Right click/Save as causes trojans

Discussion in 'other software & services' started by TrBot, Mar 16, 2005.

Thread Status:
Not open for further replies.
  1. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    I was at a fairly ok site, looking for a basic html background. I found a real simple one and saved it (right click save as). Anyways, once I had saved it, A toolbar installation appeared out of nowhere, and I also had a LOT of trojan/spywares (which I very rarely get)..

    And then I couldn't sign into MSN:

    http://www.geocities.com/malx75/error.PNG

    First of all I use Firefox, not IE, and second it had NEVER come up with that before



    AND:

    Microsoft Antispy picked these up:
    VX2.Transponder Browser Plug-in Severe threat
    LinkReplacer Browser Plug-in Severe threat
    NCase Browser Modifier Severe threat
    ATGames Adware High threat
    Trojan.Startup.Xhrmy Trojan High threat
    DownloadWare High threat
    EUniverse Updater Browser Modifier High threat
    FavoriteMan Browser Plug-in High threat
    WhenUSearch Moderate threat

    I had no spyware before this as I had done a scan this morning..

    I am just wondering why it is unsafe to right click a simple html bordered background and end up with all that? Please can someone inform me why thi sis?

    All the background was was a simple grey bar on a white page lol.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please send me a PM (Private Message) with the website that you went to.

    Cheers :D
     
  3. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    Last edited by a moderator: Mar 16, 2005
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    When I try to download I get:

    Error connecting to site

    The Proxomitron couldn't connect to...
    dl.XXXscreensavers.com/dl.php?bordersbg0001.zip+Other
    The site may be busy or the web server may be down



    This is because it is in HPGuru's Hosts File as a bad site: XXXscreensavers.com

    Connection is refused.

    Hope this helps...

    Cheers :D

    PS. I have swapped aaa for XXX in the above links.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It's not always the case and many simply click and go....but anytime I can FTP into a site or see a directory listing by backing up the url....I become very skiddish :eek:

    Also....is that thumbnail you are showing above the border that is displayed in the top left corner of that page ?

    If so....when you Saved As....do you mean you saved the bordersbg0001.exe executable ? It's definetly loaded with goodies as are the first 4 borders that I downloaded according to Jotti's malware scan :ninja:
     

    Attached Files:

  6. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    I right clicked and "saved image as". I saved as "grey.jpg"

    The element properties were:

    http://www.free-backgrounds.com/thumbnails/borders/thumb0001.gif

    LOL all I wanted was a basic background lol.

    Oh lol it showed different trojans for you than it did me!
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With my setup I couldn't even get there :D


    Technodrome found that KAV flagged it (bordersbg0001.exe) as:

    not-a-virus:AdWare.180Solutions

    not-a-virus:AdWare.SaveNow.z

    Backdoor.Win32.Ruledor.f

    Trojan-Downloader.Win32.Mudrop.o

    Cheers :D
     
  8. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    Thanks for your help BSpear..say why did you get a different assortment of trojans to me?
     
Loading...
Thread Status:
Not open for further replies.