Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Horsie.......

  1. #1
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Horsie.......

    I was searching for an appropriate website to find out information on a "freaking animal" who shot and killed a dear friend of mine 16 years ago (long and sad story for her). He is (was, he has recently been released, Ugh) serving "life", and as a simple begining I used the term Ga. inmate query, what came up was a large variety of results and I just began clicking them one at a time to find the correct one.

    Is anyone else detecting it by clicking this link? Or am I going insane?

    >>>>>WARNING THIS LINK MAY CONTAIN A TROJAN HORSE<<<<<<<

    http://inmates.gidor.com/ga-prison-inmate-query.php

    >>>>>WARNING THE ABOVE LINK MAY CONTAIN A TROJAN HORSE<<<<

    I am showing a W32/Sober@MM!M681, which is outdated but still around.

    I thought W32/Sober was an E-Mail Virii...........

    Anyone else getting it?

    And no I did not click on the Prn Ad.


    P:
    Get some good religion from Bad Religion.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm!

    Strange sites you frequent old chap?

    It did not appear to do anything for me..................and I had a fair bit running...........no attempt to run a naughty script or amend the Registry............I was running 3 AVs and two anti-malwares at the time (yes, I know you don't do that............but I was at least hoping that a detection would provoke a crash?)

    MM is a mass mailer, and that detection stuff hasn't noticed any attempt to use my e-mail, or send anything out.

    What were you using that detected it?

    I had:

    1. AVG
    2. Avast!
    3. Clam
    4. Win Patrol
    5. WinPooch
    6. Teatimer
    7. SpyDefense
    8. Ewido (interactive)
    9. SpywareBlaster
    10. RegistryProt

    And they saw nothing?

    No reaction from the firewall or mail protector either


  3. #3
    Banned
    Join Date
    Jul 2006
    Location
    /
    Posts
    385
    Nice find Galdron..

    i had my AV pick 'em up, I kept a copy in the Quarantine, and the other pair are now on a usb hdd to take a look at in the next few minutes.

    can .zip 'em up and email at request..

    cheers
    acidtone..

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    nihil: You run all those apps at once?

    For some reason... I could have sworn that running multiple av's and antispyware apps at the same time could cause problems? Not to mention... a huge waste of resources?

    I run only avast with as a limited user (using runas when I need admin) and I've never had any issues...

    Strange sites you frequent old chap?
    If you need *that* much protection... I'd think that the sites you frequent may be a bit strange?

    Anyway, I visited that site with firefox 1.5.0.6 with adblock and noscript along with avast running. No warnings on my side. (I didn't enable the ads or scripting.)
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Greeting's

    I dont run multiple AV's (infact I've never installed multiple AV's) but some how my anti-virus (updated) doesnt pick up anything too??? Whats wrong here ??

    I disabled Noscript in Firefox but still no virus was picked up ??
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey Phish~ I have them all sitting on this box, I just activated them all (one at a time and slowly so as to avoid a crash) then visited the site like I said I was expecting any sort of detection to trigger a crash............ it can sometimes work with one that none of them can individually identify

    I was using FF 1.5.0.6 with script and advert blocking on.

    From a previous post, this is the ByteVerify trojan....................that is about 3 years old and you should be patched against it by now? This is Win 2000 SP4, and may not be susceptible anyway? IIRC it is something to do with Java and unpatched versions of the MS virtual machine?

    Perhaps Galdron has one of those proactive/aggressive AV's that scanned the page, rather than waiting for something to attack the home machine?

    The MM worm would certainly seem to be a false positive, or misidentification?

  7. #7
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Just woke up

    The worm was picked up by Macafee in a split second as soon as I clicked on the link to the page. I then attempted to Quaranteen it, and it would not allow me to do so. I grabbed the "Stinger' from Macafee.com and took care of it.

    I am in the process of contacting the website host to give them the heads up.




    Get some good religion from Bad Religion.

  8. #8
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    Were you using firefox or IE?
    When death sleeps it dreams of you...

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi acidtone, can you submit them to these sites:

    http://virusscan.jotti.org/

    http://www.virustotal.com/en/indexf.html

    It would be interesting to see what the major AV products make of them?


  10. #10
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Muerto

    Originally posted here by muert0
    Were you using firefox or IE?

    Firefox, latest version.

    Get some good religion from Bad Religion.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •