It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

ALL MEMBERS: Virus/Trojan Alerts on ATS...

page: 1
0
<<   2  3 >>

log in

join
share:

posted on Aug, 13 2006 @ 12:05 PM
link   
We've had reports that some members were getting anti-virus alarms for two possible old Windows exploits--
WMF exploits
Java virtual machine (JVM) exploits

In both cases, these are rather old trojans/virus that have minimal known damage potential, and anyone with an updated Windows operating system will be fine. However, many virus alert systems will still warn you of the presence of these two.

It appears (based on the information we have for now) that one of our ad networks has an infected 728x90 "leaderboard" ad. These appear at the top and bottom of every page. We've disabled these ads until we can engage in a little better research as to what is the cause.

If you still encounter virus alerts, please let us know through the complain form.

Thank you.




posted on Aug, 13 2006 @ 12:06 PM
link   
On other item...

Any members who feel capable of helping to track down the offending advertiser and ad, please let myself or Springer know.

Thanks.



posted on Aug, 13 2006 @ 12:09 PM
link   
Wow, I didnt know that this was around, thatnks for telling us. I use windows 98, Am i at a higher risk than other members?



posted on Aug, 13 2006 @ 12:10 PM
link   
I got those picked up this morning and last night. I'll check my logs to see if I can find anyhting.



posted on Aug, 13 2006 @ 12:17 PM
link   
4FEFMNUX\exp[1]windowsmetafile In my temporary Internet files caused one instance.

[edit on 13-8-2006 by Kellter]



posted on Aug, 13 2006 @ 12:20 PM
link   
4FEFMNUX\exp[1]windowsmetafile
0LUV2J01\exp[1]windowsmetafile

Bth of these were blocked also for bloodhound exploit 56.

The word windowsmetafile is actually wmf, code is posting entired word for aome reason.


[edit on 13-8-2006 by Kellter]

[edit on 13-8-2006 by Kellter]



posted on Aug, 13 2006 @ 01:06 PM
link   
Yep, I've come across it too. I'll check through my logs and see what I had found. I didn't know if it was from an ATS ad or not as I had a bunch of windows open. But it was a WMF file and at least that is now explained. I'll keep an eye out and thank you for letting us know it was coming from an advert here.



posted on Aug, 13 2006 @ 01:09 PM
link   
I had that happen, too. McAfee took care of it for me, so no big deal. I also wasn't sure that it was related to this site.



posted on Aug, 13 2006 @ 01:14 PM
link   
I got another one just a while ago and was going to send a u2u but I see you are looking into it, so

Is there perhaps something from my AntiVirus logs or IE Cache that would help you guys track it down? I don't know if it helps but it started last night.



posted on Aug, 13 2006 @ 01:26 PM
link   
The best thing we can do is find the actual ad banner and agency its coming from.

A URL would be ideal.

IE (Right Click -> Properties -> Address)

IE (Right Click -> Copy Shortcut)



posted on Aug, 13 2006 @ 02:09 PM
link   
I got hit with it twice yesterday.
Both times it was Bloodhound.Exploit.56

My Norton notified me that the file couldn't be repaired and that access was denied.

Temporary Internet Files/Content.IE5\6BOND672\exp[1]windowsmetafile

Couldn't get a url on it but was able to find out that expected damage was low and it's supposed to be easy to get rid of.

Here's a copy of what it said.

Bloodhound.Exploit.56Risk Level 1: Very LowPrinter Friendly Page
SUMMARY TECHNICAL DETAILS Discovered: December 27, 2005
Updated: February 10, 2006 02:47:15 PM ZW3
Type: Trojan Horse, Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows Server 2003, Windows XP


Bloodhound.Exploit.56 is a heuristic detection for the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability (as described in Microsoft Security Bulletin MS06-001).


Note: Bloodhound.Exploit.56 is designed to identify behavior that would occur if the Microsoft Windows Graphics Rendering Engine WMF Format Unspecified Code Execution Vulnerability (as described in Microsoft Security Bulletin MS06-001) is exploited. As Symantec becomes aware of changes to the exploit code, or if files are identified that trigger this detection but are not malicious, the detection is refined. It is important to keep your definitions up to date to ensure the most complete protection.

Behavior


Symptoms


Transmission


ProtectionVirus Definitions (LiveUpdate™ Weekly) December 28, 2005
Virus Definitions (Intelligent Updater) December 28, 2005
Threat AssesmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low


This is what I found looking under properties.

HyperText Protocol
type- HTML Document
connection- Not Encrypted.

.



posted on Aug, 13 2006 @ 02:38 PM
link   
I got a screenshot of the virus alert on the page I got it from, does this help?



I have a high res color copy of it as well if you guys need it.

Nice to see you posting Simon, I thought you were a myth


[edit on 13-8-2006 by twitchy]



posted on Aug, 13 2006 @ 04:42 PM
link   

Originally posted by twitchy
Nice to see you posting Simon, I thought you were a myth



I tend to hide in the Area 51/Facilities forum...



posted on Aug, 13 2006 @ 05:33 PM
link   
Secure, Disclosed Location


Originally posted by SimonGray
I tend to hide in the Area 51/Facilities forum...

It's the only forum with the necessary cryogenic and hyperbaric facilities.


Meanwhile, though it's irritating as hell to see something like this come to ATS in such a fashion, I just want to remind all members that it's always a good idea to keep your operating system updated regardless of what else may be going on.

Current, up-to-date and fully patched versions of Windows XP are not vulnerable to this exploit, and I believe that is true of most other versions.

So if you haven't already, I recommend visiting update.microsoft.com... and making sure your copy of Windows is up to date -- just in case.



posted on Aug, 13 2006 @ 05:52 PM
link   
When I click on the AD link for www.alltheufoanswers.com I get an error message and it shuts down and closes all the sessions I had open.

I tried it on my home PC and 3 differant PCs at work. Get the same error message and same problems on all 4 PCs.


Anyone else having problems like this?



posted on Aug, 13 2006 @ 07:27 PM
link   
FWIW, yesterday I was on here and FireFox decided it was going to download a WMF. I canceled it, but it struck me as really odd since it wasn't from clicking a link or anything. The IP address I got from it was 64.34.181.51, and running a tracert on it told me the IP address was for server2.searchplain.com. I tried going to both server2.searchplain.com and searchplain.com (without server2), and all I got was a plank page, no 404 or anything.

Don't know if it's relevant or anything, hope it helps somehow though.



posted on Aug, 13 2006 @ 09:18 PM
link   
Thanks for the info...


It did not occur to me to report the specific ads I had at each of those events.

I'll be sure to check next time if it happens yet again.



posted on Aug, 13 2006 @ 09:24 PM
link   
Is the fact that every time i try to refresh a page on ATS i get a message saying your trying to download a ActiveX control from apple on to my PC?

Here is a S/S:




posted on Aug, 13 2006 @ 09:26 PM
link   
I got a PUP from the ad that had the guy jumping out in front of the bus, I think it was a video site.



posted on Aug, 13 2006 @ 09:28 PM
link   

Originally posted by picklewalsh
Is the fact that every time i try to refresh a page on ATS i get a message saying your trying to download a ActiveX control from apple on to my PC?

Here is a S/S:



I got that too this morning along with a trojan......



new topics

top topics



 
0
<<   2  3 >>

log in

join