 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | reply to DarkSithPro
Re: virus/spyware: divxturka.net See: »Re: virus/spyware: divxturka.net
»Re: virus/spyware: divxturka.net |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
 ·SONIC.NET
·Pacific Bell - SBC
| reply to Oleg
said by Oleg:Firefox blocked access to this site  Must be some add-ons you are using.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to secured655
said by secured655 :
Netfixer, there are 2 hidden frames on the page (see attachment in my previous post). If you're inclined (to look further),the other hidden frame leads to an equally suspicious site.
hxxp:www.fixoyun.com
I just started up my XP Pro virtual machine and started Opera which immediately wanted to update itself. So, I let it do that. Then I bypassed Proxo and went again to divxturka.net. I got almost constant popups requesting to install Flash Player plugin. I could "cancel" but not say no permanently unless I disabled plugins entirely.
Without Proxo, and my not checking Opera to see if all settings were preserved, (they were not...cookies was on "accept cookies" but "ask first" instead of "accept cookies only from the site I visit" and "ask first"), so between no Proxo, and little restriction on cookies, I got bombarded with requests for third party cookies. One I got was for "fixoyun.com" which, like all of them, I denied acceptance.
I wonder if Discover Card realizes they are a major advertiser on a crack site?
I noticed that according to Alexa the site is quite popular so I guess not too many are using web blockers.
I again, went all over the site. I wanted to see if Avira 9 which I had just installed would alert there. I read some really interesting threads. I never got any nasty iframe. The only thing out of the ordinary was something kept sliding up from the bottom right corner of my monitor saying a popup had been blocked. I don't know if Opera has a popup blocker since I rarely bypass Proxo and don't need one. I looked to see if Opera has one and didn't see one. So, I don't know where that slideup was coming from. I hate slide ups as they so difficult to read and this one was only there for a few seconds and slid up about 5-6 times while I was at the site.
ProcessGuard is running but no other security programs yet nothing bad happened there. I still say the site is safe to browse and safe (IF you know what you are doing) to download from but most should not download there. (I am not addressing the legal and moral issues because that is not the topic of this thread).
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
| reply to chris_j11
Was rather curious so checked that website........immediately the computer was hit by an HTML/IFRAME exploit. Didn't look deeper. |
|
Reviews:
 ·Optimum Online
| reply to chris_j11
A linux browser applications virtual machine with rollback to snapshot on power off, goes a long way toward keeping your computer safe.
A shared folder on the host filesystem can be created to copy the downloads to.
--
Ken |
|
|
|
| reply to chris_j11
Mele20, we can agree that you and others who know what they are doing could traverse the site safely. However, it is not a large percentage of the wider audience (specifically the computing public) that knows what they are doing.
In my case, I believe that the hierarchy of protection (order of detection) is such that outpost is effectively blocking the elements before avast gets to see them. I attached the log in the previous post to show what was blocked by outpost (thus allowing me to load the page without the warnings/ harm) but hesitated to interpret the data as it is beyond my skill level to do so correctly.
I'm wondering if somewhere you have hidden frames blocked and that is why you're not seeing any frame related warnings.
Anyhoo, I don't have any feelings one way or another about this site per se except to say that if the main page is initiating malware activity, then the site should be avoided until the malware related elements are cleaned up and removed. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Only possible explanation I can think of is that Proxo is not being fully bypassed. I know that happens, but I don't know what exactly is still operative because I sure see a lot of ads when I bypass and I don't get a Flash Player toggle switch, etc. Maybe hidden iframes are still blocked. I'm too sleepy now but maybe tomorrow I will get on a virtual machine and instead of bypassing Proxo I will reset Opera to not use a local proxy at all but set it to a direct connection to the internet and then go there.
I didn't have time when I read your post that had the log to download it then and when I came back home, I had forgotten about it and now I am too sleepy.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to Mele20
said by Mele20:I don't know if Opera has a popup blocker since I rarely bypass Proxo and don't need one. I looked to see if Opera has one and didn't see one. It does have a rudimentary blocker:
Opera pop-up blocker.
Version 10.60.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 OlegBellsouth FastaccessPremium
join:2003-12-08
Birmingham, AL | That's all you have NormanS? |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
·SONIC.NET
·Pacific Bell - SBC
1 edit | Not sure what you are asking. I am addressing Mele20  's comment about not knowing if Opera has a native pop-up blocker. It does. Sort of. |
|
OlegBellsouth FastaccessPremium
join:2003-12-08
Birmingham, AL
2 edits | said by NormanS:Not sure what you are asking. I am addressing Mele20 's comment about not knowing if Opera has a native pop-up blocker. It does. Sort of. In addition to that you should be using Opera's ad blocking Add-On »usgadget.blogspot.com/2008/07/op···ike.html and a host file »www.mvps.org/winhelp2002/hosts.htm |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
·SONIC.NET
·Pacific Bell - SBC
2 edits | I should be using somebody else's 'hosts' file? I don't figure I need it. Too much trouble finding, and editing sites they want to block that I don't. I used to use one, but gave up after too many times having to alter their entries. My current 'hosts' file entries are mostly friendly aliases; using it as it was originally intended to be used.
P.S. I found a web site which offered to test URLs for web bugs and tracking. I entered one of my favorite sites. They told me that 'www.fics.ne.jp' was not a valid domain? But I like the cute girl pictures found here: »www.fics.ne.jp/~yamaneko/
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
1 edit | reply to chris_j11
For those that visited this site before it was apparently taken offline using NOD32, you may want to run an On-demand Computer scan my results from my weekly scan found mutiple infiltrations that had not been cleaned.
It is possible it is my settings that are not quite right, though, they are generally out-of-the-box, save a few tweaks for DSL. Just a precautionary warning.
C:\Documents and Settings\siljaline\Application Data\Sun\Java\Deployment\cache\6.0\28\c3ee35c-7a42b7e8 multiple threats No action
C:\Documents and Settings\siljaline\Application Data\Sun\Java\Deployment\cache\6.0\57\71c3b839-23dc8851 a variant of Java/Exploit.Agent.NAC trojan No action --
siljaline
When I was a child I caught a fleeting glimpse
|
|
 Stem BoltAka Smiling BobPremium
join:2002-11-08
Cleveland, OH
kudos:2
1 edit | said by siljaline:For those that visited this site before it was apparently taken offline using NOD32, you may want to run an On-demand Computer scan my results from my weekly scan found mutiple infiltrations that had not been cleaned. CCcleaner probably could clean them out.
--
Panda Cloud AV Pro + Online Armor + Router/SPI |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| Quite possibly, Stem Bolt , I'm going to run another on-demand scan just to be sure I'm clean.
This really goes to show how dangerous Warez sites are 
Thanks for the feedback. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to NormanS
Thank you! I stumbled on that a few minutes ago. It is under the General tab and I think I looked everywhere EXCEPT the general tab last night. Today I was trying to find where I had disabled favicons in pages (as an experiment last night) because that is awful and I couldn't tell what tab is what without mouse hover to see the thumbnail and while looking for that setting I noticed the popup blocker setting. It was set to block "unwanted popups". So, that must have been where the blocking was coming from.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to siljaline
said by siljaline:For those that visited this site before it was apparently taken offline using NOD32, What was taken offline via NOD32?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| Perhaps poor choice of words, Mele20 , as NetFixer noted here: »Re: virus/spyware: divxturka.net |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Ah! Gotcha! thanks. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| said by Mele20:Ah! Gotcha! thanks. My pleasure, hoping that no one comes away infected permanently from this  |
|
