avast screen shots

Discussion in 'Test Forum' started by Page42, Dec 8, 2010.

Thread Status:
Not open for further replies.
  1. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I just encountered this while navigating Wilders...
     

    Attached Files:

  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    Page42, just ran the URL via URLVoid and it is suspicious. Re: http://www.urlvoid.com/scan/ssmmbb.com

    Don't see a Wilders connection, but can you recall what forum/page/post you were navigating to/from when this occurred?
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I think it was the page that shows at the bottom of the Web Shield screenie...
    (I took this screen capture a moment before the one above).

    Edit in: That would be hxxp://www.wilderssecurity.com/clientscript/vbulletin_md5.js
    I guess.

    Hey, I have to leave my computer for awhile.
    I'll check back.
    I just wanted you guys to see what I was seeing, in case there is something wrong, or something that can be done.
     

    Attached Files:

    Last edited: Dec 8, 2010
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    Page42, I don't see that JavaScript file! I have the JSView FF add-on and these are the six that are listed for this thread:

    vbulletin_global.js | vbulletin_inlinemod.js | vbulletin_menu.js

    vbulletin_quick_edit.js | vbulletin_quick_reply.js | vbulletin_textedit.js
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    There is nothing here associated with "ssmmbb.com". A full scan of our server also shows no links to that site. All I can think is that you have some infection or something not related to this forum.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I can see it

     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    "vbulletin_md5.js" is a javascript file that encodes password hashes before transmitting them over the Internet. It is a part of this forum. However, there is nothing wrong with that file.

    In post #1, Page shows that the alert occurs on the "index.php" page... See the last image in his first post...

    But, a couple posts later it is:

     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I didn't mean to say that wilderssecurity is infected. Just meant to let JRViejo know that that "vbulletin_md5.js" does exist. That's all. :)
     
  9. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    m00nbl00d, yes, I see it when I'm logged off and that might be a clue for Page42.

    I concur with LowWaterMark, there's nothing malicious in that JS file.
     
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Great. Sorry for bringing it up.
    As for your question, "which is it?", I wrote in my 2nd post on this thread, "(I took this screen capture a moment before the one above)", thus trying to assign sequence to the three images I posted. The image in the 2nd post (the one showing the clientscript/vbulletin_md5.js) was what was displaying on my avast Web Shield immediately after seeing the avast infection dialog.
    And yes, I believe that I was logging into Wilders.
    As far as my system having the problem, that might well be, but my security application scans (MBAM and Hitman Pro) are showing clean. avast aborted the connection, so I am confident that my computer is not infected.

    I know next to nothing about what happens to cause my security apps to trigger an alert. I just report to you what I saw and what I was doing.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    And for the record, that is not the case.
    The only flag I got was on that one page and that one time.
    I posted what I was seeing, and that was it.
    Nothing else is or was being flagged.
     
  12. Rtvn3

    Rtvn3 Registered Member

    Joined:
    Dec 9, 2010
    Posts:
    1
    This is very interesting, I came across the same thing while i was checking out a bands myspace page

    i go to their myspace, their pages loads up

    All of a sudden i got a pop up in firefox asking me if i wanted to download a .php file from ssmmbb.com

    Obviously i exited the window, But did i dodge the bullet?

    I don't remember the url.

    :thumbd:
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I just checked URLVoid again, and TrendMicro is now detecting ssmmbb.com as infected.
    "This URL is currently listed as malicious."
     
  14. Rtvn3

    Rtvn3 Registered Member

    Joined:
    Dec 9, 2010
    Posts:
    1
    so what can i do? does that mean i man infected?

    did i dodge the bullet?:blink:
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No. not necessarily. If your PC is behaving normal, and you get no re-directions to other websites, no need to worry.

    And as you say, you didn't actually install what ever it wanted you to install.
    So you made the right choice there.

    But to be on the sure side you could download Hitman Pro and make a scan with it to see if it finds anything. http://www.surfright.nl/en/downloads
     
Thread Status:
Not open for further replies.