Trojans on the site

teloiv / 1 decade ago (18 May 2005 09:59)

Sad whenever i went to download a skin that was a .swx(i think .. not about to download one to find out as they´re infected) , it had 5-6 different trojans. not sure if it was known or not, but i felt i should post this ..


as well as installing the trojans, it installed several spyware, and a download bar that automatically installed more spyware..


oh.. the .zip files appear to be safe to download though .. havent opened them, as im afraid that they have the spyware and trojans as well.



Post replies:


1 decade ago (19.05.2005 04:30)
Reply by: Snowman
Could you post links to those possibly infected?
If these indeed are infected, we´ll have them removed!
1 decade ago (19.05.2005 04:31)
Reply by: Snowman
(links to ´rate´ page, not the actual download links)
1 decade ago (03.06.2005 02:56)
Reply by: Animus
Whenever I VISIT the site, I get two Norton Antivirus alerts, saying that this has site infected my computer with Trojan.Alwayup - it can´t repair the two infected files, so it deletes them (I get an error message saying access was denied, but I confirm and the files are in fact deleted)

[LINK]
1 decade ago (03.06.2005 11:14)
Reply by: mikelly
Snowman it happens when skinbase loads,You don´t have to download a thing!
1 decade ago (10.06.2005 07:38)
Reply by: Animus
It happens about every three or four times I load skinbase - Norton catches it every time, so I´m never infected, but it´s one of your sponsors´ sites - a popup site. I saved the source file of one of the skinbase pages that did it (it´s your .html in a text file) so you could look at it yourself. It´s one of the sponsors on that page.

[LINK]

Hope it helps. I tried to trace it with the .HTML banners. but if it´s one of the shockwave/flash banners, I´m not sure how to trace it.

HTH
1 decade ago (10.06.2005 11:37)
Reply by: Animus
Don´t know if this helps, but this is the path/name of the virus (prior to detection and deletion):

C:\Documents and Settings\Animus\Local Settings\Temporary Internet Files\Content.IE5\E5S7APA9\aun_0018[1].exe

It´s a trojan called "AlwayUp":

[LINK]

If I can figure out how to trace the offending sponsor, I´ll post it here.
1 decade ago (10.06.2005 06:29)
Reply by: initiatedsean441
you may be onto something Animus because for at least the last week or so, I have to retry 3 times to get the Skinbase logon page to come up & ditto for the "latest uploads" link.....it has made me wonder if my Freedom Security & Spyware Doctor filters are working overtime for the pages to take so long to load.....this doesn´t occur at DeviantART or WinCustomize.....ArtUproar is another site I suspect of Trojans & Spyware as my Spyware app always used to catch things from that site so I stopped dropping by there quite some time ago
1 decade ago (22.04.2006 09:18)
Reply by: MountainHawk
What concerns me currently is the adware being put in my computer by the pop ups on here....or pop unders. I have firefox which blocks a lot but there are some pop unders from fast click and tribalfusion and casalmedia that are still getting through. My antispyware is constantly dumping stuff out of my computer from them. It will not stop me coming here and I recognise the need for revenue for the site....just thought you should know that some of your revenue providers are not playing particularly fair.
1 decade ago (22.04.2006 01:51)
Reply by: P1Guy
BASTARDS, that´s what they are... BASTARDS... hahaha i hate spammers and spyware, and trojans. These people should be thrown in jail LOL
1 decade ago (22.04.2006 02:43)
Reply by: sed
Hasnt happened here .... YET, I had my norton check one of MY uploads once but it was virus free, Just curious that Norton is. But thats good. Cool
1 decade ago (22.04.2006 03:23)
Reply by: MountainHawk
If you have Zone Alarm sed you will catch more. I ditched Norton after their 2005 Systemworks fiasco. These pop up spyware dumps show up in adaware and in Superanti spware logs. Sentinel picks them up too and remove it pro.
1 decade ago (22.04.2006 04:48)
Reply by: saalien
I use Trend PC Cillin internet security 14 and it´s brilliant, but for back up I also have spybot and spybot - sd resident and spywareblaster, so far these have stoped all from infecting my comp, I update then all the time and Trend runs in real time checking. Plus I run Spybot once a week and so far my comp is fine.. If you come across this one be very careful it´s really bad !!! I got this info from a stationery site I´m a member of and it´s saved me a couple of times when the thing popped up.

Scumware/Scamware Warning
\"WinFixer\" AKA \"ErrorFree\"
Windows All Versions

We\´ve recently (and unfortunately) stumbled upon another Internet scam, this one called \"WinFixer\" (AKA \"ErrorFree\"). Rarely have we encountered such a misleading advertisement or a more persistent attempt at installing software without meaningful user consent. Recognizing this malware product is the most important defense you have against it, so please visit this page (ErrorFree).[LINK] to read this very important alert and tip including actual screen shots of our encounter with \"WinFixer\"
1 decade ago (22.04.2006 06:08)
Reply by: MountainHawk
Spybot should show then too. I have that and it cleans them off. Watch out for Spyguard and SpyAxe.When I came in here just now...casalmedia tried to download an swf file onto my computer. I blocked that pretty easily.
1 decade ago (22.04.2006 06:10)
Reply by: MountainHawk
Spybot should show then too. I have that and it cleans them off. Watch out for Spyguard and SpyAxe.When I came in here just now...casalmedia tried to download an swf file onto my computer. I blocked that pretty easily.
1 decade ago (23.04.2006 05:47)
Reply by: MountainHawk
The url´s showing up in Spybot are fastclick.net and target.net.
1 2