[teamDFL]

The last two times I have logged in to this site from my work computer, Virus Scan has picked up a JS/Wonka virus. I am about as computer savvy as the Pope is Casanova, so I was hoping someone can tell me what this means and perhaps if I have anything to worry about since my home computer software (AVG) detected nothing. Thanks?

[trackbird]

I have seen the same thing the last two days and one of our members had an exchange with his IT department about some other issues (or the same one, not sure yet).

I have no answers yet, but I'm looking into it.

[pknowles]

Are you using McAfee? I get a pop up sometimes for this virus, I'm not sure if it's valid.

http://us.mcafee.com/virusInfo/default.asp...&virus_k=135834

[beuke23]

I got the J/S Wonka trojan twice. Yeasterday, and just now. McAffee picked it up.

Aria

[Ojustracing]

Add me to the list too..

Last 2 days hear too!!

John

[bsim]

No problems here, but I DO have "script blocking" turned on...

[2manyfbods]

I got the J/S Wonka trojan twice. Yeasterday, and just now. McAffee picked it up.

Aria

I have McAfee at home and I get the alert too. It doesn't happen from work.

[trackbird]

Has it just been recently or how long have you guys been getting the alert?

[GM01SS]

I have been notified of the Virus for the last 3 days!

Gary

[trackbird]

I've seen it the last two days. The question is, did McAffe update or did we catch something?

I'll have to get after it tonight. I can't do anything from work.

That link has a place to refer "invalid occurences" for them to look at. Did anyone send them the frrax link for their input? (I can't do it from work) and see if they see it?

[teamDFL]

The sum total of my knowledge is in the first post. I am sorry that I cannot be more helpful but the brand of software is determined by my corporation and my level of computer knowledge is generously described as limited.

This post has been edited by teamDFL: Dec 13 2005, 08:29 PM

[trackbird]

The sum total of my knowledge is in the first post. I am sorry that I cannot be more helpful but the brand of software is determined by my corporation and my level of computer knowledge is limited.

No sweat. I got it first yesterday, a few others have seen it since Sunday. I use Norton at home, and McAffee at work. So, we know that McAffee will pick it up and it started 3 days ago. That's good information to start with. I'll get with some people tonight and start turning over rocks and see what I can find out.

[pknowles]

No sweat. I got it first yesterday, a few others have seen it since Sunday. I use Norton at home, and McAffee at work. So, we know that McAffee will pick it up and it started 3 days ago. That's good information to start with. I'll get with some people tonight and start turning over rocks and see what I can find out.

I have McAffee and I've seen the notice on my laptop, my desktop, and at work since Sunday. I scanned the hard drives on my laptop and desktop and it found nothing. FWIW.

[SexOnWheels]

I got the J/S Wonka trojan twice. Yeasterday, and just now. McAffee picked it up.

Aria

Me too. At work we use McAffee.

I will try it tonight at home where I use Norton and see if there is still a warning.

[RedHardSupra]

let's have a tally, who's still using IE vs Firefox/Mozilla/Safari?
IE right now has a FULL REMOTE HOLE, as in go to a 'bad' site and they can run whatever they want on your computer!!!!
MS of course refused to patch it for the past 6-7 months...
i have no problems, but than again, i don't even know where IE is these days...

[trackbird]

let's have a tally, who's still using IE vs Firefox/Mozilla/Safari?
IE right now has a FULL REMOTE HOLE, as in go to a 'bad' site and they can run whatever they want on your computer!!!!
MS of course refused to patch it for the past 6-7 months...
i have no problems, but than again, i don't even know where IE is these days...

I was on IE.

Marcin, this is part of that stuff I sent you last night. I'm not sure it's all related, but it's what I was looking to bug you about.

[bsim]

IE, XP, Norton IS, script blocking on, behind a NAT router. No issues.

This post has been edited by bsim: Dec 14 2005, 12:27 AM

[bsim]

BTW, the description I get is:

JS.Wonka is a generic detection of web pages or e-mail messages that contain a certain functionality for encrypting scripts that may have malicious intent. This does not necessarily mean that a virus has been found.  It merely means that HTML code was found which attempts to activate additional executable code without the user's express permission.

Note: this detection may be triggered by merely visiting a web page that contains malicious code. It does not necessarily mean your machine has been compromised.

So, I guess if the site software has HTML code that points to a script that doesn't get a user permission to execute, it flags the potential for malicious code, not that it found any per se. Am I reading that right?

If that's true, I would assume that because I've blocked JS execution, that's why I don't get the notice?

[LS1FIRE]

My virus protector picked it up as well.

This post has been edited by BadBird: Dec 14 2005, 01:06 AM

[Formula WS6]

im on IE6 and i only have microsoft antispyware. nothing has shown up on my comp and i havent had anything odd happening.

[00 Trans Ram]

I've got IE, with no virus stuff. I simlpy save everything that I want to keep to an external hard disk every few weeks, then wipe the computer clean and reinstall Windows. Screw the anti-virus people - I think they're the ones making the viruses (not the companies, but the workers)!! (IMG:http://www.frrax.com/rrforum/style_emoticons/default/dry.gif)

[felton316]

IE, XP, Norton IS, script blocking on, behind a NAT router. No issues.

Same here. No problems.

[bruecksteve]

I've been getting it maybe once a day when I go here. I use Maxthon for my browser and McAfee for virus stuff.

[35th_Anniversary...]

IE with Norton @ work, no problems
Maxthon with nothing at home, though I have scanned my computer multiple times this week with housecall online virus scanner and no viruses found. (trying to figure out why POS XP Pro is giving me machine check exception)

[axoid]

I'm running IE on win 2k with Computer Associates eTrust Antivirus. I've gotten a few warnings on this virus when viewing this site over the last week or so.

[slowTA]

Maxthon with Norton. I just ran the updates and a virus scan, didn't find anything.

As a side note, my smilies aren't animated. Is that a part of script blocking?

[35th_Anniversary...]

As a side note, my smilies aren't animated. Is that a part of script blocking?

Maxthon issue.

small price to pay to be able to resize pics (IMG:http://www.frrax.com/rrforum/style_emoticons/default/smile.gif)

My machine_check_exception was due to adding a Cisco PCI wireless card which I have since taken out and will be using for target practice with my 12 ga model 11 =)

[firehawkclone]

I get notting at all ever (IMG:http://www.frrax.com/rrforum/style_emoticons/default/tongue.gif) McAfee run's every night!

[v7guy]

i've been picking up the virus the last three days, it gets cleaned everytime and I never show any others, it's more of a hassle than anything I suppose

IE 6/XP/McAfee/Adaware

This post has been edited by v7guy: Dec 14 2005, 01:28 PM

[KeithO]

IE with Norton @ work, no problems

I never saw a problem on my work PC, but it instead notified the IT department. As a group, they called me to see what I was doing. (Maybe the message here is that I go to the this site too much at work.)

...I couldn't help but say I was having trouble getting to hotchicks.com and was wondering if they could assist me.

[Teutonic Speedra...]

I get it once a day lately with IE/XP/McAfee

[teamDFL]

I got the same message this morning. I came here from a different site to make sure it was not that.

[Ynnek888]

Using latest ver of IE

and VirusScan Ent 8

VirusScan gave me an alert when I visited this site.

[RedHardSupra]

so basically, noone's using Firefox? wow... try it, it just might get rid of a lot spyware and other 'windows' problems that are really IE problems. I seriously eliminated 95% of 'internet doesn't work/computer is weird' calls from my parents by exchanging IE with FF.

[teamDFL]

so basically, noone's using Firefox? wow... try it, it just might get rid of a lot spyware and other 'windows' problems that are really IE problems. I seriously eliminated 95% of 'internet doesn't work/computer is weird' calls from my parents by exchanging IE with FF.

How do I get it? How much is it? I am no lover of IE, it is just easy because it is on the computer already.

[slowTA]

I started using Firefox over the summer, but for some reason it was locking up or shutting itself down. That's when I switched to Maxthon and my smilies stopped working, Firefox and IE too!

www.maxthon.com
www.mozilla.com Firefox

This post has been edited by slowTA: Dec 14 2005, 07:44 PM

[Dewey316]

I get the same warning thing here.

FWIW, I checked on the cache file in question, it is redirecting to the following URL.

(DO NOT CLICK ON THE LINK)
http: // 85.255.113.83/users/fill/web/count.php?id=nan24

Might be worth checking the files on the site, look for the newest modified date on the php or html files, and then you might need to correct that file. A site that I run had a similar problem earlier this year. I found a new text file with a similar URL in it. I checked the index.php file, and found a line of code that directed it to look at the text file. I removed that line of code, and removed the text file, no issues since.

This post has been edited by John_D.: Dec 14 2005, 09:46 PM

[RedHardSupra]

to get firefox go to

http://www.mozilla.com/firefox/

also, for extensions go to:

http://extensionroom.mozdev.org/

and

https://addons.mozilla.org/extensions/?appl...ication=firefox

if you're really into IE just don't like being 0wned, you might even find a skin that will make it look like IE (IMG:http://www.frrax.com/rrforum/style_emoticons/default/smile.gif)

[John_D.]

I get the same warning thing here.

FWIW, I checked on the cache file in question, it is redirecting to the following URL.

(DO NOT CLICK ON THE LINK)
http: // 85.255.113.83/users/fill/web/count.php?id=nan24

Might be worth checking the files on the site, look for the newest modified date on the php or html files, and then you might need to correct that file. A site that I run had a similar problem earlier this year. I found a new text file with a similar URL in it. I checked the index.php file, and found a line of code that directed it to look at the text file. I removed that line of code, and removed the text file, no issues since.

Good info.

fyi, I edited the post to disable the link.

[bruecksteve]

It happened to me tonight on our SoloAtlanta Forum http://soloatlanta.com/forum/index.php?act=idx

So it's not just limited to this forum.

[bruecksteve]

The IP address points back here... from Russia with love...


% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal...l-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '85.255.112.0 - 85.255.127.255'
inetnum: 85.255.112.0 - 85.255.127.255
netname: inhoster
descr: Inhoster hosting company
descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine
remarks: -----------------------------------
remarks: Abuse notifications to: abuse@inhoster.com
remarks: Network problems to: noc@inhoster.com
remarks: Peering requests to: peering@inhoster.com
remarks: -----------------------------------
country: UA
org: ORG-EST1-RIPE
admin-c: AK4026-RIPE
tech-c: AK4026-RIPE
tech-c: FWHS1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: RECIT-MNT
mnt-routes: RECIT-MNT
mnt-domains: RECIT-MNT
mnt-by: DAV-MNT
mnt-routes: DAV-MNT
mnt-domains: DAV-MNT
source: RIPE # Filtered
organisation: ORG-EST1-RIPE
org-name: INHOSTER
org-type: NON-REGISTRY
remarks: *************************************
remarks: * Abuse contacts: abuse@inhoster.com *
remarks: *************************************
address: OOO Inhoster
address: Poltavskij Shliax 24, Xarkov,
address: 61000, Ukraine
phone: +38 066 4633621
e-mail: support@inhoster.com
admin-c: AK4026-RIPE
tech-c: AK4026-RIPE
mnt-ref: DAV-MNT
mnt-by: DAV-MNT
source: RIPE # Filtered
person: Andrei Kislizin
address: OOO Inhoster,
address: ul.Antonova 5, Kiev,
address: 03186, Ukraine
phone: +38 044 2404332
nic-hdl: AK4026-RIPE
source: RIPE # Filtered
person: Fast Web Hosting Support
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 201.
address: UA
phone: +357 99 117759
e-mail: support@fwebhost.com
nic-hdl: FWHS1-RIPE
source: RIPE # Filtered

[mitchntx]

The IP address points back here... from Russia with love...

Probably some commie Mustang owner .... (IMG:http://www.frrax.com/rrforum/style_emoticons/default/rant.gif)

[35th_Anniversary...]

Actually the Ukraine is not part of "Russia"

[CrashTestDummy]

Opera is your friend. :-)

[bruecksteve]

Actually the Ukraine is not part of "Russia"

Actually, I know that, but saying from Urkraine with love didn't seem to have the same ring to it...

[BigEnos]

I get it once a day lately with IE/XP/McAfee

:stupid:

Same thing here.

[Unbalanced Engin...]

I'm not seeing anything with Symantec Corporate and either IE or Firefox.

Jason S.

[Guardsman]

I'm not seeing anything at home (Windows XP and AVG), or at work (Windows XP on the Navy Internet system).

Should I be seeing something, or is it just something that some anti-virus progrmas alert on, and others don't?????

[bruecksteve]

It's just a virus alert, and apparently more often from McAfee. It happened when I got on just a few seconds ago.

[Absolut Speed]

I have McAfee at work and tried it there, and indeed got the warning. That'll probably mean I'll have an IT guy in my office first thing tomorrow when they scan the logs. Argh.

[Mericet]

so basically, noone's using Firefox? wow... try it, it just might get rid of a lot spyware and other 'windows' problems that are really IE problems. I seriously eliminated 95% of 'internet doesn't work/computer is weird' calls from my parents by exchanging IE with FF.

I have been using Firefox for some time now.

I have not seen this problem at all. Running Win ME, AVG, and Firefox at work. I will not see anything at home as I do not use a virus checker there.

[Ynnek888]

The new ver 1.5 of Firefox seems to be faster and a bit cleaner. its still slower than IE... I use it at home.. Firefox has had its own major security holes, that have been patched too. You just don't hear much about them, cause Firefox is sitll a minority.

IE had some nasty holes, which were patched, but lots of people didn't actually patch them.. Since the majority of users are IE users, and the tons of them were running unpatched vers, alot of people got caught in various exploits, usually doing something stupid.

IOW, IE isn't as bad as people think it is. Especially with the latest updates.

Once IE brings out new window AND tabbed browsing functionaily like how FireFox provides, I'm switching back.

[teamDFL]

The messages have stopped. Thanks to whomever was responsible.

[trackbird]

The messages have stopped. Thanks to whomever was responsible.

Nobody. They just went away. We never found anything wrong. I think McAfee had some type of false alert.

[KeithO]

Yesterday, this site was blocked by my companies' firewall. I mentioned it to my boss and he said that IT was blocking anything that generated an alert (only seen by the IT department) because someone here had been surfing porn and HR got involved.

I said that it was probably inappropriate for me to be spending the time that I spend on this site during the day anyway. He said that it should not have been blocked and gave me a funny look.

Now, today, I have access again. I guess he fixed it for me. (IMG:http://www.frrax.com/rrforum/style_emoticons/default/beerchug.gif)

[Rob Hood]

Never saw these alerts using IE/XP/Norton Corporate.