Jump to content

Generic Downloader Trojan


Ming Dynasty

Recommended Posts

This probably isn't what you meant by a bug, but for the past half-hour or so
McAfee has been saying that I've been hit a few times with
Generic Downloader.o (Trojan)

During that time Cybernations was the only website being accessed.

5 attempts were made and McAfee claims that it prevented all of them.


(Cookies allowed are (**very**) limited to McAfee, Cybernations, AOL and two other trusted sites;
everything else is blocked.)

Just an FYI.

I didn't know who to send this info to.

Ming

Link to comment
Share on other sites

Similar to Ming's report.....

I just logged on a few minutes ago and MS Security Essentials stopped access my on my nation home page (right after logging in and paying daily bills). Security Essentials then reported cybernations.net as a site detected to have malware [i]by other users[/i], and then stopped a trojan that's called "Trojan:JS/Redirector.CI"; it rates it as severe; it was successful in getting rid of it.

This trojan is further described:

"Trojan:JS/Redirector.CI is a detection for obfuscated JavaScript contained within Web pages. This JavaScript may be present on a malicious Web site, and is used to redirect users to Web sites other than those of the user's choice."

I am using Win7 64bit, and IE 8.0 and MS Security Essentials.

I just tried it agin and I'm not getting any other error...perhaps it was one of the ads?

C-

Edited by crucible
Link to comment
Share on other sites

Thanks for the report. I've been hearing some information about some problems with Google Ads delivering up malicious files via flash ads. I actually got hit by one while doing some work on Cyber Citizens yesterday, the specific hit that I got was a "HTTP Trojan Mebroot Request" detected by Norton. I thought it might have been a fluke with my antivirus as I couldn't recreate the issue but after reading this report, and after running scans on the servers, it appears that it is indeed an issue with Google Ads. [url="http://www.google.com/support/forum/p/Google+Analytics/thread?tid=15e449daa81a9aab&hl=en"]Here is a discussion on it[/url]. I have suspended flash and image ads across all my websites until Google can get to the bottom of this.

Link to comment
Share on other sites

Is that supposed to include the ('oddly' related to this thread) ad at the top of this post that I saw?

[URL=http://img97.imageshack.us/i/facepalmad.jpg/][IMG]http://img97.imageshack.us/img97/7188/facepalmad.th.jpg[/IMG][/URL]

Edited by Sakura
Link to comment
Share on other sites

[quote name='Ronald McDonald' date='27 April 2010 - 07:40 PM' timestamp='1272415216' post='2277886']
I have the same problem. You are able to lift restrictions on Mcaffe
[/quote]
I don't understand your post.

Link to comment
Share on other sites

[quote name='admin' date='28 April 2010 - 12:39 PM' timestamp='1272483527' post='2278710']
[quote name='Ronald McDonald' date='27 April 2010 - 05:40 PM' timestamp='1272415216' post='2277886']
I have the same problem. You are able to lift restrictions on Mcaffe
[/quote]
I don't understand your post.
[/quote]

Assuming I read what he wrote correctly...

I think he's basically saying "you can disable the warning light". (Despite the minor detail that doing so would leave the underlying problem present, wouldn't it?)

Link to comment
Share on other sites

Looks like [url=http://www.google.com/support/forum/p/AdSense/thread?hl=en&tid=420c791905c1c74d]this[/url] is the main page on it. A few other ones were closed with a link to that one.

Link to comment
Share on other sites

[quote name='Vivi' date='29 April 2010 - 01:29 AM' timestamp='1272518978' post='2279498']
Looks like [url=http://www.google.com/support/forum/p/AdSense/thread?hl=en&tid=420c791905c1c74d]this[/url] is the main page on it. A few other ones were closed with a link to that one.
[/quote]
Seriously google needs to get their act together, how hard would it be to simply check ads though programs before making them live? Thought this was common sense.
edit- just thought of possible issues with antivirus not prepared to handle it that second yet, so have a 2 day wait- then scan them and approve them. Also, download.com cant claim it's 100% virus free. :P

Edited by Fighter26
Link to comment
Share on other sites

Ok, supposedly this issue has been corrected by Google by blocking ads generating from the website curves.com/?=345. If you see this issue pop up again please post as much information as possible, take screenshots, and record the exact URL that the infected ad is pointing to. (You can right click and get the image URL/Shortcut without actually clicking on the link.)

Link to comment
Share on other sites

[quote name='admin' date='29 April 2010 - 01:40 PM' timestamp='1272562817' post='2280016']
Google had a simple policy: Do No Harm. They are failing in that regard as far as this issue is concerned.
[/quote]
Actually, that's the Hippocratic oath. Google's policy was Don't Be Evil.

Link to comment
Share on other sites

Got a virus alert today from an ad on CN. Here's the info:

[code]When accessing data from the URL, "http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9338475562447655&output=html&h=90&slotname=4142116991&w=728&lmt=1273762364&flash=10.0.45&url=http%3A%2F%2Fwww.cybernations.net%2Fnation_drill_display.asp%3FNation_ID%3D387290&dt=1273762364375&shv=r20100422&correlator=1273762364378&frm=0&ga_vid=625284967.1267506638&ga_sid=1273762364&ga_hid=1587994073&ga_fc=1&u_tz=-240&u_his=10&u_java=1&u_h=1050&u_w=1680&u_ah=1050&u_aw=1680&u_cd=24&u_nplug=6&u_nmime=75&biw=1663&bih=977&eid=33895100&ref=http%3A%2F%2Fwww.cybernations.net%2Ftrade_information.asp%3FNation_ID%3D34805&fu=0&ifi=1&dtd=65&xpc=FWIabVLvlb&p=http%3A//www.cybernations.net"
a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus] was found.
Action taken: Blocked file[/code]

Link to comment
Share on other sites

[quote name='admin' date='03 May 2010 - 03:56 PM' timestamp='1272920147' post='2285281']
If you see this issue pop up again please post as much information as possible, take screenshots, and record the exact URL that the infected ad is pointing to. (You can right click and get the image URL/Shortcut without actually clicking on the link.)
[/quote]
^ This information is required if you get a virus popup from an ad.

Link to comment
Share on other sites

Strange, happened immediately when I returned to page 1490 of the Sanction Race Thread. ([url=http://forums.cybernations.net/index.php?showtopic=11169&st=29780]Linky[/url])

[img]http://img257.imageshack.us/img257/2239/29944800.png[/img]

Sporting an updated Chrome currently.

E: Also, this [u]only[/u] happens on that page, the one before and after it never occurs on.

Edited by lonewolfe2015
Link to comment
Share on other sites

[quote name='lonewolfe2015' date='19 May 2010 - 05:57 PM' timestamp='1274306249' post='2303743']
Strange, happened immediately when I returned to page 1490 of the Sanction Race Thread.

Sporting an updated Chrome currently.
[/quote]
Chrome is evidently unequipped to handle the Sanction Race's level of Amazing. :awesome:

It could be either be an ad or someone's avatar/sig - most likely the former, as I just went there and didn't get any warning of my own.

Do you remember what ad was on either of those pages when you clicked?

Edited by Gopherbashi
Link to comment
Share on other sites

Got hit by some kind of trojan when i opened up last page of [url="http://forums.cybernations.net/index.php?showtopic=86173&st=140"]link[/url] java opened up and installed some sort of rogue antivirus software.

Link to comment
Share on other sites

[quote name='Stealth' date='24 May 2010 - 06:39 PM' timestamp='1274751580' post='2310744']
Got hit by some kind of trojan when i opened up last page of [url="http://forums.cybernations.net/index.php?showtopic=86173&st=140"]link[/url] java opened up and installed some sort of rogue antivirus software.
[/quote]

I pulled the fake antivirus software off of the CN page the other day as well. (It was an add about books of some sort?) My browser told me that it couldn't play media without me allowing it, which I didn't (who wants to hear an ad?) but then the java thing pops up, and yay! Antivirus System Pro (or whatever version this was) is on my computer, sending scary pop ups all over. Luckily, malwarebytes is awesome. (I cleaned up most of the mess manually, but used malwarebytes to dig up the rootkit. Damn viruses.)

So if google ads has a "make ads suck less" option, now would be the time to use it. ;)

Link to comment
Share on other sites

[quote name='lonewolfe2015' date='20 May 2010 - 07:00 PM' timestamp='1274396441' post='2305906']
Unfortunately, no. Because the moment I clicked to the page Chrome went all doomsday on me and put that screenshot up.
[/quote]
I actually spotted why you we're getting that popup. The error said that the malware was linked to gifup.com. Well, after looking at the two pages you linked, there were gifs hosted at gifup.com.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...