|
Posted by Virus Guy on April 12, 2006, 9:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
Has anyone ever had the experience that their AV software has alerted
them to *something*, in real time, as you were accessing a web site
(ie surfing the net)? Perhaps the *something* was found in the
browser or java cache, or a malicious plug-in (direct-x, etc)?
I'm talking real-time here, not something that was detected as a
result of a scheduled or manual scan.
I'm not talking about a browser re-direct, pop-up, or a screwy/invalid
certificate, or a cookie. I'm talking bona-fide browser exploit,
virus, trojan, worm, jpeg/wmf thing, etc, that results in code
download/execution, privledge elevation, etc.
|
|
Posted by Peter Zwitser on April 12, 2006, 10:06 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> Has anyone ever had the experience that their AV software has alerted
> them to *something*, in real time, as you were accessing a web site
> (ie surfing the net)? Perhaps the *something* was found in the
> browser or java cache, or a malicious plug-in (direct-x, etc)?
>
> I'm talking real-time here, not something that was detected as a
> result of a scheduled or manual scan.
>
> I'm not talking about a browser re-direct, pop-up, or a screwy/invalid
> certificate, or a cookie. I'm talking bona-fide browser exploit,
> virus, trojan, worm, jpeg/wmf thing, etc, that results in code
> download/execution, privledge elevation, etc.
>
Yes, several times. Because of the work I do I have to go quite often to
very dubious sites. Several times Avast! asked permission to cut a
connection because some site tried to install some trojan, without
clicking on anything, just by visiting the site. This were (of course)
mainly pornsites of the worst kind.
Peter
|
|
Posted by Art on April 12, 2006, 1:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>>
>> Has anyone ever had the experience that their AV software has alerted
>> them to *something*, in real time, as you were accessing a web site
>> (ie surfing the net)? Perhaps the *something* was found in the
>> browser or java cache, or a malicious plug-in (direct-x, etc)?
>>
>> I'm talking real-time here, not something that was detected as a
>> result of a scheduled or manual scan.
>>
>> I'm not talking about a browser re-direct, pop-up, or a screwy/invalid
>> certificate, or a cookie. I'm talking bona-fide browser exploit,
>> virus, trojan, worm, jpeg/wmf thing, etc, that results in code
>> download/execution, privledge elevation, etc.
>>
>Yes, several times. Because of the work I do I have to go quite often to
>very dubious sites. Several times Avast! asked permission to cut a
>connection because some site tried to install some trojan, without
>clicking on anything, just by visiting the site. This were (of course)
>mainly pornsites of the worst kind.
I'll ask you the same question I just asked David. Is this just with
IE, and with what IE security settings?
Art
http://home.epix.net/~artnpeg
|
|
Posted by David H. Lipman on April 12, 2006, 10:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
|
| Has anyone ever had the experience that their AV software has alerted
| them to *something*, in real time, as you were accessing a web site
| (ie surfing the net)? Perhaps the *something* was found in the
| browser or java cache, or a malicious plug-in (direct-x, etc)?
|
| I'm talking real-time here, not something that was detected as a
| result of a scheduled or manual scan.
|
| I'm not talking about a browser re-direct, pop-up, or a screwy/invalid
| certificate, or a cookie. I'm talking bona-fide browser exploit,
| virus, trojan, worm, jpeg/wmf thing, etc, that results in code
| download/execution, privledge elevation, etc.
Yes.
Here are 2 log snippets of going to malicious web sites...
9/25/2005 8:19:54 AM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
Files\Content.IE5\WCZFECUD\index[1].htm Downloader-AEH
9/25/2005 8:19:56 AM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
Internet Files\Content.IE5\WCZFECUD\ysb_regular[1].cab\YSB_REGULAR[1].CAB
Adware-ISTbar
9/25/2005 8:20:04 AM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
Internet Files\Content.IE5\FZ4HCZOS\pcs_0002[1].exe\PCS_0002[1].EXE
Downloader-AAI
9/26/2005 1:27:28 PM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
Files\Content.IE5\WCZFECUD\you[1].htm JS/Spawn
9/26/2005 1:27:28 PM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
Internet Files\Content.IE5\WCZFECUD\you[1].js JS/Winbomb
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Art on April 12, 2006, 1:08 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>|
>| Has anyone ever had the experience that their AV software has alerted
>| them to *something*, in real time, as you were accessing a web site
>| (ie surfing the net)? Perhaps the *something* was found in the
>| browser or java cache, or a malicious plug-in (direct-x, etc)?
>|
>| I'm talking real-time here, not something that was detected as a
>| result of a scheduled or manual scan.
>|
>| I'm not talking about a browser re-direct, pop-up, or a screwy/invalid
>| certificate, or a cookie. I'm talking bona-fide browser exploit,
>| virus, trojan, worm, jpeg/wmf thing, etc, that results in code
>| download/execution, privledge elevation, etc.
>
>Yes.
>
>Here are 2 log snippets of going to malicious web sites...
>
>9/25/2005 8:19:54 AM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
>Files\Content.IE5\WCZFECUD\index[1].htm Downloader-AEH
>9/25/2005 8:19:56 AM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
>Internet Files\Content.IE5\WCZFECUD\ysb_regular[1].cab\YSB_REGULAR[1].CAB
Adware-ISTbar
>9/25/2005 8:20:04 AM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
>Internet Files\Content.IE5\FZ4HCZOS\pcs_0002[1].exe\PCS_0002[1].EXE
Downloader-AAI
>
>
>9/26/2005 1:27:28 PM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
>Files\Content.IE5\WCZFECUD\you[1].htm JS/Spawn
>9/26/2005 1:27:28 PM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary
>Internet Files\Content.IE5\WCZFECUD\you[1].js JS/Winbomb
What happens when you don't use IE, or disable scripting and axtivex
in IE? Do you still get the alerts?
Art
http://home.epix.net/~artnpeg
|
| Similar Threads | Posted | | Plenty of trojans found in Sun Java cache | July 2, 2005, 3:42 pm |
| Symantec Realtime Protection Issue | July 21, 2005, 4:15 pm |
| Realtime Antivirus - Speed comparisons. | December 8, 2005, 11:51 am |
| Demo - Venak and Avenak Detection Malware Scanner (MPS Edition) | December 15, 2007, 9:34 am |
| New Venak and Avenak Detection Malware Scanner MPS Edition Video | July 21, 2008, 12:48 pm |
| Trend Micro stops web browsing | May 27, 2008, 8:37 am |
| [NOD32] I get Java/ClassLoader.B trojan ..&.. Java/Exploit.Bytverify trojan | June 13, 2005, 3:30 pm |
| ePolicy Orchestrator 3.5 hangs when browsing Domain controller properties | January 26, 2006, 5:18 am |
| Something is changing IP addresses in DNS cache | November 20, 2006, 4:53 pm |
| AVG file cache location under XP? | September 14, 2007, 5:29 am |
|
XML site map