Don Bright
- Thread starter Maverick74
- Start date
I am still getting a hit on this link: www.stocktrading.com/robfriesen.html
ESET NOD32 says: JS/Kryptik.ADZ trojan
Correct - that one still seems to be infected:
http://vscan.novirusthanks.org/analysis/0f490f6d92a927d20c950720fe81d6fa/cm9iZnJpZXNlbi1odG1s/
Date 2013-02-05 02:33:52 (GMT 1)
File name robfriesen-html
File size 9739 bytes
MD5 hash 0f490f6d92a927d20c950720fe81d6fa
SHA1 hash 7f46b78b3a4bd7f3493d0033440cfe9ad973a2aa
Detection rate: 4 on 14 (29%)
Status: INFECTED
Antivirus Engine Result
Asquared 5.1.0.3 Exploit.JS.Blacole!IK
Avast 5.0 -
AVG 10.0.0.1190 HTML/Framer
Avira 7.11.7.12 JS/iFrame.aex.6
BitDefender 7.0.0.2555 -
ClamAV 0.97.4 -
Comodo 1.0 -
DrWeb 5.0.2 -
Fprot 6.0 -
IkarusT3 T31001097 Exploit.JS.Blacole
Panda 10.0.3.0 -
STOPZilla 5.0.0.0 -
TrendMicro 9.200.0.1012 -
VBA32 3.12.0.300 -
Well crap. I had clicked on the above mentioned link before I read your posts about it possibly being infected. My a/v didn't alert me at all. Should I be concerned I may have this trojan now?
Thanks,
-Guru
I do not know.
Since most anti-virus including Google do not seem to be concerned, I have a feeling it is present on the site, but perhaps mostly harmless in some way. Also, I do have all plugins disabled in Chrome by default.
I clicked on that link also earlier and so am right now running a free-trial scan of NOD32 on my machine to see if a tojan or virus was installed.
So far it is half way through and has not found anything yet. I will post further if it does find anything. Since according to posters here, NOD32 was the one that readily detected the trojan on the site in the first place, presumably it will also be able to find anything it did to my machine.
Thanks for the response. Hopefully your scan doesn't find anything. Like you mentioned it may be mostly harmless if there is anything there at all.
-Guru
It is funny.
http://www.google.com/safebrowsing/diagnostic?site=www.stocktrading.com/robfriesen.html
summarizes the site as harmless, but nevertheless includes the line:
"Malicious software includes 5 exploit(s)."
If you try some other sites, it does not include that line about exploits.
I do not know how to interpret that.
Is it is saying there are exploits on the page but they are duds? I think quite often only part of an exploit gets "successfully" installed on a server or it is not functional in that environment.
In any case, it seems reassuring that it detects them but does not seem worried about them.
http://www.google.com/safebrowsing/diagnostic?site=www.stocktrading.com/robfriesen.html
summarizes the site as harmless, but nevertheless includes the line:
"Malicious software includes 5 exploit(s)."
If you try some other sites, it does not include that line about exploits.
I do not know how to interpret that.
Is it is saying there are exploits on the page but they are duds? I think quite often only part of an exploit gets "successfully" installed on a server or it is not functional in that environment.
In any case, it seems reassuring that it detects them but does not seem worried about them.
I don't know what to make of that either. I'm also running a full scan on my system just to be safe. About 3/4 through and haven't found anything yet.
Just to follow up, the scan of my hard disk did eventually find a bunch of Java exploits that had been downloaded onto it at some point, but I do not know when or how - they could have been there for quite a while. They were probably not really a threat to me because I have Java disabled by default (i.e. click to run) in Chrome anyway. so whatever web page downloaded them would not have executed them anyway.
Most likely they did not come from this site, because they were in the Java 6 library folders and I have been on Java 7 for months.