GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Be careful with IE6 - spotted trojan/security flaw (https://gfy.com/showthread.php?t=846393)

perfectodollars-gabrio 08-07-2008 05:15 AM
Be careful with IE6 - spotted trojan/security flaw
 
hi

to make a long story short, yesterday i was checking out my site www.gabrio.com (that is perfectly clean) but for some reason i had an infection on my machine, still running IE6 and that one called a trojan horse in some way when i was checking out my website BUT the infection wasn't on the website, it was just a 'way' for triggering the malware and fucking up my computer, now after lots of cleaning and checking, i upgraded IE to version 7 yeah i still had the 6th and everything works.. anyway this was a report of the malware scan,. if that can help, look at the bottom

Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 5.1.2600 Service Pack 3

8.15.27 07/08/2008
mbam-log-8-7-2008 (08-15-25).txt

Scan type: Quick Scan
Objects scanned: 42649
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\buritos (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\braviax (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Gabrio\Local Settings\Temporary Internet Files\Content.IE5\I6NDXU2R\Install[1].exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\buritos.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Gabrio\Local Settings\Temp\us0105.exe (Trojan.Agent) -> No action taken.


summing up.. BE FUCKING CAREFUL!!!!!

perfectodollars-gabrio 08-07-2008 05:18 AM
and after checking out the HTML (but not the one that resides on the server) but doing "view source" when i had the site in front of me, i found this line:

<scripr> vars '2324320942390890829d823dE3294832904823DE329048203 94809328430292343298048290342903var 0='';

and lots of other stuff.. i can't write it all since i printed it and i can't have it going on again (hopefully)


All times are GMT -7. The time now is 07:56 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123