virus on I1WQR webiste ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
FYI

DO NOT add your website on I1WQR listing, there is a worm (virus) attached
to the form according to kapersky anti-virus
-- http://***www.i1wqrlinkradio.com/form.htm***


Thierry


Re: virus on I1WQR webiste ?

From: <Thierry>

| FYI
|
| DO NOT add your website on I1WQR listing, there is a worm (virus) attached
| to the form according to kapersky anti-virus
| -- http://***www.i1wqrlinkradio.com/form.htm***
|
| Thierry

This is what I got when I submitted form.htm to Virus Total.

Complete scanning result of "form.htm", processed in VirusTotal at 12/05/2006
01:45:49
(CET).

[ file data ]
* name: form.htm
* size: 7951
* md5.: 3622da73ad0ba2641d42575fe3a4c9c9
* sha1: b361bb70ee69a61b30b9ba2986d0e763e112f70a

[ scan result ]
 AntiVir 7.2.0.46/20061204 found nothing
Authentium 4.93.8/20061204 found nothing
Avast 4.7.892.0/20061204 found nothing
AVG 386/20061204 found nothing
BitDefender 7.2/20061204 found nothing
CAT-QuickHeal 8.00/20061204 found nothing
ClamAV devel-20060426/20061204 found nothing
DrWeb 4.33/20061204 found nothing
eSafe 7.0.14.0/20061203 found nothing
eTrust-InoculateIT 23.73.75/20061203 found nothing
eTrust-Vet 30.3.3230/20061204 found nothing
Ewido 4.0/20061204 found nothing
F-Prot 3.16f/20061204 found nothing
F-Prot4 4.2.1.29/20061204 found nothing
Fortinet 2.82.0.0/20061204 found nothing
Ikarus 1.0.26/20061204 found nothing
Kaspersky 4.0.2.24/20061205 found [Email-Worm.VBS.Lee]
McAfee 4910/20061204 found nothing
Microsoft 1.1804/20061204 found nothing
NOD32v2 1899/20061204 found nothing
Norman 5.80.02/20061204 found nothing
Panda 9.0.0.4/20061203 found nothing
Prevx1 V2/20061205 found nothing
Sophos 4.12.0/20061204 found nothing
Sunbelt 2.2.907.0/20061130 found nothing
TheHacker 6.0.3.128/20061204 found nothing
UNA 1.83/20061204 found [I-Worm.Lee]
VBA32 3.11.1/20061204 found nothing
VirusBuster 4.3.15:9/20061204 found nothing

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: virus on I1WQR webiste ?


David H. Lipman ha scritto:

Quoted text here. Click to load it

Riccardo
webmaster of. http://www.i1wqrlinkradio.com
in that file there isn't any virus.
The file is only crypted.


Re: virus on I1WQR webiste ?




| Riccardo
| webmaster of. http://www.i1wqrlinkradio.com
| in that file there isn't any virus.
| The file is only crypted.


It was a False Positive and was corrected.  Please read the whole thread.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: virus on I1WQR webiste ?


David H. Lipman ha scritto:

Quoted text here. Click to load it

Riccardo.D
SPAM PREVENTION
the "form.htm" be "crypted soft/antispam" for protect my email address.

Quoted text here. Click to load it


Re: virus on I1WQR webiste ?

Thierry wrote:
Quoted text here. Click to load it
=========
From: http://virusscan.jotti.org /

File:     form.htm
Status:     INFECTED/MALWARE
MD5     4d18167c92330dd330be543e2c6e2461
Packers detected:
-
Scanner results
AntiVir                      Found nothing
ArcaVir                    Found HTML.JScript.Lee
Avast                       Found nothing
AVG Antivirus           Found nothing
BitDefender               Found nothing
ClamAV                    Found nothing
Dr.Web                     Found nothing
F-Prot Antivirus          Found nothing
F-Secure Anti-Virus     Found Email-Worm.VBS.Lee
Fortinet                      Found nothing
Kaspersky Anti-Virus   Found Email-Worm.VBS.Lee
NOD32                       Found nothing
Norman Virus Control   Found nothing
VirusBuster                 Found nothing
VBA32                        Found nothing
===========


Re: virus on I1WQR webiste ?


| Thierry wrote:
Quoted text here. Click to load it
| =========
| From: http://virusscan.jotti.org /
|

< snip >

I had the form.htm file decoded.  Nothing in it looks malicious at all and it
diplays the
same submission form as the original HTML page only it is humanly readable.

It appears that this is a False Positive declarartion.

If anyone wants to see the decoded HTML, I posted it in
news:alt.binaries.comp.virus
under the same named subject "virus on I1WQR webiste ?"

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: virus on I1WQR webiste ?

Strange results using Google.  I cut and pasted the result
Email-Worm.VBS.Lee in Google (while on the group search page) and just
got one hit.  I then clicked on the Web button and got:
==============
    We're sorry...

    ... but your query looks similar to automated requests from a
computer virus or spyware application. To protect our users, we can't
process your request right now.

    We'll restore your access as quickly as possible, so try again
soon. In the meantime, if you suspect that your computer or network has
been infected, you might want to run a virus checker or spyware remover
to make sure that your systems are free of viruses and other spurious
software.

    We apologize for the inconvenience, and hope we'll see you again on
Google.
============

If I am on the Google web search page I can cut and paste it in (or
type it I guess) and it returns the hits, and I can flip back from
groups search to web search.   If I cut and paste on the group search
first, I cannot use the web search as I get the above error.     Bug in
Google I guess.


Site Timeline