Posted on 05/29/2013 8:25:46 PM PDT by The Cajun
Still a little puzzling, but I am convinced it was an actual positive hit of that particular Trojan.
I had this issue with essentials as well Rage....I dumped it when I upgraded to Win 7 a few years ago...
I think essentials scans the page sees the code and mismatches it to a trjan.
I hate those things.....rather have a log in the woods...
I needed a Norden bombsight for one like that in China a few times.
Scenes from the movie “Dam Busters” kept flashing thru my mind.
The site that hosts that image, "wowlpapers", is listed as a malicious site by one of the virustotal URL scanners. I will try to get a mod to delete the post.
Booted from DSL livecd so I would have a safe non persistent OS to do the transfer on. DLed the file on the pencil thread and submitted it to virscan.
It got a positive hit for the j frame virus on four search engines.
A-squared
Microsoft
Rising
Sunbelt.
There are two mylife posts to that thread. We are talking about the Homer Simpson post, right?
The one that had the pic with the crayons sticking out of his nose and ears.
I clicked Report Abuse and asked the mod to delete it. If the post is still there you might do the same.
Total waste of time..
The site is clean, and whatever code is in that jpeg, it does not match my security data base.
The host site did not ring any bells either. Scanned it...
You guys are doing the same things I did for years with these faulty scanners...Your putting out fires that were never really hot.
Even if the scans are just false positives, they still waste Freepers’ time. Might as well delete the post.
Well...sure....no harm no foul, but what always happens is that every user who now knows about this will have to run a full scan, which I did for years and it takes about 18 hours cuz I have a lot of crud in storage...
I like to look tha variant up and see if they have the code and a clue to where it is....then I look for it.
This one for example can be found at the end of the page code or where ever they stuck it. It’s at the tail end....looks like this.....
[infected_site]/in.cgi?[number_for_infection_campaign] .
I think they use it to log the IP, sell the list and the hackers will use it to gain a back door. They could use it for most anything...depending on what their flavor of the day is.
Always look at your logs and see if your computer contacted a site with the .cn. If you know you did not go there, chances are you have a Trojan that has, but any decent screen should pick this bugger up.
I just think that essentials, found on most any XP up to win vista system has a particular issue matching code to the malware list and if in doubt it flags it as malware.
There is no point in doing a full scan just for viewing that jpg, but I bet that many Freepers visit the sites that host hotlinked images to get more information about the thread. I often do.
Well I sure did....lol
I think it may be of somebodys list, not Microsoft because they have no record of it, but somebody may have it fagged because it hosts Islamic stuff.....I did not see anything of interest....a lending site for muslims...and some other portals that I might check out if I have time, but the home page is just wallpapers.
Could be the Islamic nature of it caused someone somewhere to flag it which caused the essentials scan to issue a warning.
Other than that, and that just a guess, I have found nothing..
Gawd.....fagged=flagged....lol....I’m in trouble now......
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.