Right click/Save as causes trojans

Discussion in 'other software & services' started by TrBot, Mar 16, 2005.

Thread Status:
Not open for further replies.
  1. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    I was at a fairly ok site, looking for a basic html background. I found a real simple one and saved it (right click save as). Anyways, once I had saved it, A toolbar installation appeared out of nowhere, and I also had a LOT of trojan/spywares (which I very rarely get)..

    And then I couldn't sign into MSN:

    http://www.geocities.com/malx75/error.PNG

    First of all I use Firefox, not IE, and second it had NEVER come up with that before



    AND:

    Microsoft Antispy picked these up:
    VX2.Transponder Browser Plug-in Severe threat
    LinkReplacer Browser Plug-in Severe threat
    NCase Browser Modifier Severe threat
    ATGames Adware High threat
    Trojan.Startup.Xhrmy Trojan High threat
    DownloadWare High threat
    EUniverse Updater Browser Modifier High threat
    FavoriteMan Browser Plug-in High threat
    WhenUSearch Moderate threat

    I had no spyware before this as I had done a scan this morning..

    I am just wondering why it is unsafe to right click a simple html bordered background and end up with all that? Please can someone inform me why thi sis?

    All the background was was a simple grey bar on a white page lol.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please send me a PM (Private Message) with the website that you went to.

    Cheers :D
     
  3. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    Last edited by a moderator: Mar 16, 2005
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    When I try to download I get:

    Error connecting to site

    The Proxomitron couldn't connect to...
    dl.XXXscreensavers.com/dl.php?bordersbg0001.zip+Other
    The site may be busy or the web server may be down



    This is because it is in HPGuru's Hosts File as a bad site: XXXscreensavers.com

    Connection is refused.

    Hope this helps...

    Cheers :D

    PS. I have swapped aaa for XXX in the above links.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It's not always the case and many simply click and go....but anytime I can FTP into a site or see a directory listing by backing up the url....I become very skiddish :eek:

    Also....is that thumbnail you are showing above the border that is displayed in the top left corner of that page ?

    If so....when you Saved As....do you mean you saved the bordersbg0001.exe executable ? It's definetly loaded with goodies as are the first 4 borders that I downloaded according to Jotti's malware scan :ninja:
     

    Attached Files:

  6. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    I right clicked and "saved image as". I saved as "grey.jpg"

    The element properties were:

    http://www.free-backgrounds.com/thumbnails/borders/thumb0001.gif

    LOL all I wanted was a basic background lol.

    Oh lol it showed different trojans for you than it did me!
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With my setup I couldn't even get there :D


    Technodrome found that KAV flagged it (bordersbg0001.exe) as:

    not-a-virus:AdWare.180Solutions

    not-a-virus:AdWare.SaveNow.z

    Backdoor.Win32.Ruledor.f

    Trojan-Downloader.Win32.Mudrop.o

    Cheers :D
     
  8. TrBot

    TrBot Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    139
    Thanks for your help BSpear..say why did you get a different assortment of trojans to me?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.