Kaspersky Anti Virus - Malicious Software?, page 1

This topic is in the Board Business & Questions discussion forum. (rss)

Kaspersky Anti Virus - Malicious Software?

Topic started on 3-12-2008 @ 06:53 PM by panda319
I didn't know quite where to put this, but it seems my Kaspersky Anti-Virus program has been detecting attempts to download malicious software when I visit threads on ATS. I'm assuming it's ads or something... tinypic.com... Edited title since the malicious URL is not an ATS IP. [edit on 3-12-2008 by SkepticOverlord]
copyright & usage
Click here for more Board Business & Questions topics Hot Topics \| Top Topics \| This Week \| Subscribe \| Home
reply posted on 3-12-2008 @ 09:30 PM by SkepticOverlord
I've been hitting that and several threads for the past 20 minutes, on Windows, with very sensitive anti-virus and firewall settings with no issues. The IP indicated by Kaspersky is not one of our IP addresses. I also visited the indicated URL: 85.17.238.144/74812/ ## IMPORTANT -- members who are not confident in their computer security should not visit that URL ## The page and server contains dynamic code and delivers blank content for Mac and Linux users. However, it does indeed attempt to load malicious code through a hidden iFrame. Can you get the actual Kaspersky logs that indicate the event? It should show what triggered the attempt to hit that URL, and from there we can investigate further. Also, if you Google the IP, at least one other person has found it to be of malicious intent. realsecurity.wordpress.com... [edit on 3-12-2008 by SkepticOverlord]
copyright & usage

reply posted on 3-12-2008 @ 09:31 PM by Shugo
[Removed, per Bills post above.] [edit on 3.12.2008 by Shugo]
copyright & usage

reply posted on 3-12-2008 @ 09:45 PM by mrwupy
I hope Kaspersky is OK. My company just dumped Norton and made Kaspersky our default protection. I can't do my job without my computer.
copyright & usage
AboveTopSecret.com is advertising supported.
reply posted on 4-12-2008 @ 01:51 AM by lordtyp0
The IP shown is an Netherlands IP. Click here and run the "test my dns" button, if that gives a vuln hit. Change your dns server, wouldnt hurt to kick your admins an email telling them. A few DNS servers: 4.2.2.2 (verizon) 209.210.176.8 (sisna) 209.210.176.9 (sisna)
copyright & usage

reply posted on 4-12-2008 @ 02:16 AM by AgentOrangeJuice
The file on that server, 85.17.238.144/74812/, b.php, is not a virus. Its just messed up code left over from something. From what I can see something to do with streaming and java likely for some flash ad. Its not harmful it just gets detected as something unknown because its messed up and incomplete and also tries to make you download it. Although Firefox didn't even offer to DL it only IE7 did. You could always complain to the people who own it. Please send email to "abuse@leaseweb.com" for complaints regarding portscans, DoS attacks and spam.
copyright & usage