They (adult.com) are likely not aware of this, but i would suggest contacting this affliate asap .
http://galleries.adult.com/reality/g...wm=MTgzMjo2OjU
I notice alot of other well know websites that are affiliated with www.tv69.com / sexdirectory.com
like sleazydream and madthumbs
Aliases Trojan.JS.NoClose.e
JS/NoClose.M
JS/Noclose
JS/NoClose.L
JS/NoClose-G hides the browser window and, after 10 minutes, opens a pop-up window.
The pop-up window will typically have a URL located at http://www.tv69.com/ and may contain sexual images or links to adult websites.
A cookie flag is set to prevent the pop-up from being shown more than once in a 24 hour period.
JS/NoClose-G typically arrives on the computer by browsing websites whose HTML pages contain the script.
JS/NoClose-G is not particularly malicious, but its behaviour can be regarded as undesirable.
Name JS/Fortnight-B
Type Worm
JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm.
JS/Fortnight-B sets the following registries:
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab
to "1" and
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL
\DefaultPrefix\
to "http://www.pixpox.com/cgi-bin/click.pl?url="
JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites:
*.mtree.com
ads.sexplanets.com
adultfriendfinder.com
adultmegacash.com
adv.sexcounter.com
amc2.adultmegacash.com
auto.search.msn.com
c.fsx.com
cart.penispill.com
cash.helmy.com
cgi.gammae.com
click.passiondollars.com
click.payserve.com
click.silvercash.com
clickcash.webpower.com
clicks.filthyclicks.com
clicks.nastydollars.com
clicks.oxcash.com
clicks.uni-cash.com
clicks2.oxcash.com
ctc.amateurpages.com
ctc.japanesegirls.com
cybererotica.com
db.fetishcash.com
db.smutcash.com
dollartraffic.com
gotd.stiffycash.com
home.vividvip.com
in.cybererotica.com
in.paycounter.com
join.pibcash.com
link.siccash.com
links.lifetimebucks.com
lobby.sexlist.com
media.fastclick.net
network.nocreditcard.com
network.nocreditcard.com
partner.globill-systems.com
partners.hotgold.com
penismedical.net
php.offshoreclicks.com
php.offshoreclicks.com
porndollar.com
potd.oxcash.com
programs.wegcash.com
rd1.hitbox.com
refer.ccbill.com
referral.topbucks.com
secure.2000charge.com
secure.dpbill.com
secure.dutchbilling.com
secure.ibill.com
secure.pswbilling.com
secure.visionbill.net
secure1.websitebilling.com
select.2000charge.com
stats.allliquid.com
stats1.pussypayments.com
the.sextracker.com
track.oxcash.com
traffic.acpay.com
vip.mtree.com
ww2.amateur-pages.com
ww2.amateur-pages.com
www.1shoppingcart.com
www.adultbucks.com
www.adultmovienetwork.com
www.adultrevenueservice.com
www.albionmedical.com
www.asacp.org
www.babylon-x.com
www.bigpay.com
www.big-penis.com
www.blacksonblondes.com
www.candidclicks.com
www.cashforlink.com
www.ccbill.com
www.clickcash.com
www.clubpix.com
www.cybererotica.com
www.cyberpatrol.com
www.cybersitter.com
www.danni.com
www.deluxepass.com
www.dibill.com
www.dollars4babes.com
www.dollartraffic.com
www.eazybucks.com
www.entertainmentcash.com
www.eroticacash.com
www.eroticcash.com
www.fatclicks.com
www.fatpockets.com
www.freeezinebucks.com
www.freeticketcash.com
www.hawgscash.com
www.herbalbucks.com
www.herbalo.com
www.hpic.com
www.icra.org
www.intergal.com
www.iteens.com
www.lightspeedcash.com
www.makingitpay.com
www.maturemoney.com
www.maximumcash.com
www.morepenis.com
www.mtreexxx.net
www.n69.com
www.nastydollars.com
www.netnanny.com
www.nocreditcard.com
www.oxcash.com
www.penilesecrets.com
www.penismedical.net
www.penispill.com
www.pillmedics.com
www.pillscash.com
www.pillsmoney.com
www.platinumbucks.com
www.pluspills1.com
www.porndollar.com
www.pornstardollars.com
www.rsac.org
www.safesurf.com
www.scoreland.com
www.sexfantasyzone.com
www.sexhit.com
www.signup.globill-systems.com
www.spyglass.com
www.stiffycash.com
www.surfwatch.com
www.thecashzone.com
www.totally4freecash.com
www.trueclicks.com
www.tv69.com
www.twistyscash.com
www.webmastersmakemoney.com
www.xpays.com
www.xxxesscash.com
www2.karupspc.com
www2.seductiveamateurs.com
JS/Fortnight-B exploits a vulnerability in the Microsoft VM ActiveX component.
If an affected web page is opened, a JScript embedded on the page attempts to use the vulnerability in order to drop files on a local drive, change registry keys without the user's knowledge or perform any other malicious action on the local computer.
For more details about the Microsoft VM ActiveX component exception vulnerability please see Microsoft Security Bulletin MS00-075.
http://galleries.adult.com/reality/g...wm=MTgzMjo2OjU
I notice alot of other well know websites that are affiliated with www.tv69.com / sexdirectory.com
like sleazydream and madthumbs
Aliases Trojan.JS.NoClose.e
JS/NoClose.M
JS/Noclose
JS/NoClose.L
JS/NoClose-G hides the browser window and, after 10 minutes, opens a pop-up window.
The pop-up window will typically have a URL located at http://www.tv69.com/ and may contain sexual images or links to adult websites.
A cookie flag is set to prevent the pop-up from being shown more than once in a 24 hour period.
JS/NoClose-G typically arrives on the computer by browsing websites whose HTML pages contain the script.
JS/NoClose-G is not particularly malicious, but its behaviour can be regarded as undesirable.
Name JS/Fortnight-B
Type Worm
JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm.
JS/Fortnight-B sets the following registries:
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab
to "1" and
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL
\DefaultPrefix\
to "http://www.pixpox.com/cgi-bin/click.pl?url="
JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites:
*.mtree.com
ads.sexplanets.com
adultfriendfinder.com
adultmegacash.com
adv.sexcounter.com
amc2.adultmegacash.com
auto.search.msn.com
c.fsx.com
cart.penispill.com
cash.helmy.com
cgi.gammae.com
click.passiondollars.com
click.payserve.com
click.silvercash.com
clickcash.webpower.com
clicks.filthyclicks.com
clicks.nastydollars.com
clicks.oxcash.com
clicks.uni-cash.com
clicks2.oxcash.com
ctc.amateurpages.com
ctc.japanesegirls.com
cybererotica.com
db.fetishcash.com
db.smutcash.com
dollartraffic.com
gotd.stiffycash.com
home.vividvip.com
in.cybererotica.com
in.paycounter.com
join.pibcash.com
link.siccash.com
links.lifetimebucks.com
lobby.sexlist.com
media.fastclick.net
network.nocreditcard.com
network.nocreditcard.com
partner.globill-systems.com
partners.hotgold.com
penismedical.net
php.offshoreclicks.com
php.offshoreclicks.com
porndollar.com
potd.oxcash.com
programs.wegcash.com
rd1.hitbox.com
refer.ccbill.com
referral.topbucks.com
secure.2000charge.com
secure.dpbill.com
secure.dutchbilling.com
secure.ibill.com
secure.pswbilling.com
secure.visionbill.net
secure1.websitebilling.com
select.2000charge.com
stats.allliquid.com
stats1.pussypayments.com
the.sextracker.com
track.oxcash.com
traffic.acpay.com
vip.mtree.com
ww2.amateur-pages.com
ww2.amateur-pages.com
www.1shoppingcart.com
www.adultbucks.com
www.adultmovienetwork.com
www.adultrevenueservice.com
www.albionmedical.com
www.asacp.org
www.babylon-x.com
www.bigpay.com
www.big-penis.com
www.blacksonblondes.com
www.candidclicks.com
www.cashforlink.com
www.ccbill.com
www.clickcash.com
www.clubpix.com
www.cybererotica.com
www.cyberpatrol.com
www.cybersitter.com
www.danni.com
www.deluxepass.com
www.dibill.com
www.dollars4babes.com
www.dollartraffic.com
www.eazybucks.com
www.entertainmentcash.com
www.eroticacash.com
www.eroticcash.com
www.fatclicks.com
www.fatpockets.com
www.freeezinebucks.com
www.freeticketcash.com
www.hawgscash.com
www.herbalbucks.com
www.herbalo.com
www.hpic.com
www.icra.org
www.intergal.com
www.iteens.com
www.lightspeedcash.com
www.makingitpay.com
www.maturemoney.com
www.maximumcash.com
www.morepenis.com
www.mtreexxx.net
www.n69.com
www.nastydollars.com
www.netnanny.com
www.nocreditcard.com
www.oxcash.com
www.penilesecrets.com
www.penismedical.net
www.penispill.com
www.pillmedics.com
www.pillscash.com
www.pillsmoney.com
www.platinumbucks.com
www.pluspills1.com
www.porndollar.com
www.pornstardollars.com
www.rsac.org
www.safesurf.com
www.scoreland.com
www.sexfantasyzone.com
www.sexhit.com
www.signup.globill-systems.com
www.spyglass.com
www.stiffycash.com
www.surfwatch.com
www.thecashzone.com
www.totally4freecash.com
www.trueclicks.com
www.tv69.com
www.twistyscash.com
www.webmastersmakemoney.com
www.xpays.com
www.xxxesscash.com
www2.karupspc.com
www2.seductiveamateurs.com
JS/Fortnight-B exploits a vulnerability in the Microsoft VM ActiveX component.
If an affected web page is opened, a JScript embedded on the page attempts to use the vulnerability in order to drop files on a local drive, change registry keys without the user's knowledge or perform any other malicious action on the local computer.
For more details about the Microsoft VM ActiveX component exception vulnerability please see Microsoft Security Bulletin MS00-075.
~¤~ 
Comment