Scotts_DG8 Posted December 12, 2010 Share Posted December 12, 2010 While not trying to alarm anyone here, while scanning my PC for virus it has encountered a virus most every day the past several days. And as I only visit a 4 or 5 sites each day I decided to spend the last 2 hours and try to narrow down where I might be picking this virus up. As it turns out the virus that my scan analysis turns up appears to be from this site, AACA.org.The Scan after entering the AACA Forums returns the following info: HEUR:Trojan-Downloader.Script.Generic was found in C:\Documents and Settings\SS\Local Settings\Temporary Internet Files\Content.IE5\PSEMNX7S\DR_v4[1].js on 12/12/2010 11:29:12Again, this occurs just after selecting the Forums from the main AACA page. This really surprised me. In doing my analysis I’d visited each site that I visit each day and step through my normal activity performing a scan of my temporary internet files after signing on or selecting a new page. The actual object that is being called out as the virus being produced from this sight is the DR_4[1].js noted in the above scan info line and appears to be loaded when I open up into the Forums.What I’ve elected to do and will do so at least for now going forward is to perform a scan after entering the Forums here on the AACA.org site as it is then put into Quarantine.Peter, is there a way that this be checked out? Scott… Link to comment Share on other sites More sharing options...
stealthbob Posted December 12, 2010 Share Posted December 12, 2010 Likely a false positive...When is says "generic" it means that it sees something that it doesn't know if it is good or bad so it says it is bad.HEUR: Trojan.Win32.Generic – What is it and how to get rid of it? (Kaspersky detection) | malwarecrawler.comURGENT! Kaspersky Antivirus 2010 Alert "HEUR:Trojan-Downloader.Script.Generic" in LiveContent - No Access to my Site - Mandeeps.com - Mandeeps.com > Innovative DNN Modules & Gear > Forum - Modules - Live Content Link to comment Share on other sites More sharing options...
Jim Rohn Posted December 12, 2010 Share Posted December 12, 2010 It amazes me what people have to deal with when they own a PC ...like they used to yell at all the people with the newangled modern cars appeared ... and broke down, "Get a horse!"the modern equivalent to that is "Get a Mac!" Link to comment Share on other sites More sharing options...
stealthbob Posted December 12, 2010 Share Posted December 12, 2010 It amazes me what people have to deal with when they own a PC ...like they used to yell at all the people with the newangled modern cars appeared ... and broke down, "Get a horse!"the modern equivalent to that is "Get a Mac!" ...or better yet go to the FREE Ubuntu OSEasy and Virus free! Link to comment Share on other sites More sharing options...
Peter Gariepy Posted December 12, 2010 Share Posted December 12, 2010 did you visit any particular page?there are 7000 people a day visiting this site and you are the only one to point this out. Link to comment Share on other sites More sharing options...
Guest Jim_Edwards Posted December 12, 2010 Share Posted December 12, 2010 What version of Windows and what anti-virus software are being ran and just how recent are the virus files it is comparing to? I've not gotten any indication of anything and the somewhat heavy duty anti-virus software I run updates me typically 4 times in a 24 hour period.I think I'd be clearing all the cookies out your browser and deleting all internet temp files. Link to comment Share on other sites More sharing options...
Scotts_DG8 Posted December 13, 2010 Author Share Posted December 13, 2010 Hopefully I’m going to answer all questions and respond to all comments made. First on the computer; I run Windows XP Pro and am current on all Windows patches. I use Zone Alarm Internet Security Suite which is an Internet Firewall and Virus package along with e-mail protection and my Virus updates are current. Just for some additional info, my background is well over 20 years in IT and computers are not foreign to me. I acknowledge that there will always be strong Mac vs PC opinions out there and am ok with it. Personally in all my years within the IT field I’ve not ever found myself challenged or exposed with Windows. Could there be an issue with the virus list that I received from Zone Labs? Sure, couldn’t and wouldn’t argue that possibility. I do know that the virus being called out started to appear just within the last two weeks and although the scans always quarantine it I finally decided to identify where it was originating from hence this posting. Peter to answer your question, I hope. I have the AACA.org bookmarked as most probably do and when I go to the AACA site I can run a scan on my Temporary Internet files and find nothing. After I press the button to select and enter the Forums and right after the main Forums page appears I can run a scan on my Temporary Internet files it will always return the identified virus mentioned at the front of my post. This occurs every time I enter the main forum page. I’ve scanned after going other sub forums or reading and posting to threads without the supposed virus appearing. I hope that this covers everyone’s comments and questions. Scott… Link to comment Share on other sites More sharing options...
ghostymosty Posted December 13, 2010 Share Posted December 13, 2010 Before or after signing in with your user ID?? If after then try not logging in and going to the same pages. Link to comment Share on other sites More sharing options...
Guest Jim_Edwards Posted December 13, 2010 Share Posted December 13, 2010 Hopefully I’m going to answer all questions and respond to all comments made.First on the computer; I run Windows XP Pro and am current on all Windows patches. I use Zone Alarm Internet Security Suite which is an Internet Firewall and Virus package along with e-mail protection and my Virus updates are current. Just for some additional info, my background is well over 20 years in IT and computers are not foreign to me. I acknowledge that there will always be strong Mac vs PC opinions out there and am ok with it. Personally in all my years within the IT field I’ve not ever found myself challenged or exposed with Windows.Could there be an issue with the virus list that I received from Zone Labs? Sure, couldn’t and wouldn’t argue that possibility. I do know that the virus being called out started to appear just within the last two weeks and although the scans always quarantine it I finally decided to identify where it was originating from hence this posting.Peter to answer your question, I hope. I have the AACA.org bookmarked as most probably do and when I go to the AACA site I can run a scan on my Temporary Internet files and find nothing. After I press the button to select and enter the Forums and right after the main Forums page appears I can run a scan on my Temporary Internet files it will always return the identified virus mentioned at the front of my post. This occurs every time I enter the main forum page. I’ve scanned after going other sub forums or reading and posting to threads without the supposed virus appearing.I hope that this covers everyone’s comments and questions. Scott…From Network World, March 29, 2010ZoneAlarm Internet Security SuiteZoneAlarm's software performed worse than any other suite we tested in using behavioral scanning (that is, detecting malware based solely on how it behaves on a PC). ZoneAlarm's suite found only 13 percent of our test samples, and blocked just 7 percent; it was unable to completely remove any of the samples in this test. As this is a very good test for judging how well a suite can respond to brand-new malware threats, ZoneAlarm's showing is problematic. 'nough said!Jim Link to comment Share on other sites More sharing options...
Guest Silverghost Posted December 13, 2010 Share Posted December 13, 2010 (edited) I guess we can't blame this possible virus attack on those pesky Chinese govermnent internet spies ! ;-) Beware of ANY unknown email & attachments you may open~ If you don't know the sender ~~~ Do not open~~~Deleate ! Edited December 13, 2010 by Silverghost (see edit history) Link to comment Share on other sites More sharing options...
Scotts_DG8 Posted December 13, 2010 Author Share Posted December 13, 2010 Again, I originally started this thread out of curiosity and concern with a potential problem. I’m not a closed minded person, most of the time , and am always open to differing opinions and ideas. Zone Alarm had received high marks in past years although I admit that in the last year or two I’ve not followed the yearly reviews of security products. So I spent a bit of time this morning doing some reading and Zone Alarm it appears has slipped and takes a hit for not always detecting all new malware that enters the www in a timely manner although they also report that the firewall can make up for it. In that there are more expert individuals than I out there I’ll concede that it does appear that I obviously use an inferior security product according to today’s ranking. That being said and I’ll close any further comments on this thread and address the problem being detected/reported on my side.Just one last update for what it is worth on my analysis. I’d identified that the script that is being loaded is from a third party site attached to the AACA page(s) and is referenced to the following www address: http://http.cndlayer.com/drivingreveneue/DR_v4.js.Thanks to those that have participated/responded. Scott… Link to comment Share on other sites More sharing options...
Shop Rat Posted December 13, 2010 Share Posted December 13, 2010 .....If you don't know the sender ~~~ Do not open~~~Deleate !Even then folks should be careful. Another AACA member, a friend that stays with us in our RV at AACA events, has had virus issues with his computer and laptop computer and they have sent e-mails out to us and others that he didn't send himself. But they looked wrong so I sent an e-mail to him to ask if he had sent it and he had not. I didn't open the reply even, we can see it on a preview screen without opening the actual message. It has happened at least twice. Link to comment Share on other sites More sharing options...
stealthbob Posted December 13, 2010 Share Posted December 13, 2010 Looks to me like a typical data miner...Driving Revenue - How It WorksGoogle lobbies hard to many of these security companies to not include their intrusive stuff. We are being watched and tracked at all times on the net....which was why using alternative systems was endorsed in this thread. I doubt AACA installed this on their own or even if it really did actually originate from them. Link to comment Share on other sites More sharing options...
Guest Jim_Edwards Posted December 13, 2010 Share Posted December 13, 2010 Even then folks should be careful. Another AACA member, a friend that stays with us in our RV at AACA events, has had virus issues with his computer and laptop computer and they have sent e-mails out to us and others that he didn't send himself. But they looked wrong so I sent an e-mail to him to ask if he had sent it and he had not. I didn't open the reply even, we can see it on a preview screen without opening the actual message. It has happened at least twice.E-Mail "miners" are common all over the web. Unfortunately very legitimate sites one may frequent may have ads that "Mine" your E-mail file and may even be extended into mining of various Forum software packages around. Also unfortunate is the fact that many Forum software packages are written in PHP script language which means those programs are typically very easily broken into by hackers. Data/E-Mail "miners" can be easily embedded into a photo file as well as text files. Ain't that just ducky to know? You'll know for sure you have been victimized or some forum site has been victimized when you start receiving bogus E-Mails seemingly from yourself. Examining the full header file will reveal the address it came from, unfortunately the spammers may be using a throw-away cell phone to dump their garbage.Not all security software is good at detecting "Miners" a decent freebie is available from Lavasoft, which will catch many "Miners" that are missed by often thought of as being excellent security programs. Jim Link to comment Share on other sites More sharing options...
stealthbob Posted December 13, 2010 Share Posted December 13, 2010 Another great way to stop these type of attacks is the use of Firefox and No-Script.https://addons.mozilla.org/en-US/firefox/addon/722/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now