Jump to content
CCleaner Community Forums
login123

Virus from Yahoo News

Recommended Posts

Clicked on a link in Yahoo news section about the Dalai Lama. About as innocent as a link can get. Avast triggered, the file was not executed, no harm done. Here is the avast log. ESET online is running now.

1/26/2010 6:40:13 AM	SYSTEM	1640	Sign of "JS:Pdfka-TW [Expl]" has been found in "http://ditrnbibarsp.com/kav/kav1.exe/oHdfbc1b88V0100f070006Rd9f71314102T94e2cf1f201l0409K57868056317" file.

 

Avast and Powershadow had my back. Use a virtualizer app!

Share this post


Link to post
Share on other sites

According to my ISP "ditrnbibarsp.com" doesn't exist so whatever this code was for it wouldn't had worked anyway.

 

Richard S.

Share this post


Link to post
Share on other sites
According to my ISP "ditrnbibarsp.com" doesn't exist so whatever this code was for it wouldn't had worked anyway.

Really? I can ping it at 216.146.35.99, for which whois lists contact info as Manchester UK.

 

Edited: but a few minutes later I can't ping it at all!

Share this post


Link to post
Share on other sites

Ah, just done a reverse look-up on that IP and it comes up: 216.146.35.99 is nx-redir.dyndnsinternetguide.com.

 

I use dyndns' dns servers ... ignore my previous post methinks! I can't find any look-up info for that domain.

Share this post


Link to post
Share on other sites

It's probably been blacklisted by my ISP then:

 

> ditrnbibarsp.com

Server: cache1.service.virginmedia.net

Address: 194.168.4.100

 

*** cache1.service.virginmedia.net can't find ditrnbibarsp.com: Non-existent domain

>

 

Richard S.

Share this post


Link to post
Share on other sites

The original link in the yahoo news panel was gone when I got hooked back up to net about three minutes later. Looked for it on yahoo for a while, was just gone. Google has information about the url and the exe file. Whatever it was it woke up avast pretty quick.

 

Might that be Manchester, New Hampshire, USA?

Share this post


Link to post
Share on other sites

I was getting that annoying popup selling phony malware detection when reading Yahoo comics, so started reading (the same) comics in comics.com

Malwarebytes, Avast, Defender, Spybot all report my pc is clean.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...