[TChad]

Even if the scans are just false positives, they still waste Freepers’ time. Might as well delete the post.

[Cold Heat]

Well...sure....no harm no foul, but what always happens is that every user who now knows about this will have to run a full scan, which I did for years and it takes about 18 hours cuz I have a lot of crud in storage...

I like to look tha variant up and see if they have the code and a clue to where it is....then I look for it.

This one for example can be found at the end of the page code or where ever they stuck it. It’s at the tail end....looks like this.....

[infected_site]/in.cgi?[number_for_infection_campaign] .

[Cold Heat]

Anyway.....it's a redirect to a Chinese site where it gets some massaging and instructions...I can't recall the name but they have it, and it's been around since 2007.

I think they use it to log the IP, sell the list and the hackers will use it to gain a back door. They could use it for most anything...depending on what their flavor of the day is.

Always look at your logs and see if your computer contacted a site with the .cn. If you know you did not go there, chances are you have a Trojan that has, but any decent screen should pick this bugger up.

I just think that essentials, found on most any XP up to win vista system has a particular issue matching code to the malware list and if in doubt it flags it as malware.