Page42, just ran the URL via URLVoid and it is suspicious. Re: http://www.urlvoid.com/scan/ssmmbb.com Don't see a Wilders connection, but can you recall what forum/page/post you were navigating to/from when this occurred?
I think it was the page that shows at the bottom of the Web Shield screenie... (I took this screen capture a moment before the one above). Edit in: That would be hxxp://www.wilderssecurity.com/clientscript/vbulletin_md5.js I guess. Hey, I have to leave my computer for awhile. I'll check back. I just wanted you guys to see what I was seeing, in case there is something wrong, or something that can be done.
Page42, I don't see that JavaScript file! I have the JSView FF add-on and these are the six that are listed for this thread: vbulletin_global.js | vbulletin_inlinemod.js | vbulletin_menu.js vbulletin_quick_edit.js | vbulletin_quick_reply.js | vbulletin_textedit.js
There is nothing here associated with "ssmmbb.com". A full scan of our server also shows no links to that site. All I can think is that you have some infection or something not related to this forum.
"vbulletin_md5.js" is a javascript file that encodes password hashes before transmitting them over the Internet. It is a part of this forum. However, there is nothing wrong with that file. In post #1, Page shows that the alert occurs on the "index.php" page... See the last image in his first post... But, a couple posts later it is:
I didn't mean to say that wilderssecurity is infected. Just meant to let JRViejo know that that "vbulletin_md5.js" does exist. That's all.
m00nbl00d, yes, I see it when I'm logged off and that might be a clue for Page42. I concur with LowWaterMark, there's nothing malicious in that JS file.
Great. Sorry for bringing it up. As for your question, "which is it?", I wrote in my 2nd post on this thread, "(I took this screen capture a moment before the one above)", thus trying to assign sequence to the three images I posted. The image in the 2nd post (the one showing the clientscript/vbulletin_md5.js) was what was displaying on my avast Web Shield immediately after seeing the avast infection dialog. And yes, I believe that I was logging into Wilders. As far as my system having the problem, that might well be, but my security application scans (MBAM and Hitman Pro) are showing clean. avast aborted the connection, so I am confident that my computer is not infected. I know next to nothing about what happens to cause my security apps to trigger an alert. I just report to you what I saw and what I was doing.
And for the record, that is not the case. The only flag I got was on that one page and that one time. I posted what I was seeing, and that was it. Nothing else is or was being flagged.
This is very interesting, I came across the same thing while i was checking out a bands myspace page i go to their myspace, their pages loads up All of a sudden i got a pop up in firefox asking me if i wanted to download a .php file from ssmmbb.com Obviously i exited the window, But did i dodge the bullet? I don't remember the url.
I just checked URLVoid again, and TrendMicro is now detecting ssmmbb.com as infected. "This URL is currently listed as malicious."
No. not necessarily. If your PC is behaving normal, and you get no re-directions to other websites, no need to worry. And as you say, you didn't actually install what ever it wanted you to install. So you made the right choice there. But to be on the sure side you could download Hitman Pro and make a scan with it to see if it finds anything. http://www.surfright.nl/en/downloads
