AlbertLionheart
Posts: 1,997 +3
Anyone else seen this - looks like someone has been messing with their web site! Pity as this is a good tool!
[In Progress] HiJackThis compromised
- Thread starter AlbertLionheart
- Start date
Bobbye
Posts: 16,313 +36
What site would that be? This looks fine to me.
http://free.antivirus.com/hijackthis/
Please be more specific.
I see one thread with this subject Wow acc got compromised (HijackThis & mbam logs)Wow acc got compromised (HijackThis & mbam logs) HERE.
But the 'compromise' refers to the OP system, not the program or site.
http://free.antivirus.com/hijackthis/
Please be more specific.
I see one thread with this subject Wow acc got compromised (HijackThis & mbam logs)Wow acc got compromised (HijackThis & mbam logs) HERE.
But the 'compromise' refers to the OP system, not the program or site.
AlbertLionheart
Posts: 1,997 +3
You should have looked at their website as I said - this is http://www.hijackthis.de - go have a shufti !
Bobbye
Posts: 16,313 +36
This is a site located in Germany> that what the country code 'de' stand for. I cannot load the site as Eszet Nod32 blocks access due to:
This occurred on an Open Source Portal named Joomia
It is also now occuring on a site named SobstvEnBizNes. net[/b[
From what I'm seeing, it looks like Eset Nod32 is the only AV bringing this up and causing the problem. Virustotal was run and came out clean.
Bottom line:
C:\Program Files\ESET\ESET NOD32 Antivirus\Shahed.exe Win32/HackAV.BS application
C:\Windows\Temp\temp.txt HTML/ScrInject.B.Gen virus
Users with a pirated version of Eset Nod32 seem to be the ones getting this on their system. So the infection is actually from an infected file that came with the pirated Eset.
Same block on hijackthis.de, joomis and the one above. I would guess that there may be other sites if you want to look them up.
http://forum.joomla.org/viewtopic.php?p=2192135
http://forums.malwarebytes.org/index.php?showtopic=49813
.
Code:
HTM/ScrInject.B.Gen VirusIt is also now occuring on a site named SobstvEnBizNes. net[/b[
From what I'm seeing, it looks like Eset Nod32 is the only AV bringing this up and causing the problem. Virustotal was run and came out clean.
Bottom line:
C:\Program Files\ESET\ESET NOD32 Antivirus\Shahed.exe Win32/HackAV.BS application
C:\Windows\Temp\temp.txt HTML/ScrInject.B.Gen virus
Users with a pirated version of Eset Nod32 seem to be the ones getting this on their system. So the infection is actually from an infected file that came with the pirated Eset.
Same block on hijackthis.de, joomis and the one above. I would guess that there may be other sites if you want to look them up.
http://forum.joomla.org/viewtopic.php?p=2192135
http://forums.malwarebytes.org/index.php?showtopic=49813
.
AlbertLionheart
Posts: 1,997 +3
I'm in the UK so maybe this is why there are fewer controls.
Also Kaspersky failes to find fault with the site.
Also Kaspersky failes to find fault with the site.
AlbertLionheart
Posts: 1,997 +3
When I rewported it, the site was compromised. It was a warning only. It was fixed some 24 hrs after I reported it. So when you finally got to look at it, everything was perfectly normal.
Similar threads
