Virus Alert @ tessource.net

[Vythicus]

I got a warning from my antivirustool Kaspersky : :excl: Exploit.JS.ADODB.Stream.ac detected !

I think it comes from the Google Ads .

please check this problem .

thanks

 

Copyright © 2007 Sunbelt-Software.

 

Exploit.JS.ADODB.Stream.ac

Type Malware

Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.

Category Exploit

Category Description An Exploit is software or code that targets security vulnerabilities, usually in the operating system or browser, but may also target vulnerabilities in other programs. Exploits are typically used to install malicious software on the victim's computer without the victim's knowledge or consent. An Exploit may be used to install malware that gives the attacker complete access to and control of the affected computer from a remote location.

Level High

Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.

Advice Type Remove

File Traces

courtesy:

(information source)

 

http://research.sunbelt-software.com/threa...threatid=134748

 

 

 

 

Unfortunately, I don't see very much more information (in english) available about this high threat addvertisment-hijacking virus using the google search engine.

 

It seems other sites are experiencing this virus, and it is related to add hijacking.

 

Dear visitors,

 

this week we got couple reports about strange behaviour of the site - virus alerts, trojan software ads, adult ads, some other crap.

Investigation on this problem resulted in switching off the ads on the site because some individuals or companies managed it to trick our advertiser AdBrite and used its ad feeds to try infecting AH users or to show you some adult crap

AdBrite is informed and I hope they can restore normal ads asap. PartyPoker popups will be removed (at least for now) as well

 

Btw if you work for, own know guys from an advertising company and are interested in up to 2M pageviews daily feel free to contact us since we won't be able to stay long without ads, 01.04 is payday :(

 

 

 

 

Posted by :: amir28 | Date :: Mar 24, 2007 19:23:25

Kaspersky had detected this virus automatically installed from this site - wnset.exe

and many javascripts - adwares!

 

 

 

 

Posted by :: italogreco | Date :: Mar 24, 2007 19:23:47

Sorry you have to find a new advertiser - but very glad you've dropped the previous one - the popups and unexpectly nasty adult pages were a real problem this week.

 

Personally, I can't stand - and don't trust any adds that play sounds or try to steal focus, or try to trick me into accidentally clicking. Avoid like the plague at all costs. Since I joined a few days ago, I constantly win free iPods, and the add can't wait to tell me this through my sound card.

 

I'm new, but I really like this site. Hopefully, I don't have, and won't get any viruses here.

 

I wonder if a new advertiser is an option. I hope I have been helpful.

 

-Vythicus.

 

 

Error404, can you give us any information on how to remove the virus? Registry names, cntrl-alt-delete, search keywords, system folders, etc.? If I had something to go on, I could quickly see if I have any of the files, and delete them immediately.

 

Thanks!

[Vagrant0]

 

While I don't know offhand how effective it is, I use spybot with resident to keep me safe when browsing, run norton scans weekly, or after I happen upon any of the more shady places online. I also have ad-aware which I run occasionally to catch anything that was missed by either. So far as I know, I havn't had any problems after using this arrangement. Spybot is multi-lingual and is suggested for pretty much everyone with an internet connection, it just saves you from alot of the typical garbage.

[Vythicus]

 

While I don't know offhand how effective it is, I use spybot with resident to keep me safe when browsing, run norton scans weekly, or after I happen upon any of the more shady places online. I also have ad-aware which I run occasionally to catch anything that was missed by either. So far as I know, I havn't had any problems after using this arrangement. Spybot is multi-lingual and is suggested for pretty much everyone with an internet connection, it just saves you from alot of the typical garbage.

Yea, I think I was using that in the past.

 

Ad aware SE, and also some beta from MS. But I haven't been connected to the internet for like 6 months, so everything is uninstalled an out of date. Thanks for the reminder about good software.

 

Lately, I've just been checking the registry, haven't really had much problems in about 8 years. Keeping your OS and browser up to date is crucial.

 

I downloaded something free called RegCleaner, I like that.

 

It pretty much tells on spammy software, and narcs them all out. You just click on the names of stuff that you didn't give permission to, or don't like, and hit remove. Remove Programs command in Control panel as well.

 

-V

[Error404NotFound]

I use Kasperksy Antivirus & Spybot S&D to clean up my System .

The "Virus" was killed by Kaspersky .

sorry but i don't have the regkey where the file is located :(

[Dark0ne]

I can't replicate the problem; but then again; I'm not going to install either of the two programs you mentioned in order to try it out. Doesn't flag anything on my IE/FF and AVG rig, so I think I'll leave it at that.

[ShaggyMonster]

Hmmm,

 

Recent access to your site has shown 2 new undesirable behaviours:-

 

1) Cookies from Adverts I suspect forcing a pop up to another site, even when blocked ... Not good.

2) I work in IT and my computer is shielded to the max before you ask ...

3) Uploading files are becoming very problematic, being a registered supporter this is particularly dissapointing.

 

Sorry Guys,

 

Regards

 

Shaggy

[Dark0ne]

Can you go into any more detail?

[ShaggyMonster]

Can you go into any more detail?

 

Hi,

 

Yes the first problem relates to:- http://forum.gamingsource.net/index.php?sh...4544&st=10#

 

The second is related to:- the pop ups etc, I have read your feedback about the offending adverts so I will post you again if the problem returns ...

 

Regards

 

Shaggy

[LHammonds]

I've recently (in the last week) had my browser "hijacked" when visiting tessource.net even when I'm logged in (as opposed to viewing the site in guest-mode).

 

My homepage is set to TESSource Latest Files but every once in a while, the page gets re-directed to this page

 

I use Firefox 2.0.0.3 and have multiple tabs set as my homepage and TESSource is the only one that jumps to a completely different site. I assume it's related to ads.

 

LHammonds

[Timeslip]

The redirects are due to the script 'http://url.cpvfeed.com/inter/inter.js?p=111582' which seems to have been added to every page on tessource.net. It redirects once every few page views.

 

function doInter ()
{

       var inter_url = 'http://' + inter_domain + '/inter/fs.jsp?p=' + cpv_inter_partnerId + '&pn=' + escape(cpv_inter_partnerName) + '&a=' + escape(inter_advertiserId) + '&back=' + escape(cpv_inter_back) + '&k=' + escape(inter_selectedKeyword) + '&lid=' + escape(inter_selectedListingId) + '&c=' + escape(cpv_inter_section) + ',' + escape(document.location) + '&aid=' + escape(cpv_inter_aid) + '&default=' + escape(cpv_inter_default) + '&time=' + ((typeof(cpv_inter_time)=='undefined')?'0':cpv_inter_time);
       createCookie("aon_inter", pagecount + 1, 1);
       document.location = inter_url;
}

 

I'd assumed it was legitimate, although googling cpvfeed doesn't make for very encouraging reading...