914World.com - The largest online 914 community!

Virus pop up warning, Whenever I hit 914club

Sparky	Apr 10 2006, 06:13 AM Post #1
Mahna Mahna! Group: Members Posts: 1,134 Joined: 21-June 03 From: Spencer, MA Member No.: 847	Details: -------------------------------------------------------------------------------- Malware type: Exploit Aliases: Bloodhound.Exploit.56, Exploit-WMF, Win32/Worfo In the wild: No Destructive: No Language: English Platform: Windows 98, ME, 2000, XP, Server 2003 Encrypted: No

plas76targa	Apr 10 2006, 06:16 AM Post #2
Senior Member Group: Members Posts: 885 Joined: 22-February 04 From: Frederick, MD Member No.: 1,700 Region Association: MidAtlantic Region	Same thing happened to me. The non-home system flushed out a bunch of exe files. odd (IMG:http://www.914world.com/bbs2/html/emoticons/wacko.gif)

nomore9one4	Apr 10 2006, 06:19 AM Post #3
Member of the Eastcoast Thread Killers Club Group: Members Posts: 2,666 Joined: 26-December 02 From: Pittsburgh,Pa.15237 Member No.: 14 Region Association: None	I got it too. WTF (IMG:http://www.914world.com/bbs2/html/emoticons/icon_bump.gif)

Dead Air	Apr 10 2006, 06:33 AM Post #4
Senior Member Group: Members Posts: 1,268 Joined: 9-May 04 From: Buffalo, NY Member No.: 2,042	Don't worry it's a non-virus/LLC. (IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif)

ArtechnikA	Apr 10 2006, 06:34 AM Post #5
rich herzog Group: Members Posts: 7,390 Joined: 4-April 03 From: Salted Roads, PA Member No.: 513 Region Association: None	what browser are you guys using? my AVG update and scan ran early this morning as scheduled and i'm not seeing anything. so Firefox isn't triggering it, AVG missed it (unlikely...) or Andy's already fixed it ...

nomore9one4

Apr 10 2006, 06:47 AM

Post #6

Member of the Eastcoast Thread Killers Club

Group: Members
Posts: 2,666
Joined: 26-December 02
From: Pittsburgh,Pa.15237
Member No.: 14
Region Association: None

QUOTE (Dead Air @ Apr 10 2006, 04:33 AM)

Don't worry it's a non-virus/LLC. (IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif)

I hope! Thank you! (IMG:http://www.914world.com/bbs2/html/emoticons/beer.gif)

nomore9one4

Apr 10 2006, 06:48 AM

Post #7

Member of the Eastcoast Thread Killers Club

Group: Members
Posts: 2,666
Joined: 26-December 02
From: Pittsburgh,Pa.15237
Member No.: 14
Region Association: None

QUOTE (ArtechnikA @ Apr 10 2006, 04:34 AM)

what browser are you guys using?
my AVG update and scan ran early this morning as scheduled and i'm not seeing anything. so Firefox isn't triggering it, AVG missed it (unlikely...) or Andy's already fixed it ...

It came up Windows Explorer.

tdgray	Apr 10 2006, 06:54 AM Post #8
Thank God Nemo is not here to see this Group: Members Posts: 9,705 Joined: 5-August 03 From: Akron, OH Member No.: 984 Region Association: None	I got it with IE also... switched over to Firefox and nada. Seems we gots a virus or something attached to the home page. I got it trying to install a file xpiadv602.wmf from traffmoney.biz. Also a hacktool.IE.Exploit. Have not looked them up yet. Gonna have my IT guy take a look at it. Somebody wake Andy up. (IMG:http://www.914world.com/bbs2/html/emoticons/biggrin.gif)

VaccaRabite	Apr 10 2006, 06:55 AM Post #9
En Garde! Group: Admin Posts: 13,445 Joined: 15-December 03 From: Dallastown, PA Member No.: 1,435 Region Association: MidAtlantic Region	Nope, not fixed yet. Nortens is catching it every time I try to hit the main page, and thre is a redirect to trafmoney.biz or trafficmoney.biz or something like that. If you use Nortons, get the latest virus defs. Version is 4/6/2006 Rev. 6 Zach

spunone	Apr 10 2006, 06:55 AM Post #10
Senior Member Group: Members Posts: 945 Joined: 6-April 04 From: Anaheim CA Member No.: 1,901 Region Association: Southern California	Norton blocked it on mine said it's a worm?

rick 918-S	Apr 10 2006, 07:05 AM Post #11
Hey nice rack! -Celette Group: Members Posts: 20,464 Joined: 30-December 02 From: Now in Superior WI Member No.: 43 Region Association: Northstar Region	Mines done something strange a couple of times over the last several weeks. I have mine default to the home page here. Some explorer bar thing, then when I try to close it, it opens some other program. (IMG:http://www.914world.com/bbs2/html/emoticons/screwy.gif)

nomore9one4

Apr 10 2006, 07:10 AM

Post #12

Member of the Eastcoast Thread Killers Club

Group: Members
Posts: 2,666
Joined: 26-December 02
From: Pittsburgh,Pa.15237
Member No.: 14
Region Association: None

QUOTE (rick 918-S @ Apr 10 2006, 05:05 AM)

Mines done something strange a couple of times over the last several weeks. I have mine default to the home page here. Some explorer bar thing, then when I try to close it, it opens some other program. (IMG:http://www.914world.com/bbs2/html/emoticons/screwy.gif)

That exactly what mine is doing. It just started today!

Toast	Apr 10 2006, 07:18 AM Post #13
Not bad for carrying sway bars. Group: Members Posts: 3,377 Joined: 20-January 04 From: Las Vegas Member No.: 1,580 Region Association: Southwest Region	xpladv602.wmf exploit.html.ObjDATA exploit.js.cve-2005-1790.j traffmoney.biz IE / Win98 / main page

Jaiden	Apr 10 2006, 07:18 AM Post #14
Member Group: Members Posts: 346 Joined: 13-January 05 From: Stroudsburg PA Member No.: 3,443	I got it too. Going directly to the garage doesn't force the pop up.

VaccaRabite

Apr 10 2006, 07:18 AM

Post #15

En Garde!

Group: Admin
Posts: 13,445
Joined: 15-December 03
From: Dallastown, PA
Member No.: 1,435
Region Association: MidAtlantic Region

QUOTE (boboli914@att.net @ Apr 10 2006, 08:10 AM)

QUOTE (rick 918-S @ Apr 10 2006, 05:05 AM)

Mines done something strange a couple of times over the last several weeks. I have mine default to the home page here. Some explorer bar thing, then when I try to close it, it opens some other program. :screwy:

That exactly what mine is doing. It just started today!

you guys better check your machines. Sounds like you are infected... (IMG:http://www.914world.com/bbs2/html/emoticons/sad.gif)

Zach

SLITS	Apr 10 2006, 07:26 AM Post #16
"This Utah shit is HARSH!" Group: Benefactors Posts: 13,602 Joined: 22-February 04 From: SoCal Mountains ... Member No.: 1,696 Region Association: None	Scanning Report 10 April 2006 06:21:29 Options -------------------------------------------------------------------------------- Target: C:\WINDOWS\Temporary Internet Files Action: Delete infected files Scanning options: Files scanned with extensions: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB ZIP ARJ LZH TAR TGZ Scan inside archives: on Scanning Engines: F-Secure F-PROT: 3.09.507, 2006-04-06 21:42:43 F-Secure AVP: 3.55.160.3203, 2006-04-06 21:42:43 Results -------------------------------------------------------------------------------- Boot Sectors Scanned: 0 Infected: 0 Suspected: 0 Disinfected: 0 Files Scanned: 757 Infected: 8 Suspected: 0 Disinfected: 0 Renamed: 0 Deleted: 8 Quarantined: 0 Report -------------------------------------------------------------------------------- C:\WINDOWS\Temporary Internet Files\Content.IE5\T9IHI07N\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\FYZ7IIK1\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\05EZS9YJ\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\V4ZWOBI2\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\LG2KCB0Y\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\UQEABL4A\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\81ARSHIJ\fillmemadv602[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. C:\WINDOWS\Temporary Internet Files\Content.IE5\81ARSHIJ\bag[1].htm Infection: Exploit.JS.CVE-2005-1790.j Deleted. --------------------------------------------------------------------------------

nomore9one4	Apr 10 2006, 07:29 AM Post #17
Member of the Eastcoast Thread Killers Club Group: Members Posts: 2,666 Joined: 26-December 02 From: Pittsburgh,Pa.15237 Member No.: 14 Region Association: None	ANDY??? (in my closest Aunt B voice)

rick 918-S	Apr 10 2006, 08:06 AM Post #18
Hey nice rack! -Celette Group: Members Posts: 20,464 Joined: 30-December 02 From: Now in Superior WI Member No.: 43 Region Association: Northstar Region	Does yours look like this? Attached image(s)

David_S	Apr 10 2006, 08:14 AM Post #19
Member Group: Members Posts: 430 Joined: 11-May 03 From: Dimmitt, Tx Member No.: 680 Region Association: Southwest Region	Mine is doing it too ....window looks like the one Rick posted. Keeps trying to open something up in Windows picture and fax viewer.

Jaiden	Apr 10 2006, 08:14 AM Post #20
Member Group: Members Posts: 346 Joined: 13-January 05 From: Stroudsburg PA Member No.: 3,443	Mine looks like that if I cancel out of the wmf download it tries to load up.

« Next Oldest · 914World Garage · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: