What to do having found an infected site
Eric Parker
"shell32.dll SP3 cannot copy"
because I was having a problem installing SP3.
The 7th site listed was
hxxp://2008biz5.net/25933/
I clicked the link and Avast popped up a warning about
Win32:Trojan-gen {Other}
I assume I should be passing this message on to try and get this site
sorted.
Is it worth doing ?
How should I go about this ?
Thanks
Eric
--
Remove the dross to contact me directly
Bill
Simple. Don't visit that site.
David H. Lipman
| I recently searched using Google for
| "shell32.dll SP3 cannot copy"
| because I was having a problem installing SP3.
| The 7th site listed was
| hxxp://2008biz5.net/25933/
| I clicked the link and Avast popped up a warning about
Win32::Trojan-gen {Other}
| I assume I should be passing this message on to try and get this site
| sorted.
| Is it worth doing ?
| How should I go about this ?
| Thanks
Frankly I couldn't find anything at that URL.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Ant
> I recently searched using Google for
> "shell32.dll SP3 cannot copy"
> because I was having a problem installing SP3.
> The 7th site listed was
> hxxp://2008biz5.net/25933/
> I clicked the link and Avast popped up a warning about
> Win32:Trojan-gen {Other}
I'd like to know why you would click on any link that looks like that,
especially one containing 'biz'. What legit site would call itself
2008biz5? It just smells of spammer/malware. However, I found nothing
dangerous there at present. I fetched the content using wget with a
faked IE user-agent. Perhaps it serves up something else depending on
other headers.
Go to the root, and there are 1417 directories numbered from 25391 to
26807. The few I checked returned badly formed html pages (only a
'title' element) with lists of phrases.
> I assume I should be passing this message on to try and get this site
> sorted.
> Is it worth doing ?
Probably not, but worth keeping an eye on. It's registered through
Estdomains (ICANN have recently revoked their accreditation) and
hosted on a small block belonging to theplanet.com assigned to a
Ukranian customer.
> How should I go about this ?
Forget about it.
Eric Parker
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:bMednXyt1uaqZ5XU...@giganews.com...
> From: "Eric Parker" <new...@thedrossericparker.plus.com>
>
> | I recently searched using Google for
> | "shell32.dll SP3 cannot copy"
> | because I was having a problem installing SP3.
> | The 7th site listed was
> | hxxp://2008biz5.net/25933/
> | I clicked the link and Avast popped up a warning about
> Win32::Trojan-gen {Other}
>
> | I assume I should be passing this message on to try and get this
> site
> | sorted.
> | Is it worth doing ?
> | How should I go about this ?
>
> | Thanks
>
> Frankly I couldn't find anything at that URL.
>
>
Thanks for looking.
Eric Parker
"Ant" <n...@home.today> wrote in message
news:Ceadne5azZT-YZXU...@brightview.co.uk...
Yes it wasn't one of my smarter moves to click the link.
I guess it was partly due to frustration at not finding a solution
earlier.
Thanks for looking and the advice.
David H. Lipman
| David H. Lipman wrote:
>>Frankly I couldn't find anything at that URL.
| Nor could I,
| even enabling javascript, popups, macromedia flash plugin, etc.
| Maybe running Opera in Sandboxie was blocking something?
Reminds me of the VBS:Zulu False Positive Avast had on a couple of Microsoft web pages.
I notified Avast of the FP and it took approx 60 days for Avast to remove it.
http://forum.avast.com/index.php?topic=24061.0