Alf Blume wrote:
>
http://isg25.casalemedia.com/V2/40937/43147/
...<!-- AUTO_PROMPT AD START -->
<script language="JavaScript" type="text/JavaScript"
src="
http://install.xxxtoolbar.com/ist/scripts/prompt.php?event_type=onload&recurrence=random&retry=3&loadfirst=1&account_id=138770&signature=cracks">
<script language="JavaScript">self.focus();</script><!-- AUTO_PROMPT AD
END -->...
Man prøver at installere en toolbar, 0006_cracks.cab
Når jeg scanner cab filen får jeg:
AntiVir Found TR/Dldr.IstBa.DLL.B
ArcaVir Found Trojan.Downloader.Istbar.Gen.58828.MX
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.Isbar.324
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.IstBar.gen
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Downloader.Win32.IstBar.gen
AntiVir 6.31.1.0 08.05.2005 TR/Dldr.IstBa.DLL.B
Avast 4.6.695.0 08.05.2005 no virus found
AVG 718 08.04.2005 no virus found
Avira 6.31.1.0 08.05.2005 no virus found
BitDefender 7.0 08.07.2005 no virus found
CAT-QuickHeal 7.03 08.07.2005 TrojanDownloader.IstBar.gen
ClamAV devel-20050725 08.06.2005 no virus found
DrWeb 4.32b 08.06.2005 Trojan.Isbar.324
eTrust-Iris 7.1.194.0 08.06.2005 no virus found
eTrust-Vet 11.9.1.0 08.05.2005 no virus found
Fortinet 2.36.0.0 08.05.2005 Adware/IstBar
F-Prot 3.16c 08.05.2005 no virus found
Ikarus 0.2.59.0 08.05.2005 no virus found
Kaspersky 4.0.2.24 08.07.2005 Trojan-Downloader.Win32.IstBar.gen
McAfee 4551 08.05.2005 potentially unwanted program Adware-RBlast
NOD32v2 1.1187 08.05.2005 no virus found
Norman 5.70.10 08.05.2005 no virus found
Panda 8.02.00 08.06.2005 no virus found
Sophos 3.96.0 08.06.2005 no virus found
Sybari 7.5.1314 08.07.2005 no virus found
Symantec 8.0 08.06.2005 no virus found
TheHacker 5.8.2.081 08.07.2005 no virus found
VBA32 3.10.4 08.05.2005 Trojan-Downloader.Win32.IstBar.gen
Det lyder som den scanning du selv har kørt.
Jeg gætter dog på at cab filen bliver cachet og du derefter skal svare
"ja" for at installere denne...din scanner vil så se cache filen, uden
det dog normalt er et problem.
CAB filen er forresten underskrevet med et gyldigt digital signatur.
> og
>
>
http://www.errorguard.com/?a=25268-23
<html>^M
<head><title>Warning</title></head>^M
<body topmargin=0 leftmargin=0>^M
<a
href="
http://c.casalemedia.com/c?f=3&id=1&url=aHR0cDovL3d3dy5lcnJvcmd1YXJkLmNvbS8/YT0yNTI2OC0yMw==
&c=40937" target="_blank" ><img src="errorguard-wizzardb.gif"
width="720" height="300" border="0"></a>^M
</body></html>
Der bliver vist et billed.
Når jeg scanner billedet får jeg
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
> Spywareinstaller eller virus?
> - nogen der tør prøve?
> jeg lukkede pop-up siderne (pop-ups skulle nu være blokerede i forvejen),
> men genfandt adresserne via history . . .
>
> Spywareblaster fandt en "Microsoft Anti-virus Override", som blev slettet.
Hvor lå denne...i en 0006_cracks.cab fil?
> Derefter alle scans uden nogen bemærkninger.
Er det det eneste der skal til før man tror man har malware?