virus on I1WQR webiste ?

[Guest]

FYI

DO NOT add your website on I1WQR listing, there is a worm (virus) attached
to the form according to kapersky anti-virus
-- http://***www.i1wqrlinkradio.com/form.htm***


Thierry

 

[David H. Lipman]

From: <Thierry>

| FYI
|
| DO NOT add your website on I1WQR listing, there is a worm (virus) attached
| to the form according to kapersky anti-virus
| -- http://***www.i1wqrlinkradio.com/form.htm***
|
| Thierry

This is what I got when I submitted form.htm to Virus Total.

Complete scanning result of "form.htm", processed in VirusTotal at 12/05/2006 01:45:49
(CET).

[ file data ]
* name: form.htm
* size: 7951
* md5.: 3622da73ad0ba2641d42575fe3a4c9c9
* sha1: b361bb70ee69a61b30b9ba2986d0e763e112f70a

[ scan result ]
AntiVir 7.2.0.46/20061204 found nothing
Authentium 4.93.8/20061204 found nothing
Avast 4.7.892.0/20061204 found nothing
AVG 386/20061204 found nothing
BitDefender 7.2/20061204 found nothing
CAT-QuickHeal 8.00/20061204 found nothing
ClamAV devel-20060426/20061204 found nothing
DrWeb 4.33/20061204 found nothing
eSafe 7.0.14.0/20061203 found nothing
eTrust-InoculateIT 23.73.75/20061203 found nothing
eTrust-Vet 30.3.3230/20061204 found nothing
Ewido 4.0/20061204 found nothing
F-Prot 3.16f/20061204 found nothing
F-Prot4 4.2.1.29/20061204 found nothing
Fortinet 2.82.0.0/20061204 found nothing
Ikarus 1.0.26/20061204 found nothing
Kaspersky 4.0.2.24/20061205 found [Email-Worm.VBS.Lee]
McAfee 4910/20061204 found nothing
Microsoft 1.1804/20061204 found nothing
NOD32v2 1899/20061204 found nothing
Norman 5.80.02/20061204 found nothing
Panda 9.0.0.4/20061203 found nothing
Prevx1 V2/20061205 found nothing
Sophos 4.12.0/20061204 found nothing
Sunbelt 2.2.907.0/20061130 found nothing
TheHacker 6.0.3.128/20061204 found nothing
UNA 1.83/20061204 found [I-Worm.Lee]
VBA32 3.11.1/20061204 found nothing
VirusBuster 4.3.15:9/20061204 found nothing

 

[Duh_OZ]

FYI

DO NOT add your website on I1WQR listing, there is a worm (virus) attached
to the form according to kapersky anti-virus
-- http://***www.i1wqrlinkradio.com/form.htm***


Thierry

=========
From: http://virusscan.jotti.org/

File: form.htm
Status: INFECTED/MALWARE
MD5 4d18167c92330dd330be543e2c6e2461
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found HTML.JScript.Lee
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Email-Worm.VBS.Lee
Fortinet Found nothing
Kaspersky Anti-Virus Found Email-Worm.VBS.Lee
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
===========

 

[David H. Lipman]

From: "Duh_OZ" <[email protected]>

| =========
| From: http://virusscan.jotti.org/
|

< snip >

I had the form.htm file decoded. Nothing in it looks malicious at all and it diplays the
same submission form as the original HTML page only it is humanly readable.

It appears that this is a False Positive declarartion.

If anyone wants to see the decoded HTML, I posted it in under the same named subject "virus on I1WQR webiste ?"

 

[Duh_OZ]

Strange results using Google. I cut and pasted the result
Email-Worm.VBS.Lee in Google (while on the group search page) and just
got one hit. I then clicked on the Web button and got:
==============
We're sorry...

... but your query looks similar to automated requests from a
computer virus or spyware application. To protect our users, we can't
process your request right now.

We'll restore your access as quickly as possible, so try again
soon. In the meantime, if you suspect that your computer or network has
been infected, you might want to run a virus checker or spyware remover
to make sure that your systems are free of viruses and other spurious
software.

We apologize for the inconvenience, and hope we'll see you again on
Google.
============

If I am on the Google web search page I can cut and paste it in (or
type it I guess) and it returns the hits, and I can flip back from
groups search to web search. If I cut and paste on the group search
first, I cannot use the web search as I get the above error. Bug in
Google I guess.

 

[info]

David H. Lipman ha scritto:

From: <Thierry>

| FYI
|
| DO NOT add your website on I1WQR listing, there is a worm (virus) attached
| to the form according to kapersky anti-virus
| -- http://***www.i1wqrlinkradio.com/form.htm***
|
| Thierry

This is what I got when I submitted form.htm to Virus Total.

Complete scanning result of "form.htm", processed in VirusTotal at 12/05/2006 01:45:49
(CET).

[ file data ]
* name: form.htm
* size: 7951
* md5.: 3622da73ad0ba2641d42575fe3a4c9c9
* sha1: b361bb70ee69a61b30b9ba2986d0e763e112f70a

[ scan result ]
AntiVir 7.2.0.46/20061204 found nothing
Authentium 4.93.8/20061204 found nothing
Avast 4.7.892.0/20061204 found nothing
AVG 386/20061204 found nothing
BitDefender 7.2/20061204 found nothing
CAT-QuickHeal 8.00/20061204 found nothing
ClamAV devel-20060426/20061204 found nothing
DrWeb 4.33/20061204 found nothing
eSafe 7.0.14.0/20061203 found nothing
eTrust-InoculateIT 23.73.75/20061203 found nothing
eTrust-Vet 30.3.3230/20061204 found nothing
Ewido 4.0/20061204 found nothing
F-Prot 3.16f/20061204 found nothing
F-Prot4 4.2.1.29/20061204 found nothing
Fortinet 2.82.0.0/20061204 found nothing
Ikarus 1.0.26/20061204 found nothing
Kaspersky 4.0.2.24/20061205 found [Email-Worm.VBS.Lee]
McAfee 4910/20061204 found nothing
Microsoft 1.1804/20061204 found nothing
NOD32v2 1899/20061204 found nothing
Norman 5.80.02/20061204 found nothing
Panda 9.0.0.4/20061203 found nothing
Prevx1 V2/20061205 found nothing
Sophos 4.12.0/20061204 found nothing
Sunbelt 2.2.907.0/20061130 found nothing
TheHacker 6.0.3.128/20061204 found nothing
UNA 1.83/20061204 found [I-Worm.Lee]
VBA32 3.11.1/20061204 found nothing
VirusBuster 4.3.15:9/20061204 found nothing

Riccardo
webmaster of. http://www.i1wqrlinkradio.com
in that file there isn't any virus.
The file is only crypted.

 

[David H. Lipman]

From: <[email protected]>



| Riccardo
| webmaster of. http://www.i1wqrlinkradio.com
| in that file there isn't any virus.
| The file is only crypted.


It was a False Positive and was corrected. Please read the whole thread.

 

[info]

David H. Lipman ha scritto:

From: <[email protected]>



| Riccardo
| webmaster of. http://www.i1wqrlinkradio.com
| in that file there isn't any virus.
| The file is only crypted.


It was a False Positive and was corrected. Please read the whole thread.

Riccardo.D
SPAM PREVENTION
the "form.htm" be "crypted soft/antispam" for protect my email address.