Does my website have a virus?

[formulav8]

Someone on a vb forum made a post saying that my site contains alot of viruses or something but I cannot find anything. Maybe someone hear could see what the person is talking about?

My website link

The original post on the virus.

I would appreciate any help someone could provide. Thankyou 🙂


Jason

 

[Vegitto]

Nope, I'm not getting anything.. Norton AntiVirus, ZoneAlarm Pro and SpySweeper.

 

[yankeesfan]

I just navigated around a little. No problems here with NOD32.

 

[mrjminer]

4/13/2007 McAfee = none

However, I did get a download bar for Remote Data Services on your front page; no idea why that should be there. It only showed up the first time I went to your site and I, obviously, didn't let it run--refreshed and it wasn't there. Perhaps something is quirky?

 

[formulav8]

Thanks alot 🙂 I wasn't getting anything either.

How do I go about trying to get that guy to change his post? So I am not sure the best way to go about it.

Thanks for your help 🙂


Jason

 

[Amused]

Norton anti-virus detected a virus called z-java1[1].htm and identified it as a downloader. And a popup tried to download "Microsoft Data Access - remote services dat..." but IE7 stopped it.

You have a problem with your advertiser or something

 

[mrjminer]

Originally posted by: Amused
Norton anti-virus detected a virus called z-java1[1].htm and identified it as a downloader. And a popup tried to download "Microsoft Data Access - remote services dat..." but IE7 stopped it.

You have a problem with your advertiser or something

I got the data access popup as well

 

[Amused]

In fact, after closing the page I got all the warnings the OP in that thread did. Your page sent Norton into hysterics. That rarely happens unless I end up on a sketchy site.

 

[Amused]

BTW, I highly doubt that this is a Norton problem.

 

[nweaver]

nothing with FF2.0/Ubuntu here

 

[Amused]

http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99

This is what it refered to.

 

[yankeesfan]

I was Firefox 2.0 with Adblock Plus and Filterset.G, so that may have prevented the ad and virus from appearing.

 

[mrjminer]

Nevermind, I tried it a couple more times and I got one w/ McAfee 4/13/2007:

Script executed by iexplore.exe
Exploit-MS06-014
Trojan
Script execution blocked

 

[Amused]

Well, I think that solves it. Your page has a problem.

 

[ForumMaster]

nothing detected by opera and ZoneAlarm Internet Secuirty Suite v7.0.337.000 (aka latest version) with update today. although Opera might be blocking it.

 

[sao123]

I got a Norton hit from your page... it specifically came from mystabcounter.info... which appears to be where your counter is from. Perhaps their site is infected.



Some diagnosis...
http://pics.bbzzdd.com/users/sao123/mystabcounter.info.jpg

 

[Atheus]

What's mystabcounter? Looks like it's been put there on purpose...

<script language="javascript1.2"><!--
EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"?
EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//-->
</script><script language="javascript"><!--
EXd=document;EXw?"":EXw="na";EXb?"":EXb="na";
EXd.write("<img******=\"http://t0.extreme-dm.com",
"/c.g?tag=98z28&j=y&srw="+EXw+"&srb="+EXb+"&",
"l="+escape(EXd.referrer)+"\" height=1 width=1>");//-->
</script><noscript><img height=1 width=1 alt=""
src="http://t0.extreme-dm.com/c.g?tag=98z28&j=n"></noscript>

^ and what's that?

 

[sao123]

Originally posted by: Atheus
What's mystabcounter? Looks like it's been put there on purpose...

<script language="javascript1.2"><!--
EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"?
EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//-->
</script><script language="javascript"><!--
EXd=document;EXw?"":EXw="na";EXb?"":EXb="na";
EXd.write("<img******=\"http://t0.extreme-dm.com",
"/c.g?tag=98z28&j=y&srw="+EXw+"&srb="+EXb+"&",
"l="+escape(EXd.referrer)+"\" height=1 width=1>");//-->
</script><noscript><img height=1 width=1 alt=""
src="http://t0.extreme-dm.com/c.g?tag=98z28&j=n"></noscript>

^ and what's that?

A session cookie. The virus is in the counter.

 

[formulav8]

I made some changes to the main page. Please let me know if anything comes up now.

Also, you can be sure I didn't 'purposely' add any kind of code to install a virus. I unfortunately do not know jave/html very well (As you can see from the website design) so it could be possible the counter i'm using has added something to it. Even if that counter isn't a virus its being removed. Not worth the trouble.

Thanks for the help 🙂


Jason

 

[formulav8]

I have no idea about that code. That is a copy and paste counter. I took it out and plan on contacting them on what the deal is. Thanks for pinpointing it. 🙂


Jason

Originally posted by: Atheus
What's mystabcounter? Looks like it's been put there on purpose...

<script language="javascript1.2"><!--
EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"?
EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//-->
</script><script language="javascript"><!--
EXd=document;EXw?"":EXw="na";EXb?"":EXb="na";
EXd.write("<img******=\"http://t0.extreme-dm.com",
"/c.g?tag=98z28&j=y&srw="+EXw+"&srb="+EXb+"&",
"l="+escape(EXd.referrer)+"\" height=1 width=1>");//-->
</script><noscript><img height=1 width=1 alt=""
src="http://t0.extreme-dm.com/c.g?tag=98z28&j=n"></noscript>

^ and what's that?

 

[ChooChooChooseMe]

Your site has been flagged by google. 🙁

 

[mrjminer]

That maxracesoftware guy is spreading that your site has a virus.
NFC why someone would be so inclined to screw someone for no reason when its such a minor virus warning resulting from a counter; perhaps he isn't happy with the service you guys have given him or something?

http://vbcity.com/forums/topic.asp?tid=143689

You should probably post there to tell them you discovered the problem was from the counter service and you've taken it down for now.

 

[formulav8]

Hi, I checked the link and didn't see anything about flagging. Can you tell me where on the page?


Jason

 

[mrjminer]

Originally posted by: formulav8
Hi, I checked the link and didn't see anything about flagging. Can you tell me where on the page?


Jason

Right below the site title in the link:

Visual Basic Code Source - Free and Unique source code for all ...
This site may harm your computer.

Apparently, you now have to appeal to stopbadware.org to get the malacious warning removed. Sucks. I bet it was that dude that reported your site, you should block his IP from your site and get your site removed from the 'bad site list.'


Here's where you go to get them to review your site now that it's clean. Btw... stay away from crap like free counters and the such in the future, they often sell out after they get enough people and all the sites hosting them are then screwed.

 

[formulav8]

Thankyou all VERY much. I would have never thought a counter would cause such a problem and that someone would even report it when its doesn't really have a virus anyways. But you could be right that someone might possibly be upset over the site?

Please let me know if Norton still comes up with anything. Thankyou 🙂


Jason

Originally posted by: mrjminer

Originally posted by: formulav8
Hi, I checked the link and didn't see anything about flagging. Can you tell me where on the page?


Jason

Right below the site title in the link:

Visual Basic Code Source - Free and Unique source code for all ...
This site may harm your computer.

Apparently, you now have to appeal to stopbadware.org to get the malacious warning removed. Sucks. I bet it was that dude that reported your site, you should block his IP from your site and get your site removed from the 'bad site list.'


Here's where you go to get them to review your site now that it's clean. Btw... stay away from crap like free counters and the such in the future, they often sell out after they get enough people and all the sites hosting them are then screwed.