Members whose system was infected by the recent virus outbreak ONLY
Some of us are seeing references to http://autodiva.ru when browsing the forum. If you look in your temporary internet files folder, you'll probably see a file named 1.html (http://autodiva.ru/1.html).
That HTML file contains this script...
Maybe somebody a lot smarter than me can figure out what that is doing. I looks like it's generating hits on their website.
That HTML file contains this script...
<!--LiveInternet counter--><script type="text/javascript"><!--
document.write("<a href='http://www.liveinternet.ru/click' "+
"target=_blank><img src='//counter.yadro.ru/hit?t14.2;r"+
escape(document.referrer)+((typeof(screen)=="undefined")?"":
";s"+screen.width+"*"+screen.height+"*"+(screen.colorDep th?
screen.colorDepth:screen.pixelDepth))+";u"+escape(document.U RL)+
";"+Math.random()+
"' alt='' title='LiveInternet: ïîêàçàíî ÷èñëî ïðîñìîòðîâ çà 24"+
" ÷àñà, ïîñåòèòåëåé çà 24 ÷àñà è çà ñåãîäíÿ' "+
"border='0' width='88' height='31'><\/a>")
//--></script><!--/LiveInternet-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-17571440-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
document.write("<a href='http://www.liveinternet.ru/click' "+
"target=_blank><img src='//counter.yadro.ru/hit?t14.2;r"+
escape(document.referrer)+((typeof(screen)=="undefined")?"":
";s"+screen.width+"*"+screen.height+"*"+(screen.colorDep th?
screen.colorDepth:screen.pixelDepth))+";u"+escape(document.U RL)+
";"+Math.random()+
"' alt='' title='LiveInternet: ïîêàçàíî ÷èñëî ïðîñìîòðîâ çà 24"+
" ÷àñà, ïîñåòèòåëåé çà 24 ÷àñà è çà ñåãîäíÿ' "+
"border='0' width='88' height='31'><\/a>")
//--></script><!--/LiveInternet-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-17571440-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
^^yep, I'm no tech, but there are references to java and I think this might be one of the causes for the trojan/virus warnings. Also google analytics..When browsing the forum, the bottom left corner will often direct to autodiva.ru and google-analytics.This script is embedded in the website?
Probably not the website, likely something feeding the ads.
If you use IE, you can add autodiva.ru to the Restricted Sites and that will stop it from running the script. There may be an equivalent function in other browsers.
If you use IE, you can add autodiva.ru to the Restricted Sites and that will stop it from running the script. There may be an equivalent function in other browsers.
is that what we are reduced to? instead of IB fixing this after weeks, we're just going to tip toe thru the mine field this place is becoming? With all due respect, as I maintain production servers myself and fully understand the challenge here, this deserved their FULL attention the minute reports came in. To leave this situation as it is for weeks now is irresponsible at best. Do they really not care at all about us? While nobody should ever fully trust any web content, it's really not fair to members who do trust this site and expect ads served thru it to be legit. I think surfing **** is safer than checking my PMs now.
Thread Starter
Retired Admin
iTrader: (95)
Joined: Dec 2000
Posts: 1,337,017,813
Likes: 78
From: Dallas / Chicago
I'm using FF with ABP, though.
Last edited by JCat; Aug 9, 2010 at 06:46 AM.
I dont know either. I got literally 5 different popups from spybot saying so and so wants to change your registry startup. If it isnt directly related to a program i have installed i always deny. However, i was on the site earlier that same day and nothing happened. So im not sure. Might be a different browser, i use google chrome because it lightweight. I run a lot of programs at once. I really dont know why some are getting it and others not.