thx
Posted on 05/29/2013 8:25:46 PM PDT by The Cajun
Microsoft Security Essentials just detected about 6 attemps at *Trojan: Win32/Jpgiframe.A* trying to install on *latest post* page.
The source site had nothing to do with the flag. MSE detected and quarantined it when my computer tried to access it from the browser catch on the computer it’s self.
And as a stated, I downloaded it using a DSL live cd, and uploaded it to virscan directly from the computer. Virscan got a hit with four virus scanners. The hosting site has nothing to do with the positives.
I like to play with the buggers but I never get them...and I do a lot of surfing in China.....I even use Baidu.
I'd ask you to sent it to me, but that might me problematic..Did you see the code it's self of are you just reading what the scanner says it is...
The reason I ask, is that in the past when something like that happened to me, I found the critter in my system restore files. It had been in the computer for months and just decided on day to come out and play, probably on clue.
When I ran a full system scan from boot, where it looks at everything, it found six more copies. But that was at least 3-4 years ago. If you have the code string you can search for it without the scan, but if your scanner is set to shallow it won't find it and if you search and it has not been indexed you won't find it that way either.
Actually the site is not a source, it’s a host.
The picture you say it was in is actually on that site. In the sites servers. All FR has is the link. It links to the picture at the host site.
Gone now. Thanks Mods!
was’t it homer simpson or something?
Here ya go....
This is old Trojan and the site appears blocked from my end, but this is a conversation about it at Kaspersky from 2007-08
So it appears old and harmless now, but at one time it was dangerous and was identified...
In any case the site is blocked for me...
http://forum.kaspersky.com/index.php?showtopic=62250&st=0&;
It was.
McAffee has the original site now as a redirect to 114china.com which they have checked as green or safe. So to sum up, the ebeded I-fram is or was connected to a Trojan malicious site that is no longer active. So ther is no danger with the I-frame anylonger.
Had it been active, my system would have jumped on it before it opened, but it was dead. So the only irritation is for those malware detectors that compare code against a long list of known codes active or inactive. That is what security essentials does as well as many other stand alone usually free code scanners..
So if you all run into this again, your scanner is doing what it is supposed to do. had it been still active, mine would have popped off as well.
Hope that helps settle the differences in scans...
Here is the Mcafee site advisor showing the now dead orentraff.cn linked to the now green and OK 114china.cn.
http://www.siteadvisor.com/sites/orentraff.cn/summary/
Good night.
Just turning the lights out here as well....was up late last night too..
Appreciate the notice. Hard to track these things down. I’ve gotten warnings like you did on other sites like drudge. Not on here though.
One thing I did on my desktop computer was uninstall Flash Player. That is a really big risk and your security software will not pick up threats.
I looked at the image in an editor and it is using an iframe injection.
It’s linking to
ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90§ion=183491
The virus scanner is hitting on it, not because of the site the iframe is linking to, but because of the fact that there is an Iframe in an image file in the first place. That is a no no. It tricks the browser into loading a webpage without you knowing about it. It’s basically a simple Trojan.
Gee ... the name of that Trojan Horse looks familiar. I just purged that bugger from my laptop last night. 4 instances.
thx
FR has a virus?
I’ve been having posting problems since 5:30pm, Wednesday. MS Security Essentials detects nothing, nor does Norton 360 or Windows Defender.
So far...
Connected to us here?
NOT connected to FR. But I have experienced this fake MSE warning while surfing seemingly at random.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.