Trojan Exploit Alert

yesterday when my wife launched IE (my homepage is ATS a trojan alert popped up from CA real time scanner. Unfortunately she did not know how to take a screen shot which I assume would make it much easier to track down. Since I did not see the mesg at the time I had forgotten the real time log DUH but today when I ran a full scann the info was there and here is what it read. Hopfuelly this will help SO to track it down
-----------------------
2006/11/18 10:17:08.295 File infection: C:\Documents and Settings\Xxxx\Local Settings\Temporary Internet Files\Content.IE5\GHMB4X6J\2_z[1].htm is JS/CVE-2006-3730!exploit trojan. Deleted

2006/11/18 10:17:08.311 File infection: C:\Documents and Settings\Xxxx\Local Settings\Temporary Internet Files\Content.IE5\GHMB4X6J\2_z[1].htm is JS/CVE-2006-3730!exploit trojan.

2006/11/18 10:17:08.326 File infection: C:\Documents and Settings\Xxxx\Local Settings\Temporary Internet Files\Content.IE5\GHMB4X6J\2_z[1].htm is JS/CVE-2006-3730!exploit trojan.

2006/11/18 10:17:09.592 File infection: C:\Documents and Settings\Xxxx\Local Settings\Temporary Internet Files\Content.IE5\GHMB4X6J\3_z[1].htm is JS/MS05-054!exploit trojan.

-------------------

Moral of the story is always have your real time scanners on

[edit on 11/19/2006 by shots]

You wouldn't be having problems like that if you were to use FireFox and install Ad-block on it. IE is utter crap, and I never bother using it.

Originally posted by Impreza
You wouldn't be having problems like that if you were to use FireFox and install Ad-block on it.

Install adblocker hmmm obviously you have not read ATS terms and conditions have you. Use of Ad blockers is a no no

4b) Ad Blockers: As AboveTopSecret.com is provided as a free service, in part through the income of our advertising, you agree not to use "ad-blocking" software or similar built-in web browser options while using the website(s).


Terms and Conditions

Thanks Shots,
We’ve had a few members notify us of this problem via the complain feature and I believe the tech guy is currently trying to fix this.

Originally posted by Umbrax
Thanks Shots,
We’ve had a few members notify us of this problem via the complain feature and I believe the tech guy is currently trying to fix this.

NP I was going to use the complain button however I thought by combining the fact that one should have real time scaning on is very important. You know the younger generation faster is better, well not in all cases

We've been trying to track this down... it seems as though more than one ad network is infected.

Springer was hit with this, and still has some nasty adware that triggers a pop-up on the ATS home page, even though we have no pop-ups.

Since thats in your temp cache close IE and right click on the IE icon on your Desktop, left click properties and then click on Delete Files and then place a checkmark on delete all offline content.

you can also grab CCleaner or Cleanup! 4.0
In CCleaner make sure under options you uncheck the last 48hrs option so it wipes everything.


Pie

Originally posted by ThePieMaN
Since thats in your temp cache close IE and right click on the IE icon on your Desktop, left click properties and then click on Delete Files and then place a checkmark on delete all offline content.

No need to do that if you read what I posted it shows that my virus software took care of it automatically. Again that is the main reason I posted this here rather then using the complain feature just to make others aware real time scanning is your best friend. Also in some cases even cleaning your cache will not work another reason to use a good virus program, because if there are special steps you have to take to remove it the program will walk you thru the process step by step, at least mine does and I use CA.

Originally posted by shots
Also in some cases even cleaning your cache will not work another reason to use a good virus program, because if there are special steps you have to take to remove it the program will walk you thru the process step by step, at least mine does and I use CA.

Yeah as long as it is just a file in your temp cache thats just been downloaded and is not yet locked in memory it will delete just fine. Once it gets loaded thats when the problems will start. My Scanner was unable to delete it while IE was open since the cache had it locked. I got that same warning when a link to Ahminijeads web page was posted here 2 days ago. I wonder if thats how this thing might have spread around.

Pie

Banner ads are disabled until we get to the bottom of this.

Originally posted by SkepticOverlord
Banner ads are disabled until we get to the bottom of this.

Thanks for the heads up SO I was wondering if somthing had gone haywire with my puter there for a minute

actually you don't even need adblocker...
just try firefox and see...

Originally posted by shots
Install adblocker hmmm obviously you have not read ATS terms and conditions have you. Use of Ad blockers is a no no

Wow....somehow I'd gotten it through my head that promoting adblockers was a no-no; I didn't realize it was part of the T&C to not use it. I understand perfectly well the site is supported by ads, but... I dunno. I'm sure this is a whole "don't ask don't tell" type policy, and I'd get by perfectly fine without saying anything, but I can't stand ads on a website and that was one of the main reasons I switched to FF. Just the bare fact that it's a banner ad turns me off of the idea of clicking on the link; I use adblockers to keep from taking up bandwidth by them serving ads for sites I'm never going to click on. If I want something, I'll search for it, I don't want it shoved in my face.

I can understand asking people not to use adblockers perfectly well, but to make it a condition of accessing the website? Hell, I've been in violation of that for well over a year now without even realizing it. I understand having the ads--I even tried it on my website for a bit (got a whole 1 click out of some 300 pages views, and that was because I asked someone to click it to see if it actually worked)--but why force people to look at them if they went to the trouble to actively avoid ads?

I dunno; I considered myself a decent member. I tried not to flame anyone, and I tried to make quality posts because I read somewhere that quality posts where what drew people to the site. I tried to keep my mouth shut as much as possible once I realized about the adblockers, and I tried to get involved where I could (admittedly not much.)

Now I see this, and I feel like I've been a bad member--actually, technically I have been, for violating the T&C--because I didn't want to sit there and be bombarded with Flash ads spouting the next cell phone ringtone or some other useless garbage that I'd never worry about anyways.

Sorry; I know this is something that's stupid as hell, but it bugs the hell out of me and for whatever reason I can't just keep my mouth shut on this. I don't want to hijack this thread at all, and I wouldn't post anything like this on it's own, but it's in context and surprised the hell out of me. Anyways...