TechSpot

[In Progress] HiJackThis compromised

By AlbertLionheart
Sep 27, 2011
  1. Anyone else seen this - looks like someone has been messing with their web site! Pity as this is a good tool!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What site would that be? This looks fine to me.
    http://free.antivirus.com/hijackthis/

    Please be more specific.

    I see one thread with this subject Wow acc got compromised (HijackThis & mbam logs)Wow acc got compromised (HijackThis & mbam logs) HERE.

    But the 'compromise' refers to the OP system, not the program or site.
     
  3. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Topic Starter Posts: 2,026

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is a site located in Germany> that what the country code 'de' stand for. I cannot load the site as Eszet Nod32 blocks access due to:
    Code:
     HTM/ScrInject.B.Gen Virus
    
    
    This occurred on an Open Source Portal named Joomia
    It is also now occuring on a site named SobstvEnBizNes. net[/b[

    From what I'm seeing, it looks like Eset Nod32 is the only AV bringing this up and causing the problem. Virustotal was run and came out clean.

    Bottom line:
    C:\Program Files\ESET\ESET NOD32 Antivirus\Shahed.exe Win32/HackAV.BS application
    C:\Windows\Temp\temp.txt HTML/ScrInject.B.Gen virus


    Users with a pirated version of Eset Nod32 seem to be the ones getting this on their system. So the infection is actually from an infected file that came with the pirated Eset.

    Same block on hijackthis.de, joomis and the one above. I would guess that there may be other sites if you want to look them up.

    http://forum.joomla.org/viewtopic.php?p=2192135
    http://forums.malwarebytes.org/index.php?showtopic=49813
    .
     
  5. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Topic Starter Posts: 2,026

    I'm in the UK so maybe this is why there are fewer controls.
    Also Kaspersky failes to find fault with the site.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You may want to check alarming messages out well before you post them. All of the information I posted is on the internet. You did not make any specific comments, just the one damning sentence!
     
  7. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Topic Starter Posts: 2,026

    When I rewported it, the site was compromised. It was a warning only. It was fixed some 24 hrs after I reported it. So when you finally got to look at it, everything was perfectly normal.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Maybe you could edit the subject?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...