VCDQuality Forums
Here you can view your subscribed threads, work with private messages and edit your profile and preferences Frequently Asked Questions Search Home  
VCDQuality Forums : Powered by vBulletin version 2.3.0 VCDQuality Forums > VCDQuality.com > Site News and Discussion > MHTMLRedir.Exploit virus embedded into ads
  Last Thread   Next Thread
Author
Thread Post New Thread    Post A Reply
wahl
Aug 2004

Registered

MHTMLRedir.Exploit virus embedded into ads

Found this virus this morning when viewing the site. Has anyone else encountered it?
http://securityresponse.symantec.co...ir.exploit.html

Trying to find out which domain it came from specifically, though I thought I had all the banner serves blocked through hosts file already.

Report this post to a moderator | IP: Logged

Old Post 08-06-2004 12:46 PM
wahl is offline Click Here to See the Profile for wahl Find more posts by wahl Add wahl to your buddy list Edit/Delete Message Reply w/Quote
LOLobo
Jan 2003


Canis rufus atheist

Re: MHTMLRedir.Exploit virus embedded into ads

quote:
Originally posted by wahl
Found this virus this morning when viewing the site. Has anyone else encountered it?
http://securityresponse.symantec.co...ir.exploit.html

Trying to find out which domain it came from specifically, though I thought I had all the banner serves blocked through hosts file already.



Looks like this thread has more attention and replys here.

Oh well, Use Mozilla Firefox or Opera.

Report this post to a moderator | IP: Logged

Old Post 08-06-2004 10:56 PM
LOLobo is offline Click Here to See the Profile for LOLobo Click here to Send LOLobo a Private Message Visit LOLobo's homepage! Find more posts by LOLobo Add LOLobo to your buddy list Edit/Delete Message Reply w/Quote
XeroFightsAlone
Dec 2002

Registered

quote:
Systems Not Affected: Linux, Macintosh, OS/2, UNIX

What a surprise!

__________________
soda box

Report this post to a moderator | IP: Logged

Old Post 08-07-2004 12:00 AM
XeroFightsAlone is offline Click Here to See the Profile for XeroFightsAlone Click here to Send XeroFightsAlone a Private Message Find more posts by XeroFightsAlone Add XeroFightsAlone to your buddy list Edit/Delete Message Reply w/Quote
ou812
Jan 2003


Registered

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: MHTMLRedir.Exploit
File: C:\Documents and Settings\xxxxxx\Local Settings\Temporary Internet Files\Content.IE5\6NC34VCT\hp2[1].htm
Location: Quarantine
Computer: xxxxxx
User: xxxxxx
Action taken: Quarantine succeeded
Date found: Sat Aug 07 07:27:57 2004

Report this post to a moderator | IP: Logged

Old Post 08-07-2004 01:28 PM
ou812 is offline Click Here to See the Profile for ou812 Click here to Send ou812 a Private Message Find more posts by ou812 Add ou812 to your buddy list Edit/Delete Message Reply w/Quote
BiggD23
Oct 2003


High Chief

I posted a thread about this too. I find it funny that some people actually say, "You use IE, switch to Firefox or Mozilla." So that's what it's come to? This website is serving an ad which contains trojan code and the best you can do is tell us to switch browsers? How about eliminating the ad that serves the trojan in the first place. You shouldn't have to use a certain browser just to keep from being attacked by an ad on a website.

Last edited by BiggD23 on 08-09-2004 at 03:40 PM

Report this post to a moderator | IP: Logged

Old Post 08-09-2004 03:33 PM
BiggD23 is offline Click Here to See the Profile for BiggD23 Click here to Send BiggD23 a Private Message Find more posts by BiggD23 Add BiggD23 to your buddy list Edit/Delete Message Reply w/Quote
Neversoft
May 2002


Admin?

quote:
Originally posted by BiggD23
I posted a thread about this too. I find it funny that some people actually say, "You use IE, switch to Firefox or Mozilla." So that's what it's come to? This website is serving an ad which contains trojan code and the best you can do is tell us to switch browsers? How about eliminating the ad that serves the trojan in the first place. You shouldn't have to use a certain browser just to keep from being attacked by an ad on a website.
VCDQ cannot control the content of the ads provided though, they'd have to change advertiser. So the only sure way if avoiding this is to avoid IE until the advertiser sorts their shit out (IF they sort their shit out).

__________________
Statistically... 9 out of 10 people actually enjoy gang rape.

Report this post to a moderator | IP: Logged

Old Post 08-09-2004 05:44 PM
Neversoft is offline Click Here to See the Profile for Neversoft Click here to Send Neversoft a Private Message Find more posts by Neversoft Add Neversoft to your buddy list Edit/Delete Message Reply w/Quote
LOLobo
Jan 2003


Canis rufus atheist

quote:
Originally posted by BiggD23
I posted a thread about this too. I find it funny that some people actually say, "You use IE, switch to Firefox or Mozilla." So that's what it's come to? This website is serving an ad which contains trojan code and the best you can do is tell us to switch browsers? How about eliminating the ad that serves the trojan in the first place. You shouldn't have to use a certain browser just to keep from being attacked by an ad on a website.


Ads pay for the site that is very free to us. If the owner requests that everyone to be a little more intelligent so that he can keep the site up . . . well then . . . ummmm, let me think, I get to try something new, avoid some bullshit, and at the same time keep my favorite release site. Not a hard descision to leave IE behind.

Report this post to a moderator | IP: Logged

Old Post 08-09-2004 07:46 PM
LOLobo is offline Click Here to See the Profile for LOLobo Click here to Send LOLobo a Private Message Visit LOLobo's homepage! Find more posts by LOLobo Add LOLobo to your buddy list Edit/Delete Message Reply w/Quote
BiggD23
Oct 2003


High Chief

quote:
Originally posted by lolobo21
Ads pay for the site that is very free to us. If the owner requests that everyone to be a little more intelligent so that he can keep the site up . . . well then . . . ummmm, let me think, I get to try something new, avoid some bullshit, and at the same time keep my favorite release site. Not a hard descision to leave IE behind.


Believe me, I understand that ads help keep the site free. But we're talking about confirmed trojan code here. It's sad that no one cares enough to do something about it short of saying, "change your browser." As for "being a little more intelligent"...that statement can stand on it's own. Do a Google search and see how many gaping security holes have been found in Firefox. Granted, it's still way better than IE6, especially lately, but let's not pretend that Firefox is bulletproof. Hopefully the next time an ad on this site serves a trojan it will attempt to exploit something in Firefox...at least that might get an actual response from x69 or another mod and not just "don't use IE".

Last edited by BiggD23 on 08-09-2004 at 10:10 PM

Report this post to a moderator | IP: Logged

Old Post 08-09-2004 10:07 PM
BiggD23 is offline Click Here to See the Profile for BiggD23 Click here to Send BiggD23 a Private Message Find more posts by BiggD23 Add BiggD23 to your buddy list Edit/Delete Message Reply w/Quote
LOLobo
Jan 2003


Canis rufus atheist

quote:
Originally posted by BiggD23
...Do a Google search and see how many gaping security holes have been found in Firefox. Granted, it's still way better than IE6, especially lately, but let's not pretend that Firefox is bulletproof. Hopefully the next time an ad on this site serves a trojan it will attempt to exploit something in Firefox...at least that might get an actual response from x69 or another mod and not just "don't use IE".


Touché.

Yes, no software is bulletproof, and I have just found out that the ads are causing a confirmed annonyance with Firefox software. Just not as bad as IE, but still annoying. The other thread has details.

Last edited by LOLobo on 08-09-2004 at 10:30 PM

Report this post to a moderator | IP: Logged

Old Post 08-09-2004 10:27 PM
LOLobo is offline Click Here to See the Profile for LOLobo Click here to Send LOLobo a Private Message Visit LOLobo's homepage! Find more posts by LOLobo Add LOLobo to your buddy list Edit/Delete Message Reply w/Quote
horizonstar
Dec 2002


$uXor

quote:
Originally posted by BiggD23
Believe me, I understand that ads help keep the site free. But we're talking about confirmed trojan code here. It's sad that no one cares enough to do something about it short of saying, "change your browser." As for "being a little more intelligent"...that statement can stand on it's own. Do a Google search and see how many gaping security holes have been found in Firefox. Granted, it's still way better than IE6, especially lately, but let's not pretend that Firefox is bulletproof. Hopefully the next time an ad on this site serves a trojan it will attempt to exploit something in Firefox...at least that might get an actual response from x69 or another mod and not just "don't use IE".

Read Neversoft's response above. The VCDQ staff does not have any control over which advertisements are shown. All they can do is talk to the advertising provider, which they've already done (days ago) regarding this issue.

__________________


Scrobble all you want, we'll make more!

Report this post to a moderator | IP: Logged

Old Post 08-10-2004 09:45 PM
horizonstar is offline Click Here to See the Profile for horizonstar Click here to Send horizonstar a Private Message Find more posts by horizonstar Add horizonstar to your buddy list Edit/Delete Message Reply w/Quote
Mr_Grinch
Nov 2002


STD Free

I turned off activex control, it just now pops up with a warning saying "Due to your security settings so and so can't run" every time this ad tries to pop up.

*shrug* worked for me.

Report this post to a moderator | IP: Logged

Old Post 08-13-2004 08:57 PM
Mr_Grinch is offline Click Here to See the Profile for Mr_Grinch Click here to Send Mr_Grinch a Private Message Find more posts by Mr_Grinch Add Mr_Grinch to your buddy list Edit/Delete Message Reply w/Quote
brut7
Sep 2003


BANNED

From Symantec Corp


Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: MHTMLRedir.Exploit
File: C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\8BDFEEJT\hp2[1].htm
Location: C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\8BDFEEJT
Computer: xxx
User: xxx
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Friday, August 13, 2004 8:38:36 PM


This is disturbing to see on a high quality forum.
I realize I'm a n00b here but its not appropriate.

I also realize funding is necessary but this?

brut7

Report this post to a moderator | IP: Logged

Old Post 08-14-2004 02:45 AM
brut7 is offline Click Here to See the Profile for brut7 Click here to Send brut7 a Private Message Find more posts by brut7 Add brut7 to your buddy list Edit/Delete Message Reply w/Quote
horizonstar
Dec 2002


$uXor

quote:
Originally posted by brut7
From Symantec Corp


Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: MHTMLRedir.Exploit
File: C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\8BDFEEJT\hp2[1].htm
Location: C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\8BDFEEJT
Computer: xxx
User: xxx
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Friday, August 13, 2004 8:38:36 PM


This is disturbing to see on a high quality forum.
I realize I'm a n00b here but its not appropriate.

I also realize funding is necessary but this?

brut7


Ok, you're the third person in this thread to post without reading first. It has already been stated three times that the VCDQuality staff have no control over the ads shown here other than to talk to the advertising provider, which they've done.

You've been here since last September and don't know to read first?

__________________


Scrobble all you want, we'll make more!

Last edited by horizonstar on 08-17-2004 at 04:03 AM

Report this post to a moderator | IP: Logged

Old Post 08-14-2004 04:00 AM
horizonstar is offline Click Here to See the Profile for horizonstar Click here to Send horizonstar a Private Message Find more posts by horizonstar Add horizonstar to your buddy list Edit/Delete Message Reply w/Quote
brut7
Sep 2003


BANNED

OK horizonstar,

You are right it's already been mentioned and I guess I didn't need to repost. More of a vent I suppose and i apologize.

Since the time of my last post, I have tried out firefox. Didn't think I'd like it but I was wrong and may move to it on a more permanent basis.

I suppose this chalks up to a learning experience for me lol.

brut

Report this post to a moderator | IP: Logged

Old Post 08-14-2004 02:34 PM
brut7 is offline Click Here to See the Profile for brut7 Click here to Send brut7 a Private Message Find more posts by brut7 Add brut7 to your buddy list Edit/Delete Message Reply w/Quote
geo_jetson
Jul 2004

Registered

I spent over 10 hrs of using various spyware removal programs trying to get rid of the MHTMLRedir.Exploit virus I picked up from this site. I finally had to reformat my hard drive and I still don't have all of my program back that I use to have. I don't understand why they allow a nasty virus like that to continue on their site.

Report this post to a moderator | IP: Logged

Old Post 08-16-2004 10:49 AM
geo_jetson is offline Click Here to See the Profile for geo_jetson Click here to Send geo_jetson a Private Message Find more posts by geo_jetson Add geo_jetson to your buddy list Edit/Delete Message Reply w/Quote
horizonstar
Dec 2002


$uXor

And congrats, geo_jetson! You're the fourth person to post without reading even the post directly above yours!

Well done. You get a cookie.

Laced with cyanide.

::edit:: And by "laced", I mean "coated/glazed".

__________________


Scrobble all you want, we'll make more!

Last edited by horizonstar on 08-17-2004 at 04:04 AM

Report this post to a moderator | IP: Logged

Old Post 08-17-2004 04:01 AM
horizonstar is offline Click Here to See the Profile for horizonstar Click here to Send horizonstar a Private Message Find more posts by horizonstar Add horizonstar to your buddy list Edit/Delete Message Reply w/Quote
Neversoft
May 2002


Admin?

quote:
Originally posted by geo_jetson
I spent over 10 hrs of using various spyware removal programs trying to get rid of the MHTMLRedir.Exploit virus I picked up from this site. I finally had to reformat my hard drive and I still don't have all of my program back that I use to have. I don't understand why they allow a nasty virus like that to continue on their site.
You had to reformat? That's just lack of imagination on your part, not VCDQ's fault!

__________________
Statistically... 9 out of 10 people actually enjoy gang rape.

Report this post to a moderator | IP: Logged

Old Post 08-17-2004 09:03 AM
Neversoft is offline Click Here to See the Profile for Neversoft Click here to Send Neversoft a Private Message Find more posts by Neversoft Add Neversoft to your buddy list Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 10:40 PM. Post New Thread    Post A Reply
  Last Thread   Next Thread
Show Printable Version | Email this Page | Subscribe to this Thread

Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
 

< Contact Us - www.vcdhq.com >

Powered by: vBulletin Version 2.3.0
Copyright ©2000, 2001, Jelsoft Enterprises Limited.