The last two times I have logged in to this site from my work computer, Virus Scan has picked up a JS/Wonka virus. I am about as computer savvy as the Pope is Casanova, so I was hoping someone can tell me what this means and perhaps if I have anything to worry about since my home computer software (AVG) detected nothing. Thanks?

I have seen the same thing the last two days and one of our members had an exchange with his IT department about some other issues (or the same one, not sure yet).

I have no answers yet, but I'm looking into it.

Are you using McAfee? I get a pop up sometimes for this virus, I'm not sure if it's valid.

http://us.mcafee.com/virusInfo/default.asp...&virus_k=135834

I got the J/S Wonka trojan twice. Yeasterday, and just now. McAffee picked it up.

Aria

Add me to the list too..

Last 2 days hear too!!

John

No problems here, but I DO have "script blocking" turned on...

I have McAfee at home and I get the alert too. It doesn't happen from work.

Has it just been recently or how long have you guys been getting the alert?

I have been notified of the Virus for the last 3 days!

Gary

I've seen it the last two days. The question is, did McAffe update or did we catch something?

I'll have to get after it tonight. I can't do anything from work.

That link has a place to refer "invalid occurences" for them to look at. Did anyone send them the frrax link for their input? (I can't do it from work) and see if they see it?

The sum total of my knowledge is in the first post. I am sorry that I cannot be more helpful but the brand of software is determined by my corporation and my level of computer knowledge is generously described as limited.

No sweat. I got it first yesterday, a few others have seen it since Sunday. I use Norton at home, and McAffee at work. So, we know that McAffee will pick it up and it started 3 days ago. That's good information to start with. I'll get with some people tonight and start turning over rocks and see what I can find out.

I have McAffee and I've seen the notice on my laptop, my desktop, and at work since Sunday. I scanned the hard drives on my laptop and desktop and it found nothing. FWIW.

Me too. At work we use McAffee.

I will try it tonight at home where I use Norton and see if there is still a warning.

let's have a tally, who's still using IE vs Firefox/Mozilla/Safari?
IE right now has a FULL REMOTE HOLE, as in go to a 'bad' site and they can run whatever they want on your computer!!!!
MS of course refused to patch it for the past 6-7 months...
i have no problems, but than again, i don't even know where IE is these days...

I was on IE.

Marcin, this is part of that stuff I sent you last night. I'm not sure it's all related, but it's what I was looking to bug you about.

IE, XP, Norton IS, script blocking on, behind a NAT router. No issues.

BTW, the description I get is:So, I guess if the site software has HTML code that points to a script that doesn't get a user permission to execute, it flags the potential for malicious code, not that it found any per se. Am I reading that right?

If that's true, I would assume that because I've blocked JS execution, that's why I don't get the notice?

My virus protector picked it up as well.

im on IE6 and i only have microsoft antispyware. nothing has shown up on my comp and i havent had anything odd happening.

I've got IE, with no virus stuff. I simlpy save everything that I want to keep to an external hard disk every few weeks, then wipe the computer clean and reinstall Windows. Screw the anti-virus people - I think they're the ones making the viruses (not the companies, but the workers)!!

Same here. No problems.

I've been getting it maybe once a day when I go here. I use Maxthon for my browser and McAfee for virus stuff.

IE with Norton @ work, no problems
Maxthon with nothing at home, though I have scanned my computer multiple times this week with housecall online virus scanner and no viruses found. (trying to figure out why POS XP Pro is giving me machine check exception)

I'm running IE on win 2k with Computer Associates eTrust Antivirus. I've gotten a few warnings on this virus when viewing this site over the last week or so.

Maxthon with Norton. I just ran the updates and a virus scan, didn't find anything.

As a side note, my smilies aren't animated. Is that a part of script blocking?

Maxthon issue.

small price to pay to be able to resize pics

My machine_check_exception was due to adding a Cisco PCI wireless card which I have since taken out and will be using for target practice with my 12 ga model 11 =)

I get notting at all ever McAfee run's every night!

i've been picking up the virus the last three days, it gets cleaned everytime and I never show any others, it's more of a hassle than anything I suppose

IE 6/XP/McAfee/Adaware

I never saw a problem on my work PC, but it instead notified the IT department. As a group, they called me to see what I was doing. (Maybe the message here is that I go to the this site too much at work.)

...I couldn't help but say I was having trouble getting to hotchicks.com and was wondering if they could assist me.

I get it once a day lately with IE/XP/McAfee

I got the same message this morning. I came here from a different site to make sure it was not that.

Using latest ver of IE

and VirusScan Ent 8

VirusScan gave me an alert when I visited this site.

so basically, noone's using Firefox? wow... try it, it just might get rid of a lot spyware and other 'windows' problems that are really IE problems. I seriously eliminated 95% of 'internet doesn't work/computer is weird' calls from my parents by exchanging IE with FF.

How do I get it? How much is it? I am no lover of IE, it is just easy because it is on the computer already.

I started using Firefox over the summer, but for some reason it was locking up or shutting itself down. That's when I switched to Maxthon and my smilies stopped working, Firefox and IE too!

www.maxthon.com
www.mozilla.com Firefox

I get the same warning thing here.

FWIW, I checked on the cache file in question, it is redirecting to the following URL.

(DO NOT CLICK ON THE LINK)
http: // 85.255.113.83/users/fill/web/count.php?id=nan24

Might be worth checking the files on the site, look for the newest modified date on the php or html files, and then you might need to correct that file. A site that I run had a similar problem earlier this year. I found a new text file with a similar URL in it. I checked the index.php file, and found a line of code that directed it to look at the text file. I removed that line of code, and removed the text file, no issues since.

to get firefox go to

http://www.mozilla.com/firefox/

also, for extensions go to:

http://extensionroom.mozdev.org/

and

https://addons.mozilla.org/extensions/?appl...ication=firefox

if you're really into IE just don't like being 0wned, you might even find a skin that will make it look like IE

Good info.

fyi, I edited the post to disable the link.

It happened to me tonight on our SoloAtlanta Forum http://soloatlanta.com/forum/index.php?act=idx

So it's not just limited to this forum.

The IP address points back here... from Russia with love...


% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal...l-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '85.255.112.0 - 85.255.127.255'
inetnum: 85.255.112.0 - 85.255.127.255
netname: inhoster
descr: Inhoster hosting company
descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine
remarks: -----------------------------------
remarks: Abuse notifications to: abuse@inhoster.com
remarks: Network problems to: noc@inhoster.com
remarks: Peering requests to: peering@inhoster.com
remarks: -----------------------------------
country: UA
org: ORG-EST1-RIPE
admin-c: AK4026-RIPE
tech-c: AK4026-RIPE
tech-c: FWHS1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: RECIT-MNT
mnt-routes: RECIT-MNT
mnt-domains: RECIT-MNT
mnt-by: DAV-MNT
mnt-routes: DAV-MNT
mnt-domains: DAV-MNT
source: RIPE # Filtered
organisation: ORG-EST1-RIPE
org-name: INHOSTER
org-type: NON-REGISTRY
remarks: *************************************
remarks: * Abuse contacts: abuse@inhoster.com *
remarks: *************************************
address: OOO Inhoster
address: Poltavskij Shliax 24, Xarkov,
address: 61000, Ukraine
phone: +38 066 4633621
e-mail: support@inhoster.com
admin-c: AK4026-RIPE
tech-c: AK4026-RIPE
mnt-ref: DAV-MNT
mnt-by: DAV-MNT
source: RIPE # Filtered
person: Andrei Kislizin
address: OOO Inhoster,
address: ul.Antonova 5, Kiev,
address: 03186, Ukraine
phone: +38 044 2404332
nic-hdl: AK4026-RIPE
source: RIPE # Filtered
person: Fast Web Hosting Support
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 201.
address: UA
phone: +357 99 117759
e-mail: support@fwebhost.com
nic-hdl: FWHS1-RIPE
source: RIPE # Filtered

Probably some commie Mustang owner ....

Actually the Ukraine is not part of "Russia"

Opera is your friend. :-)

Actually, I know that, but saying from Urkraine with love didn't seem to have the same ring to it...

:stupid:

Same thing here.

I'm not seeing anything with Symantec Corporate and either IE or Firefox.

Jason S.

I'm not seeing anything at home (Windows XP and AVG), or at work (Windows XP on the Navy Internet system).

Should I be seeing something, or is it just something that some anti-virus progrmas alert on, and others don't?????

It's just a virus alert, and apparently more often from McAfee. It happened when I got on just a few seconds ago.

I have McAfee at work and tried it there, and indeed got the warning. That'll probably mean I'll have an IT guy in my office first thing tomorrow when they scan the logs. Argh.