Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

search global security site

3 views
Skip to first unread message

russg

unread,
Nov 3, 2009, 6:09:30 PM11/3/09
to
Surfing CNN and the transit strike, I went to a page that showed a
loading picture
and frames that it had found viruses.
I paniced and ctrl-alt-delete and stopped Firefox to get out of it.
I then restarted Firefox and it went right back to the site.
I take it it is a maliciously formed site. My grandson got
'XPantivirus' virus, which
Malwarebytes got rid of pretty well.
I looked in my history and saw three sites I think are it.
I post them here, for some who might want to see, and know how to
protect themselves.
Don't go here if you're not good at protecting yourself.

hxxp://searchglobalsecurity.com/build7_201.php?cmd=getFile&counter=1&p=p52dcWpkaV%2FCj8bYbodyh1ik12qZVp%2FZatrau4FdlJ%2FJnsWYeHpfqKygdW%2BSY5ieZpNia2OciqDWkaTboKCUiZSab1zZ1KBqZGlwZm9rcXGYU82to5%2BipG9e1IHLnZWjXpWZmmNuaW%2Bdlw%3D%3D

*****************************

hxxp://searchglobalsecurity.com/?p=p52dcWpkaV%2FCj8bYbodyh1ik12qZVp%2FZatrau4FdlJ%2FJnsWYeHpfqKygdW%2BSY5ieZpNia2OciqDWkaTboKCUiZSab1zZ1KBqZGlwZm9rcXGYU82to5%2BipG9e1IHLnZWjXpWZmmNuaW%2Bdlw%3D%3D

**************************

hxxp://searchglobalsecurity.com/?p=WKmimHVmaGqHjsbIo22EeYVe0KCfZ1bVoKDb2YmHWJjOxaCbkXp%2FWqyopHaXXpqaaWWQaWlpyFPVpJHaotahlFerpXOWk5hwZGtwbXBrXpzEag%3D%3D

One of the above is described as a 'Windows Enterprise Suite - online
protection.

I think this is like XPantivirus maleware that purpose is to sell
something to remove
'viruses' it finds.

Message has been deleted

Ant

unread,
Nov 4, 2009, 4:18:36 PM11/4/09
to
"ASCII" wrote:

> Interesting thing is that each 'scan', or running of the applet purports to find
> several dangerous items, but with different names. If I don't DL and run the
> [exe] they offer, why is there such a non redundant variety of malware from time
> to time (each refresh and reload of the page) with hardly ever any subsequent
> detections. It's as if the list is concocted with each 'scan' and I stress that
> it's not a scan but a js applet running to appear as such.

Yep, completely fake scan witten in Javascript. It randomly selects a
handful of alerts from a list of 22 and pretends to scan 11 folders
and 206 files.

virusNames=[
["Adware.Win32.Winad","Critical"],
["Adware.Win32.Look2me.ab","Critical"],
["AdvWare.Hotbar","High"],
["Backdoor.Win32.Haxdoor.gu","High"],
["Trojan-Downloader.Win32.Small.dge","High"],
["Trojan-PSW.Win32.LdPinch.abm","Critical"],
["Trojan.Qoologic - Key Logger","High"],
["Trojan Horse IRC/Backdoor.SdBot4.FRV","Medium"],
["SHeur.ZSQ","High"],
["W32.Benjamin.Worm","High"],
["W95/Elkern F-Secure","High"],
["W32.Mypics.Worm.36352","Medium"],
["W32.Nimda.J@mm","Medium"],
["W32.Yaha.B@mm","Critical"],
["Trojan Horse Generic11.OQJ","High"],
["Trojan Horse IRC/Backdoor.SdBot4.FRV","Critical"],
["Magic DVD Ripper","High"],
["Trojan virtumonde","Critical"],
["Win32/Hoax.Renos.HX","Medium"],
["Trojan-Downloader.Win32.Small.fxf","Medium"],
["Trojan-Downloader.Win32.Tibs.tc","Medium"],
["Trojan.Fakealert.355","Medium"]];


0 new messages