astrangemix
Jun 23 2008, 02:02 PM
adtris/com/portal php?
this site has a worm: IRC:Malware-gen
I have found it twice in the past few days; buxear/com (I have checked the link a few times over the past 24hrs and it's always there) and again just now on a personal page advertsing linkgrand lpbtv/cn/linkgrand/htm
sophieca
Jun 23 2008, 02:19 PM
My antivirus stopped it as well more than once lately but I never succeeded in figuring out where it came from
wagdoll
Jun 23 2008, 03:31 PM
I can see an autosearch on adtris but don't see a virus on there.
The Chinese linkgrand ad page is full of nasties. It has some autosearches on there and it has pay-ads. Pay-ads has been known to have viruses before, I have it in adblock so I can't see what exactly is in it at the moment.
buxear also has pay-ads, so that must be where the virus is coming from.
astrangemix
Jun 23 2008, 03:53 PM
it could very well be pay-ads. when I first checked buxear yesterday I ran it through jutaky's detector which didn't find any hidden iframes but did list a pay-ads link I thought was suspicious looking so I clicked it and got the worm report. the detector is inaccessible to me today so the info I reported is what avast told me I was encountering when I clicked on both links; Sign of "IRC:Malware-gen" has been found in " adtris/com/portal/php?ref=seo2007\unp#" file
and the #s are different for each instance
243671267
90773008
131796915
and so on, maybe a filing system of Avast's
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.