"Newspaper Virus"

Discussion in 'ESET NOD32 Antivirus' started by djackino, Mar 21, 2011.

Thread Status:
Not open for further replies.
  1. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    I have twice picked up malware viruses from reputable newspaper sites just by clicking on a story link. The viruses were not picked up by real-time ESET NOD scanner. These malware viruses have been of the type "Your computer is infected" and then a "scanning box" comes up and "scans" the system in 5 seconds, finding "alleged viruses" - the boxes cannot be closed by the usual methods.

    Both times I was able to get into task manager, kill all the iexpore processes, and (in one case) remove the offending registry entries in the RUN and RUNONCE folders. Nothing else running looked suspicious.

    I immediately did a full scan and nothing is found. I am running ESET 4.0.424.0, Virus Defs current at 5971, Windows XP SP 3.

    Is it possible the newspaper's website is infected and pushing down viruses by clicking on a story link?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Everything's possible. Please submit the suspicious file to ESET as per the instructions here.
     
  3. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    I don't have any suspicious file to submit.

    Edit: Nothing was found by ESET and there wasn't any odd DLLs running under task manager.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you share a link to the newspaper in question? For security reasons, use an obfuscated form where "http:" will be replaced with "hxxp:".
     
  5. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    hxxp://www.XXXXXXXXXXXX.com - the story that loaded the malware was on a fire at the Phoenicia library.
    Snip: url noted and removed from here
     
    Last edited by a moderator: Mar 21, 2011
Thread Status:
Not open for further replies.