!!!Toxic Download Warning!!!

[Maxxwire]

I have struggled with this for several days now, but for the sake of the 1,000's and 1,000'S of people who viewed and may have downloaded one of the JD folders that jjj posted on theProxomitron Thread it is with heavy heart that I must report the results of an A-Squared scan I did of the very last Proxomitron Portable App folder that was hiding in a 'Trash' folder on a USB Drive long after I had shredded all of the other copies of it.

 

Fortunately as jjj edited his first post on the thread to say... "ok now you know i have edit this to the last post" and then later in the thread "i have clean up be hide my self posts made stop kiddies from knowing to much" he did remove this toxic folder from the thread soon after I and possibly many others had downloaded it, but out of concern for others who may also have been following his instructions on how to use Proxomitron along with the many folders that need to be downloaded to allow it to run at its best I am posting the results of the scan below...

 

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Album%202/A-DataScan24Trojans2009-12-29.png

 

a-squared Free - Version 4.5

Last update: 12/29/2009 1:29:28 PM

 

Scan settings:

 

Scan type: N/A

Objects: F:\

Scan archives: On

 

Heuristics: Off

ADS Scan: On

 

Scan start: 12/29/2009 10:50:46 PM

 

F:\Trash\Proxo New 1\help\An Introduction To Text Matching.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT2.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT3.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT4.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT5.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Configuration Dialog.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Default Header Filters.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Default Web Filters.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Disorientation.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\External Proxy Dialog.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\FAQ.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Limitations.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Log.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Mainscreen.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Character Reference.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Commands.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Rules.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Test Window.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Tips And Tricks.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\URL Commands.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Web Page Filter Editor.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Web Page Filters.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Whats New.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Workings.html detected: Trojan-Downloader.JS.Iframe!IK

 

I am quite ashamed and embarrassed to post these results, but during that time in mid December when this file for Proxomitron containing these 24 Trojans was posted there were over 1,000 viewings of the thread each day and over concern for those others who may have trusted jjj as I did and downloaded this file I am reluctantly exposing my own lack of security precautions with this USB portable app which eluded Comodo HIPS detection and all main drive scans at the time as I made the mistake of assuming what I was being given to download was clean and safe by a trusted member of this community.

 

~Maxx~

[titou56]

Hi Maxxwire

 

I am glad to see your come back.

 

Thanks for the report.

 

Best regard

[solbjerg]

Hi Maxx

Thanks for the report

It may have been a legitimate mistake by jjj

- I would like an understandable explanation from you jjj!

 

Another thing is that especially the Lounge section - where a lot of applications are discussed is a place where one has to be extra careful - we (administrators) do not have the time to check every application that are being discussed.

But it was precisely this type of situation that made me call for less direct links in the posts.

Cheers

solbjerg

 

 

I have struggled with this for several days now, but for the sake of the 1,000's and 1,000'S of people who viewed and may have downloaded one of the JD folders that jjj posted on theProxomitron Thread it is with heavy heart that I must report the results of an A-Squared scan I did of the very last Proxomitron Portable App folder that was hiding in a 'Trash' folder on a USB Drive long after I had shredded all of the other copies of it.

 

Fortunately as jjj edited his first post on the thread to say... "ok now you know i have edit this to the last post" and then later in the thread "i have clean up be hide my self posts made stop kiddies from knowing to much" he did remove this toxic folder from the thread soon after I and possibly many others had downloaded it, but out of concern for others who may also have been following his instructions on how to use Proxomitron along with the many folders that need to be downloaded to allow it to run at its best I am posting the results of the scan below...

 

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Album%202/A-DataScan24Trojans2009-12-29.png

 

a-squared Free - Version 4.5

Last update: 12/29/2009 1:29:28 PM

 

Scan settings:

 

Scan type: N/A

Objects: F:\

Scan archives: On

 

Heuristics: Off

ADS Scan: On

 

Scan start: 12/29/2009 10:50:46 PM

 

F:\Trash\Proxo New 1\help\An Introduction To Text Matching.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT2.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT3.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT4.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\CfgT5.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Configuration Dialog.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Default Header Filters.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Default Web Filters.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Disorientation.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\External Proxy Dialog.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\FAQ.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Limitations.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Log.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Mainscreen.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Character Reference.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Commands.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Rules.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Matching Test Window.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Tips And Tricks.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\URL Commands.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Web Page Filter Editor.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Web Page Filters.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Whats New.html detected: Trojan-Downloader.JS.Iframe!IK

F:\Trash\Proxo New 1\help\Workings.html detected: Trojan-Downloader.JS.Iframe!IK

 

I am quite ashamed and embarrassed to post these results, but during that time in mid December when this file for Proxomitron containing these 24 Trojans was posted there were over 1,000 viewings of the thread each day and over concern for those others who may have trusted jjj as I did and downloaded this file I am reluctantly exposing my own lack of security precautions with this USB portable app which eluded Comodo HIPS detection and all main drive scans at the time as I made the mistake of assuming what I was being given to download was clean and safe by a trusted member of this community.

 

~Maxx~

[Melvin_Deal]

Hi Maxx!!

 

Thanks for the post!!!

 

Keep in mind they are cumulative viewings(post tallys and all that)! As well, that a "view" is not also a download or subsequent infection... and that the "views" come mostly through search engines. (anybody can search)

 

The reality of complete virtualization within our OS is limited. Even posted it.

"keep your guard up"

 

Hope you still have my PM with my personal information on it?!

 

You push the limits, and bear the price of that! I admire and appreciate this within you.. as well as the other forum members here.

 

Felt kind of safe in the sandboxie did you? Maybe a good thing there was a crack in the box...

 

 

I'm just saying Maxx, that you are appreciated by me... here in this forum... as that's all I have of you! You have broadened my knowledge!!!

 

Thx 4 pstng bak

 

Sincerely.... Mel

[solbjerg]

Hi Mel

It is true that the link in itself - unless it is an .exe file poses no direct threat except for spyware or adware or other malware, but the less direct link will give you a few seconds to think and consequently possibly choose the most prudent course of action.

My only point!

Cheers

solbjerg

 

 

Thanks for the post!!!

 

Keep in mind they are cumulative viewings(post tallys and all that)! As well, that a "view" is not also a download or subsequent infection... and that the "views" come mostly through search engines. (anybody can search)

 

The reality of complete virtualization within our OS is limited. Even posted it.

"keep your guard up"

 

Hope you still have my PM with my personal information on it?!

 

You push the limits, and bear the price of that! I admire and appreciate this within you.. as well as the other forum members here.

 

Felt kind of safe in the sandboxie did you? Maybe a good thing there was a crack in the box...

 

 

I'm just saying Maxx, that you are appreciated by me... here in this forum... as that's all I have of you! You have broadened my knowledge!!!

 

Thx 4 pstng bak

 

Sincerely.... Mel

[usefullll]

Thanks for posting well it's best to check the website before posting to others :-P

[itsmejjj]

glad ta see ya back!

 

ok now you did received JD files is that right? in a zip file?

so what ever you are using or downloaded from the net drop not blame me as a attacker on your pc! your last post was damming .and this is bull dust!

i assumed you were more clever .and read every post carefully!

now coming up with this ? ok say thy were as you showed meaning my system must be fuel up with viruses.,? that leak out info

according to your posts...

so you are sure it JD 5000..? and not some other file? that you scanned!

you are very sure?

so the next scan you post MAKE sure thy read as "JD" files ---and not JS

these files belong to sidki !!! you downloaded -- ok!

i assume you scan all your files before you use them?

 

there are 5 different makers of the files .now its not my responsibly what you download! -i did a check and as far as my scans from the site posted for me ta check them thy were clean! if thy were dirty i would use them?

i was asked to check this first that i did and the site passed them as clean!

itsmejjj

 

so what is this all about you think i do not know this program..

and its files? --JACKS,sidki,jd,shoning knife are all different makers

and there file are clean...you downloaded a bad file and then attempt ta point it this way!now seeing how silly the hacker story is ,lets try this one?

bull --the site passed them as clean the one i posted!!!!

 

 

 

http://forums.iobit.com/showthread.php?t=5466

 

i posted it here --check it your self!

 

 

"""""""i think i worked this out thy are clean....

ok i did this ta show and rest all for peace of mind -only thing i want to know

what do thy do with the files sent up?

any one know?

i just feel horrible .sad ,that this has happened..and trying my hardest to fix this..jezus i am no harm to ant one! and the statement ,watch out for this hakker! i after all of you rubbish..must be joking surely..

any how .see what happens .if i get no answer i know where am at

in the dog house!!""""""""""""""""""""""""""""""""

[itsmejjj]

ok that is all i shall say here and if the gent wants ta argu the point .first of all a Apollonian .calling me a hacker that i jjj trying, to bust or tried ta get in his system(hakking?) this is so silly ..

 

i made a statement as asked by the admin.solbjerg.i did this as best i could..

with out losing my self..

itsmejjj

[solbjerg]

Hi jjj

My concern is to clarify how this could have happened.

By using factual information and procedure of applying it from both sides.

And please without name-calling or the like - from both sides as well.

 

I am not calling anyone names!!

Cheers

solbjerg

 

 

ok that is all i shall say here and if the gent wants ta argu the point .first of all a Apollonian .calling me a hacker that i jjj trying, to bust or tried ta get in his system(hakking?) this is so silly ..

 

i made a statement as asked by the admin.solbjerg.i did this as best i could..

with out losing my self..

itsmejjj

[itsmejjj]

Hi jjj

My concern is to clarify how this could have happened.

By using factual information and procedure of applying it from both sides.

And please without name-calling or the like - from both sides as well.

 

I am not calling anyone names!!

Cheers

solbjerg

 

ok i download this thing he used see what it has ta say ! i test all my proxo files and

what ever i have on this program..64 meg of file of downloaded -- .any way --

i see if i am infected? ,funny how av ,says its clean ...and the site as well

what more can i do--

itsmejjj

[itsmejjj]

@@//www.removal-guides.org/ppc/msindex.php?t=Virut

there ya are MAX clean your pc..and do not blame any one els for your carelessness---or goolge the vi rut virus .there are plenty of removal programs

but i do love your fancy post to scare the dickens out of readers ..

it had me going as well till i looked into it..i wasted 80 meg of downloads .for what? something i do not have.and then try to x plane the drama you created!

get your self secure is my advice to you .learn it .if not ask someone to show you how its done!

 

@@//www.virusremovalguru.com/?p=2518

here are a few more ya can use ..just ta be sure ok

 

any how its been a good experience..at least i know 100% we are clean..

as for your 64 meg program you know what ya can do with that!

pass it around to all your friends that downloaded your files.thy gonna need it! you got infected .by something els..running in sand box..and perhaps its dirty .and spreading the virus..

 

now from the hacker -to virus spreader nice try -and its got me thinking how come it took 4 days for this program to pick up this virus.

and then state your comodo did not pick this up? well get rid of it..

it should of rang bells as soon as you opened it up..if that was the case..

do not acted the innocent..and try to make me look silly ..

learn to protect your self..

 

that is according to your dramatic post infected proximate only?

and no other files?

yet only found a few on my test PC...and that is understandably so.and can happen.SO what!

as i load a heap of files and play with them//

 

ehhh nice joke..ah.. but not funny i am not smiling..!

 

this is so childish but was asked to post a reapply with dignity .and not turn it into a drama,,ok that it .i said my bit.

 

learn to look after your self .if you do not know how.get help..

but do not blame other for your over sight..

 

if ya want i can copy past live as the scanning takes place..and all ya see is OK!!!

should of state i did!

 

itsmejjj

[itsmejjj]

now as for vista its a peace of cake to secure took me 2 days! i have it running on my new unit..and it took you how long? i was reading your post that its a long time process..you kidding me ..whats the big deal ? nothing.that's what..

now i back tracked your posts and copy pied them to my drives .and see the Constance changing in your posts .and views.and surly your right to post what you like. as any of us can..nut i see now the lack of pc understanding.that i was thinking as to the fancy wording and the way thy are put across.yes you are a English teacher, there is no doubting this and a really impressive one.. but in my mind here..

and a few people here at home asked .and read the posts ..that as far as securing your system leaves a lot to be desired..and that's ok we cant be smart at every thing..i have stupid ways of expressing what i want to say..but talk security .well i do believe i know a tiny bit ..about it .just to get by..

 

and still finds ways to improve..be it radical...but trust this ..i do not have a mean streak as to hurt any one!

i care not if you be leave this! or what you answer to this..

 

even you i was hoping things were good..but how silly was i to think it would

be..you are who you are....and i must be careful here..

 

i am who i am..--and surely not what you clam.

now you have attacked my 2 times . to try to undermine me..

ok i think its time ta give it up..and stop the drama queen tactics....

 

you are making your self look silly..and contradicting..read your own posts..

 

as i read my ones ..back track them .i wonder where this started ?

 

yes the first time i disagreed with you..ever since then its lets post jjj into the ground! for daring to say different..

 

now if you read my Apollonian you would of been much kinder.

and pm me first..and asked me -if i knew of or ,found something wrong with my file?

 

not your stile is it! no better to wash it in the forum..may get rid of jjj.?

i dislike you very much now !! nothing personal-we are from different side of the street .bub..- and nothing will change that,but i will tolerate .and be nice..as asked.by the admins..and not abuse you in name calling..no mater what you post...and keep my word...not to post to you personally from here on.

this is my last word to you..and sorry its gone this way!

i apologize to every one for this .but thats it..

and take a rest for a few days ,and look for my self...

 

yours truly itsmejjj

[itsmejjj]

I would like an understandable explanation from you jjj!

i asked you if we were allowed to put up zip files..

you anserd ,that i must test this and have proof.i posted this ..as shown .

now thy the site did this as i uploaded the file..

 

and cleared it 100%...plus i used my scanner to be positive!

 

what ever happened i do not know..but if the files were dirty it would of show this to me.i am 100%sure thy are --as shown in the caps..so only thing is he picked up the virus..

the same app i run and no change,it was jd app.i did say to him do not use it till i check it first! now the file js 5000 i have no idea about if he dowloaded

a later or previous version. or what he was using or how many app he merged.

or configured files .any of them may of been dirty? -even i virus..-i would of scanned them first ?

what gave me the shock it grew! never had this happen .or heard of it!

he did post he downloaded files.i know zip all about..

and how many or what thy would of been..now merging files if one is dirty .

well thy spread..

 

i still cannot understand why the second he realize changes were happening.he just let it go? and not kill the app and ask! not let it blow out

--this program cannot grow...bu itself.nor write to itself..just not possible..

if he read the help files one would know this..very simple..

now one would think to ask and not jump to some dramatic conclusion?

and post rubbish!

sorry that all i can answer.as i do not know what happen..to him..

virus wise..now why did i rid it?

i already stated this..and it was for him..i posted its useless to any one if not trying the program..

and to be wary of it till i tested it.....as its a very old set...2002 when it was made.but had very useful set of filters..and not to merge this set with his normal app..we were going to start a new one and slowly learn it from the very first start..

any how its the best i can give you ..

 

 

itsmejjj

[solbjerg]

Hi jjj and Maxx

Where is the "toxic folder" now?

Cheers

solbjerg

 

 

 

I would like an understandable explanation from you jjj!

i asked you if we were allowed to put up zip files..

you anserd ,that i must test this and have proof.i posted this ..as shown .

now thy the site did this as i uploaded the file..

 

and cleared it 100%...plus i used my scanner to be positive!

 

what ever happened i do not know..but if the files were dirty it would of show this to me.i am 100%sure thy are --as shown in the caps..so only thing is he picked up the virus..

the same app i run and no change,it was jd app.i did say to him do not use it till i check it first! now the file js 5000 i have no idea about if he dowloaded

a later or previous version. or what he was using or how many app he merged.

or configured files .any of them may of been dirty? -even i virus..-i would of scanned them first ?

what gave me the shock it grew! never had this happen .or heard of it!

he did post he downloaded files.i know zip all about..

and how many or what thy would of been..now merging files if one is dirty .

well thy spread..

 

i still cannot understand why the second he realize changes were happening.he just let it go? and not kill the app and ask! not let it blow out

--this program cannot grow...bu itself.nor write to itself..just not possible..

if he read the help files one would know this..very simple..

now one would think to ask and not jump to some dramatic conclusion?

and post rubbish!

sorry that all i can answer.as i do not know what happen..to him..

virus wise..now why did i rid it?

i already stated this..and it was for him..i posted its useless to any one if not trying the program..

and to be wary of it till i tested it.....as its a very old set...2002 when it was made.but had very useful set of filters..and not to merge this set with his normal app..we were going to start a new one and slowly learn it from the very first start..

any how its the best i can give you ..

 

 

itsmejjj

[itsmejjj]

"toxic folder" i do not have a file named toxic..--but if its the zipped file you speak of -i can easy make a other one of the files JD --that we are talking about--all i did zip it up posted it.then delited it--i do not need it..

 

 

now since this childish dramatic post -i set upon scanning with AV OK this other peace of junk -froze my systems--any how -with help we scanned every drive--

looking for this virus..and on my test pc found 2 traces of the vi rut virus..and not that shocked..big deal..now -using the remover..that passed --like i stated

i did every thing correct--as instructed with proof of my sent files.that past the scanning site the best on the net for testing a file! (If you are unsure how to upload and scan a file at VirusTotal, see Post# 4 of the thread Guidelines and Requirements for Reporting a False Positive)

 

this i followed strictly and passed 100%

itsmejjj

[itsmejjj]

toxic very dramatics, headings. but sorry members could not find a thing..

i scanned every proxomitron file! i have..

 

 

 

ok that's it i have had it with this! 2 days scanning downloaded 7 different program's

all cleared even with the latest app Trojans root kits virus.on line .

ok i am sick of this!

 

but had ta be sure it was not the files i own!!

ok i have posted this .and take it or leave it!

clean your PC..and do not blame any one els for your carelessness or over sight!

what ever you down load .check it before ya use it!!

i do not care where or whom ya get it from! .than learn ta use it properly!

know what you do! and are about to risk..nothing is safe or 100% sure!

read.read some more ,study,and read again..then be carefuller what ya merge,understand what it is,and will,do

 

-open the main help page reread it! before ya start pointing!!!

this cannot edit out side its directory! or write to itself..

and running it in sand box WAS STUPID ya exposed it! and let something attached itself to the 1 and only EXE file!!! and spread ..

now one last comment..get a decent fire wall..and apps .instead of that bloated peace of junk ..

that saw nothing! learn what ports ta block.and what apps are allowed ta run on the net .ZERO bar 1 the browser! and that is only at access and not sever rights!

read and study!

ok i did took me just 1 hour ta get it running! the first time i used it..

then started to study it ...and now a almost expert!

kids 8 years old run this ,easy as pie! thy keep saying!

i teach kids 2 times a week of PC stealthiness! and thy love it!

 

ok i hope this rest this .any how its not there now --but if any one wants it and trust its files i shall point you to its link .what i should of done in the first place!!

but was thinking it easier from here .that was my silly error!

never again

 

itsmejjj

[So_sad]

Hello folks,

 

Yeah it's me again. I shouldn't be posting, but like solbjerg said in another thread, this place is like The Hotel California... lol.

 

Just trying to help ; promise.

 

I have tried to read all of jjj's posts but my head hurts. So I may have missed a few details along the way, but I did read "Virut", and jjj says it's no big deal. Well, it is a big deal. Virut is a PE infector, one of the worst of all times. It spreads through executable files like cancer. Difficult to remove cleanly, but not impossible. When Virut installs, it brings over many friends which are backdoors, some very difficult to remove. But anyway... one more important thing about Virut : it infects web pages (.htm, .html, .php and .asp) with an iFrame. Anybody with web pages stored on an infected machine will have all their pages infected. These infected pages infect computers that go to these pages, on the web (the iFrame exploit), so Virut would now spread to executable files.

 

That said, I don't know how/when these downloads took place and from where, but if Virut was present on a machine hosting these files, then any executable file included would have been possibly infected. If the web page contained the iFrame, then anybody going there without proper protection could have gotten infected.

 

Virut infected machines are often formatted, unless you know what you are doing when trying to clean them. Formatting can fail if infected files are backed up and re-introduced (web pages included).

 

Sounds like fun, right ? I'm not saying jjj infected anyone, because I don't have the facts. And I don't really care anyway ;)

 

Hope this helps. Hope you could hear me through all this noise..

[solbjerg]

Hi so_sad

Thanks for your input. It is appreciated!

Greetings

solbjerg

 

Hello folks,

 

Yeah it's me again. I shouldn't be posting, but like solbjerg said in another thread, this place is like The Hotel California... lol.

 

Just trying to help ; promise.

 

I have tried to read all of jjj's posts but my head hurts. So I may have missed a few details along the way, but I did read "Virut", and jjj says it's no big deal. Well, it is a big deal. Virut is a PE infector, one of the worst of all times. It spreads through executable files like cancer. Difficult to remove cleanly, but not impossible. When Virut installs, it brings over many friends which are backdoors, some very difficult to remove. But anyway... one more important thing about Virut : it infects web pages (.htm, .html, .php and .asp) with an iFrame. Anybody with web pages stored on an infected machine will have all their pages infected. These infected pages infect computers that go to these pages, on the web (the iFrame exploit), so Virut would now spread to executable files.

 

That said, I don't know how/when these downloads took place and from where, but if Virut was present on a machine hosting these files, then any executable file included would have been possibly infected. If the web page contained the iFrame, then anybody going there without proper protection could have gotten infected.

 

Virut infected machines are often formatted, unless you know what you are doing when trying to clean them. Formatting can fail if infected files are backed up and re-introduced (web pages included).

 

Sounds like fun, right ? I'm not saying jjj infected anyone, because I don't have the facts. And I don't really care anyway ;)

 

Hope this helps. Hope you could hear me through all this noise..

[itsmejjj]

hi to you

Formatting can fail if infected files are backed up -really ?

how silly of me not to know this..

 

but I did read "Virut", and jjj says it's no big deal. Well, it is a big deal.

yes -when i stated no big deal -and its on my or was test pc and 2 traces were found! ..its gone this is a test pc..never on the net!

only to test--i hope this is not hurting your mind.(joke)

any download get tested first..

sorry for your head ache

and hotel California perhaps! but a fun place

itsmejjj

[So_sad]

Hello ;

 

Fun place ? Perhaps. Never boring : definitely 8-)

 

jjj : Whether you had "traces of Virut" or a boatload of it doesn't really matter, because it was there, and it is a virus so it is capable of replicating itself. Viruts are quick replicators and live in memory.

 

Maxx dude there showed us a-squared detecting iFrames in .html files. Those were probably Virut iFrames right there. Open one of those up and Virut will spread, fast, unless your antivirus knows it and stops it. Comodo can miss this with HIPS, and many antivirus programs miss Virut as well.

 

This download took place many weeks ago, so you've had plenty of time to clean up the box since, and the files. Maxx had the files in a sandbox and nothing there survives a reboot, so I'm thinking his sandbox was clean before he got those files into it.

 

Just my opinion : you did have some Virut infected iFrames when you put that file up for download. Not implying you did any of this on purpose. Your scanners missed it. Rest assured, some Viruts get detected only by one or two antivirus programs sometimes... Kaspersky and Dr.Web are the best against Viruts, usually.

 

By the way : the "JS" in the a-squared detections means "Java Script" and have nothing to do with your "JD" files ;)

 

===

[itsmejjj]

you did have some Vi rut infected i Frames?

emm you have the file ? run it for me and check it thanks

who knows?

 

when you put that file up for download

well not according to the test site thy cleared it.

so i amused it was safe now thank you for your input

but its over as far as i am concerned .weeks? no sir it was 6 days back

when i spotted the drama.i test my systems the rest is posted.

again thanks but not interested to get into a debate .

"if" ------- i had it .i already made my apologizes..

do not post i did ...have it .i siad it was found on my test pc..

i hope you understand ...MY test PC..

itsmejjj

[So_sad]

Like I said jjj, I didn't (couldn't) read everything. Maybe I got the times wrong. Whatever. You've said you had a few detections on your box, right ? Maxx didn't give you those, so you got them somewhere and that's your business.

 

More on what I think : Maxx is pissed and I understand perfectly why. Not because you possibly f**ked up (that can happen to anybody, more or less), but because of your attitude perhaps ? Yelling and screaming you did no wrong while the facts may say otherwise. A simple "Oops, damn, sorry folks if I've caused this because my scanners didn't pick anything up... blah-blah-blah...".

 

Like I've said before, you could have easily cleaned up whatever you had before doing those tests (afterwards). Virut clearly didn't install fully on your box ; you got lucky this time. Time for you to let it go dude. Just know that whatever scanners you use may fail, so be ready to live with the consequences. Someone who uploads files for others should, ultimately, have a dedicated computer that does no hazardous activities such as malware testing or... crack/P2P downloading... This was a general comment, by the way.

 

That was my .02 cents' worth.

 

===

 

And no, I'm not here to pick a fight. You guys do that well enough on your own, for our viewing pleasure (j/k, sort of..).

[itsmejjj]

Like I've said before, you could have easily cleaned up whatever you had before doing those tests (afterwards).

yes true

but he could of infected his and post thy were dirty?

(afterwards..)

 

Not because we possibly love each other?

 

Not because he possibly***** up (that can happen to anybody, more or less),

------------------------------------------------------------------------

 

Not because you possibly f**ked up (that can happen to anybody, more or less), but because of your attitude perhaps ? Yelling and screaming you did no wrong while the facts may say otherwise. A simple "Oops, damn, sorry folks if I've caused this because my scanners didn't pick anything up... blah-blah-blah...".

facts..you have the file ? test it..that what i asked you?

 

um why the swear words?

 

and yelling . i did state i done every thing in my power to be as sure as i could that thy were clean.and why would upload if i saw them dirty?

--now want to add some thing els?

 

my scanners.and the test"site" did not pick up any thing?

so what would you like from me go out side shoot myself?

perhaps max may of picked up this?i do not know..

 

when downloading files to add?

that is a point-now you download the files and test them let me know

you find it in the posts .there are many add ins..

 

and you are 100% clean from virus?

or any one is.and can post this?

i did say i had and replete this 2 traces on my test PC..

nothing to do with mu net pc ,

read the post again.

sorry if you cant understand my English.

this is not my native tong..

 

""""".Virut clearly didn't install fully on your box ; you got lucky this time. --""

 

ok even you state i was clean

and i was lucky!

that makes me feel a lot better -at least save me killing myself.(joke) i was not the cause

thank you very much for pointing this out to the forum..

 

 

 

 

thank you!

itsmejjj

[itsmejjj]

i amuse you have followed the treads carefully --and the posts made .

t one thinks he is hacked his pc than 2nd one some one hit his mail

now -the hits are made on me?

you got some thing to do with this?( JOKE)

 

something ,someone are or , i think getting to us or at us?

but it may be just coincidence?

it can happen to any one..?

as you stated

 

(that can happen to anybody, more or less)

itsmejjj

[Melvin_Deal]

Oversensitive we seem to be!

 

It appears that emotions are understandibly high concerning several matters! Often unreined emotions detract from truth and solutions!

 

Just an observation... that's all!:wink: