Members whose system was infected by the recent virus outbreak ONLY
08-05-2010, 12:54 PM
#81
Some of us are seeing references to http://autodiva.ru when browsing the forum. If you look in your temporary internet files folder, you'll probably see a file named 1.html (http://autodiva.ru/1.html).
That HTML file contains this script...
Maybe somebody a lot smarter than me can figure out what that is doing. I looks like it's generating hits on their website.
That HTML file contains this script...
<!--LiveInternet counter--><script type="text/javascript"><!--
document.write("<a href='http://www.liveinternet.ru/click' "+
"target=_blank><img src='//counter.yadro.ru/hit?t14.2;r"+
escape(document.referrer)+((typeof(screen)=="undefined")?"":
";s"+screen.width+"*"+screen.height+"*"+(screen.colorDep th?
screen.colorDepth:screen.pixelDepth))+";u"+escape(document.U RL)+
";"+Math.random()+
"' alt='' title='LiveInternet: показано число просмотров за 24"+
" часа, посетителей за 24 часа и за сегодня' "+
"border='0' width='88' height='31'><\/a>")
//--></script><!--/LiveInternet-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-17571440-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
document.write("<a href='http://www.liveinternet.ru/click' "+
"target=_blank><img src='//counter.yadro.ru/hit?t14.2;r"+
escape(document.referrer)+((typeof(screen)=="undefined")?"":
";s"+screen.width+"*"+screen.height+"*"+(screen.colorDep th?
screen.colorDepth:screen.pixelDepth))+";u"+escape(document.U RL)+
";"+Math.random()+
"' alt='' title='LiveInternet: показано число просмотров за 24"+
" часа, посетителей за 24 часа и за сегодня' "+
"border='0' width='88' height='31'><\/a>")
//--></script><!--/LiveInternet-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-17571440-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
08-05-2010, 02:42 PM
#82
^^yep, I'm no tech, but there are references to java and I think this might be one of the causes for the trojan/virus warnings. Also google analytics..When browsing the forum, the bottom left corner will often direct to autodiva.ru and google-analytics.This script is embedded in the website?
08-05-2010, 04:33 PM
#84
Registered User
iTrader: (12)
Join Date: Jun 2003
Location: Little Rock
Posts: 2,332
Likes: 0
Received 0 Likes
on
0 Posts
is that what we are reduced to? instead of IB fixing this after weeks, we're just going to tip toe thru the mine field this place is becoming? With all due respect, as I maintain production servers myself and fully understand the challenge here, this deserved their FULL attention the minute reports came in. To leave this situation as it is for weeks now is irresponsible at best. Do they really not care at all about us? While nobody should ever fully trust any web content, it's really not fair to members who do trust this site and expect ads served thru it to be legit. I think surfing **** is safer than checking my PMs now.
08-09-2010, 01:38 PM
#98
I dont know either. I got literally 5 different popups from spybot saying so and so wants to change your registry startup. If it isnt directly related to a program i have installed i always deny. However, i was on the site earlier that same day and nothing happened. So im not sure. Might be a different browser, i use google chrome because it lightweight. I run a lot of programs at once. I really dont know why some are getting it and others not.
