AGD Virus ...

Engineer

Engineer

Super Moderator
Joined
Dec 14, 2006
Messages
3,210
Reaction score
400
I went to the homepage just now and got a warning from Nod32. See attachment...

I pasted the full details from Nod32 below.

xhttp://www.adservingmedia.org/exploits/JavaSignedApplet.jar probably a variant of Java/TrojanDownloader.OpenStream.NAN trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files (x86)\Java\jre6\bin\java.exe.

and

xhttp://www.adservingmedia.org/exploits/JavaSignedApplet.jar » ZIP » SiteFormatHelper.class probably a variant of Java/TrojanDownloader.OpenStream.NAN trojan
 

Attachments

  • agd2.gif
    agd2.gif
    5.8 KB · Views: 78
A

Aussie-Dave

Former AGD Member
Joined
Nov 24, 2007
Messages
684
Reaction score
3
I'm getting it too.

Also when the page loads in FF it actions Java which opens its quick access icon tools bar in XP (you know where the clock etc is).

It's something to do with the top banner, it says "Not Found" where the banner is supposed to display.


Cheers

:)

Dave
 

Attachments

  • topbanner.jpg
    topbanner.jpg
    18.7 KB · Views: 30
J

jimmiet

Affiliate Guard Dog Member
Joined
Aug 29, 2010
Messages
26
Reaction score
0
No Problem

I come directly to the forum and I have no alerts
 
dominique

dominique

Certification Member
Joined
Dec 18, 2006
Messages
1,072
Reaction score
6
You better hurry and pull that, before google picks it up and marks you as malware site. They do that now.
 
Guard Dog

Guard Dog

Guard Dog
Staff member
Joined
Dec 13, 2006
Messages
11,355
Reaction score
3,179
It's fixed. Would have fixed it yesterday, but was too busy unloading my insides into the toilet. Fun times.

It was not the banner or the '404 Not Found' (that obviously means nothing was found, so that couldn't have been it... made me laugh) :)

Someone hacked the FTP in order to insert that little piece of very strange code (all regex stuff). I have increased security and verified that no other such files are on the server.
 
S

Simmo!

Affiliate Guard Dog Member
Joined
Sep 16, 2008
Messages
177
Reaction score
5
Just got this Andy :( On the homepage.
 

Attachments

  • agdvirus.jpg
    agdvirus.jpg
    19.1 KB · Views: 54
dominique

dominique

Certification Member
Joined
Dec 18, 2006
Messages
1,072
Reaction score
6
Mine too! Just as the page loads.
 
Perc

Perc

Affiliate Guard Dog Member
Joined
Aug 24, 2010
Messages
195
Reaction score
19
I got this a couple hours ago on the forums

Code: 
Object: hxxp://cazesem.co.cc/x33/pdf.php?h=
Infection: JS:pdfka-AKC [Expl]
 
Holland87

Holland87

Affiliate Guard Dog Member
Joined
Mar 17, 2009
Messages
59
Reaction score
0
I received what Simmo! received opening the forum just now.
 
Webzcas

Webzcas

Affiliate Guard Dog Member
Joined
Nov 13, 2008
Messages
505
Reaction score
363
Someone hacked the FTP in order to insert that little piece of very strange code (all regex stuff). I have increased security and verified that no other such files are on the server.
Click to expand...

Hmm I don't think the ftp was hacked Andy. More likely an injection due to the code being used.

Ping me on MSN when you come online, as obviously I will need to increase protection for AGD on the firewall. Also so we can roll back the code, prior to the attack/hack.
 
Perc

Perc

Affiliate Guard Dog Member
Joined
Aug 24, 2010
Messages
195
Reaction score
19
This is now a reported attack site... :(
 
dominique

dominique

Certification Member
Joined
Dec 18, 2006
Messages
1,072
Reaction score
6
seems fine now...
 
TheGamblingGuru

TheGamblingGuru

Turning Over Stones
Joined
Jan 23, 2009
Messages
1,052
Reaction score
25
IE has vulnerabilities anyway but FF still shows the forum page as an attack site with this warning and here is the Diagnostic page for affiliateguarddog.com/forums as well:

Google Safe Browsing diagnostic page for affiliateguarddog.com/forums

http://i843.photobucket.com/albums/zz358/TheGamblingGuru/AGDForumAttackPage.jpg

Malicious software is hosted on 1 domain(s), including cazesem.co.cc/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including dofyxim.co.cc/.



____
____
 
Last edited:
Webzcas

Webzcas

Affiliate Guard Dog Member
Joined
Nov 13, 2008
Messages
505
Reaction score
363
Yep it will do Rob, as it has been reported as an attack site. Andy, needs to contact google to request a review.

Is your local AV software picking up anything?

TheGamblingGuru said:
IE has vulnerabilities anyway but FF still shows the foum page as an attack site with this warning and here is the Diagnostic page for affiliateguarddog.com/forums as well:

Google Safe Browsing diagnostic page for affiliateguarddog.com/forums

http://i843.photobucket.com/albums/zz358/TheGamblingGuru/AGDForumAttackPage.jpg

Malicious software is hosted on 1 domain(s), including cazesem.co.cc/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including dofyxim.co.cc/.



____
____
Click to expand...
 
TheGamblingGuru

TheGamblingGuru

Turning Over Stones
Joined
Jan 23, 2009
Messages
1,052
Reaction score
25
Webzcas said:
Yep it will do Rob, as it has been reported as an attack site. Andy, needs to contact google to request a review.

Is your local AV software picking up anything?
Click to expand...

I'm using AVG Dave and it's not picking up anything...just the FF browser.

____
____
 
You must log in or register to reply here.
Top