Question Computer Virus?

Kerr Avon

Master Member
I was browsing the site and got an alert an attack occurred from the RPF. It's probably some banner activity, but if you can block the site it came from as a banner that might help avoid the RPF becoming a mule for malware spreading.

attachment.php
 
You know i've been getting warnings of that same toolkit on norton but never really paid attention since it never gets through.
 
True. I need to start paying more attention to when it pops up. It only pops up randomly too. I just checked my norton history and the screen matches your screencap completely.
 
Well the attack wasn't from the RPF itself... But it could have been linked... Was it a particular thread you where viewing?

Have you checked your system? Might be a good time for a full system scan as that 'attack' could also be a result of some already installed malware attempting to phone home, and the AV intercepting the call...

It should be taken serious and a routine scan should be done on your system, just the same...

FYI: A little nosing around revealed that what your AV blocked was a Java exploit on that site that installs a Rootkit, pretty serious stuff as that Rootkit could be anything...
 
given Flynn's info.

The attack as indicated came from
attak.jpg


Now don't anyone be silly enough to go there unless you want to gamble on your AV catching the install, before it compromises your system...

Basically when your computer/browser goes to that addy it launches a Java applet that attempts to download and silently/secretly install it's payload without your interaction or consent using an exploit in a (likely) outdated Java engine on your system...

The question is why was your browser trying to go to that URL in the first place? Was/is there a rogue link on the forum or as I said do you already have malware on your system that was making a call home to update or download a new payload... That is really want needs to be identified, your computer just doesn't go to some random site on it's own...

A rouge link (if there is one) could be any link to that domain that is redirected by that server to the download location, it doesn't necessary have to go to that 'attacking' URL... It could be as simple as a fake image link on the RPF that is redirected by the malicious server towards the Java applet...

As for the payload, it could be anything I didn't and won't be letting it go full circle and identify it, no time to play in the sandbox right now...
 
Last edited:
It only happens when I have this site open in the browser an even then it's random. I've run malware bytes and norton and found nothing with either.
 
As I said, it's likely in the banner adds on the RPF. What can the RPF do to filter out possibly bad sites and banner adds?
 
Even though we have been unable to find that domain name in any of our banners or on the forum, we have blocked that domain from AdSense anyway.
 
Back
Top