @ Dec 15 2007, 08:53 AM)
**UPDATE***
I received a response from Sebas that he went and manually clicked through all of the sites in their rotator until he found the bad ones and has now removed them. Thank You Sebas!
What do I have to do MisterChris? Clear my cookies I received a response from Sebas that he went and manually clicked through all of the sites in their rotator until he found the bad ones and has now removed them. Thank You Sebas!
I can't get donkeyto load for me
ADD: I did index and got this:
Great Success !
Apache is working on your cPanel® and WHM™ Server
If you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content.
ATTENTION!
If you are seeing this page instead of the site you expected, please contact the administrator of the site involved. (Try sending an email to <webmaster@domain>.) Although this site is running cPanel, WebHost Manager, and Apache software it almost certainly has no other connection to cPanel Inc. or the Apache Group. Please do not send mail about this site or its contents to cPanel Inc. or the Apache Group.
About cPanel:
I got that too. First it was the myq server was off yesterday then today it came up that they were mov ing the server, now I just clicked a link and its not found. I just cashed out for $1 last week and no payment~wonder if its going belly up?
At this time of year, support from hosting compagny maybe slower then ordinary..It's the best time for hacker to attack sites and host.
Not all good people on this earth.
Mtlgold
Not all good people on this earth.
Mtlgold
I don't think the site is folding, nor do i think there is a hacker threat to Donkey. The error is simply a part of moving to another server. Sometimes the transition does not go as smoothly as planned, and the site will lose contact. I have faith, yet not a member, that this site will be back up and running in full force before the first of the year. If it is not, then I would worry about a hack job.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.