Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Microsoft Security Essentials detected virus on FR
Me

Posted on 05/29/2013 8:25:46 PM PDT by The Cajun

Microsoft Security Essentials just detected about 6 attemps at *Trojan: Win32/Jpgiframe.A* trying to install on *latest post* page.


TOPICS: Computers/Internet
KEYWORDS: cybersecurity; msn; virus
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-110 next last
To: Cold Heat

The source site had nothing to do with the flag. MSE detected and quarantined it when my computer tried to access it from the browser catch on the computer it’s self.

And as a stated, I downloaded it using a DSL live cd, and uploaded it to virscan directly from the computer. Virscan got a hit with four virus scanners. The hosting site has nothing to do with the positives.


81 posted on 05/29/2013 10:48:04 PM PDT by Rage cat
[ Post Reply | Private Reply | To 79 | View Replies]

To: Rage cat
well....I never got it...I even tried to get it...lol

I like to play with the buggers but I never get them...and I do a lot of surfing in China.....I even use Baidu.

I'd ask you to sent it to me, but that might me problematic..Did you see the code it's self of are you just reading what the scanner says it is...

The reason I ask, is that in the past when something like that happened to me, I found the critter in my system restore files. It had been in the computer for months and just decided on day to come out and play, probably on clue.

When I ran a full system scan from boot, where it looks at everything, it found six more copies. But that was at least 3-4 years ago. If you have the code string you can search for it without the scan, but if your scanner is set to shallow it won't find it and if you search and it has not been indexed you won't find it that way either.

82 posted on 05/29/2013 10:56:56 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 81 | View Replies]

To: Rage cat

Actually the site is not a source, it’s a host.

The picture you say it was in is actually on that site. In the sites servers. All FR has is the link. It links to the picture at the host site.


83 posted on 05/29/2013 11:02:54 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 81 | View Replies]

To: Rage cat
The one that had the pic with the crayons sticking out of his nose and ears.

Gone now. Thanks Mods!

84 posted on 05/29/2013 11:12:34 PM PDT by TChad
[ Post Reply | Private Reply | To 69 | View Replies]

To: TChad

was’t it homer simpson or something?


85 posted on 05/29/2013 11:14:49 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 84 | View Replies]

To: TChad; Rage cat

Here ya go....

This is old Trojan and the site appears blocked from my end, but this is a conversation about it at Kaspersky from 2007-08

So it appears old and harmless now, but at one time it was dangerous and was identified...

In any case the site is blocked for me...

http://forum.kaspersky.com/index.php?showtopic=62250&st=0&;


86 posted on 05/29/2013 11:22:27 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 84 | View Replies]

To: Cold Heat

and here...........

http://www.murga-linux.com/puppy/viewtopic.php?search_id=281517896&t=26767


87 posted on 05/29/2013 11:27:45 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 86 | View Replies]

To: Cold Heat
was’t it homer simpson or something?

It was.

88 posted on 05/29/2013 11:31:56 PM PDT by TChad
[ Post Reply | Private Reply | To 85 | View Replies]

To: Cold Heat

McAffee has the original site now as a redirect to 114china.com which they have checked as green or safe. So to sum up, the ebeded I-fram is or was connected to a Trojan malicious site that is no longer active. So ther is no danger with the I-frame anylonger.

Had it been active, my system would have jumped on it before it opened, but it was dead. So the only irritation is for those malware detectors that compare code against a long list of known codes active or inactive. That is what security essentials does as well as many other stand alone usually free code scanners..

So if you all run into this again, your scanner is doing what it is supposed to do. had it been still active, mine would have popped off as well.

Hope that helps settle the differences in scans...


89 posted on 05/29/2013 11:37:39 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 87 | View Replies]

To: TChad

Here is the Mcafee site advisor showing the now dead orentraff.cn linked to the now green and OK 114china.cn.

http://www.siteadvisor.com/sites/orentraff.cn/summary/


90 posted on 05/29/2013 11:39:42 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 88 | View Replies]

To: Cold Heat
Thanks, but I am out of time for tonight.

Good night.

91 posted on 05/29/2013 11:44:48 PM PDT by TChad
[ Post Reply | Private Reply | To 90 | View Replies]

To: TChad

Just turning the lights out here as well....was up late last night too..


92 posted on 05/29/2013 11:45:42 PM PDT by Cold Heat (Have you reached your breaking point yet? If not now....then when?)
[ Post Reply | Private Reply | To 91 | View Replies]

To: The Cajun

Appreciate the notice. Hard to track these things down. I’ve gotten warnings like you did on other sites like drudge. Not on here though.

One thing I did on my desktop computer was uninstall Flash Player. That is a really big risk and your security software will not pick up threats.


93 posted on 05/30/2013 12:25:41 AM PDT by gunsequalfreedom (Conservative is not a label of convenience. It is a guide to your actions.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Cold Heat

I looked at the image in an editor and it is using an iframe injection.

It’s linking to

ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=183491

The virus scanner is hitting on it, not because of the site the iframe is linking to, but because of the fact that there is an Iframe in an image file in the first place. That is a no no. It tricks the browser into loading a webpage without you knowing about it. It’s basically a simple Trojan.


94 posted on 05/30/2013 12:30:09 AM PDT by Rage cat
[ Post Reply | Private Reply | To 89 | View Replies]

To: The Cajun

Gee ... the name of that Trojan Horse looks familiar. I just purged that bugger from my laptop last night. 4 instances.


95 posted on 05/30/2013 4:07:33 AM PDT by al_c (http://www.blowoutcongress.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rage cat
thx
96 posted on 05/30/2013 4:09:37 AM PDT by Chode (Stand UP and Be Counted, or line up and be numbered - *DTOM* -ww- NO Pity for the LAZY)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Clint N. Suhks

FR has a virus?


97 posted on 05/30/2013 4:17:09 AM PDT by Carriage Hill (Guns kill people, pencils misspell words, cars drive drunk & spoons make you fat.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: The Cajun

I’ve been having posting problems since 5:30pm, Wednesday. MS Security Essentials detects nothing, nor does Norton 360 or Windows Defender.

So far...


98 posted on 05/30/2013 4:23:42 AM PDT by Carriage Hill (Guns kill people, pencils misspell words, cars drive drunk & spoons make you fat.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Seizethecarp
I believe there is a fake “Microsoft Security Essentials” (MSE) window that some sort of malware opens after you go to an infected site, not necessarily the particular site you have open.

Connected to us here?

99 posted on 05/30/2013 6:32:19 AM PDT by GOPJ (Swedes bring their cars..savages their flames..burning cars a metaphor. D. Greenfield)
[ Post Reply | Private Reply | To 52 | View Replies]

To: GOPJ

NOT connected to FR. But I have experienced this fake MSE warning while surfing seemingly at random.


100 posted on 05/30/2013 7:52:10 AM PDT by Seizethecarp (Defend aircraft from "runway kill zone" mini-drone helicopter swarm attacks: www.runwaykillzone.com)
[ Post Reply | Private Reply | To 99 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-110 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson