1/26/2010 6:40:13 AM SYSTEM 1640 Sign of "JS:Pdfka-TW [Expl]" has been found in "http://ditrnbibarsp.com/kav/kav1.exe/oHdfbc1b88V0100f070006Rd9f71314102T94e2cf1f201l0409K57868056317" file.
Avast and Powershadow had my back. Use a virtualizer app!
1
Virus from Yahoo News
Started by login123, Jan 26 2010 06:03 PM
7 replies to this topic
#1 OFFLINE
-
- Members
-
- 1,778 posts
blanko
- Gender:Not Telling
Posted 26 January 2010 - 06:03 PM
Clicked on a link in Yahoo news section about the Dalai Lama. About as innocent as a link can get. Avast triggered, the file was not executed, no harm done. Here is the avast log. ESET online is running now.
Avast and Powershadow had my back. Use a virtualizer app!
Avast and Powershadow had my back. Use a virtualizer app!
The SLIM version is always released a bit after any new version; when it is it will be HERE :-)
#2 OFFLINE
-
- Members
-
- 1,216 posts
Power Member
- Gender:Male
- Location:UK
- Interests:Beer and DVDs
Posted 26 January 2010 - 07:34 PM
According to my ISP "ditrnbibarsp.com" doesn't exist so whatever this code was for it wouldn't had worked anyway.
Richard S.
Richard S.
#3 OFFLINE
-
- Members
-
- 877 posts
Relax, it's only ones and zeros!
- Location:UK
Posted 26 January 2010 - 07:53 PM
redhawk, on Jan 26 2010, 07:34 PM, said:
According to my ISP "ditrnbibarsp.com" doesn't exist so whatever this code was for it wouldn't had worked anyway.
Edited: but a few minutes later I can't ping it at all!
#4 OFFLINE
-
- Members
-
- 877 posts
Relax, it's only ones and zeros!
- Location:UK
Posted 26 January 2010 - 08:06 PM
Ah, just done a reverse look-up on that IP and it comes up: 216.146.35.99 is nx-redir.dyndnsinternetguide.com.
I use dyndns' dns servers ... ignore my previous post methinks! I can't find any look-up info for that domain.
I use dyndns' dns servers ... ignore my previous post methinks! I can't find any look-up info for that domain.
#5 OFFLINE
-
- Members
-
- 1,216 posts
Power Member
- Gender:Male
- Location:UK
- Interests:Beer and DVDs
Posted 26 January 2010 - 09:06 PM
It's probably been blacklisted by my ISP then:
> ditrnbibarsp.com
Server: cache1.service.virginmedia.net
Address: 194.168.4.100
*** cache1.service.virginmedia.net can't find ditrnbibarsp.com: Non-existent domain
>
Richard S.
> ditrnbibarsp.com
Server: cache1.service.virginmedia.net
Address: 194.168.4.100
*** cache1.service.virginmedia.net can't find ditrnbibarsp.com: Non-existent domain
>
Richard S.
#6 OFFLINE
-
- Members
-
- 1,778 posts
blanko
- Gender:Not Telling
Posted 27 January 2010 - 02:56 AM
The original link in the yahoo news panel was gone when I got hooked back up to net about three minutes later. Looked for it on yahoo for a while, was just gone. Google has information about the url and the exe file. Whatever it was it woke up avast pretty quick.
Might that be Manchester, New Hampshire, USA?
Might that be Manchester, New Hampshire, USA?
The SLIM version is always released a bit after any new version; when it is it will be HERE :-)
#7 OFFLINE
-
- Members
-
- 1,024 posts
Hi
- Gender:Female
Posted 27 January 2010 - 03:09 AM
I was getting that annoying popup selling phony malware detection when reading Yahoo comics, so started reading (the same) comics in comics.com
Malwarebytes, Avast, Defender, Spybot all report my pc is clean.
Malwarebytes, Avast, Defender, Spybot all report my pc is clean.
#8 ONLINE
-
- Moderators
-
- 13,328 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
Posted 27 January 2010 - 01:30 PM
redhawk, on Jan 26 2010, 03:06 PM, said:
It's probably been blacklisted by my ISP then:
http://safeweb.norto...itrnbibarsp.com
Edit:
It's a good ideal to block that domain in the Windows HOSTS file.
