Trojan on Techspot main page?

By tkteo
Feb 2, 2004
Post New Reply
  1. When loading www.techspot.com, McAfee AV tells me that a trojan called "Exploit-URL-Spoof.gen" has been detected.

    Is anyone else able to verify this?
  2. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    Since this has come up I'll post what happened to me yesterday.

    Using MyIE2, I had several windows open, TechSpot among them, and I was looking at some other forums. These were forums that I had done a Google search for, looking for a fix to a problem. There was one very small forum that, when I opened it, I got a popup from my AV, Norton 2004, that a trojan had been detected and could not be fixed. I was also redirected to a porn site, which I immediately clicked off of.

    Now I don't for one second think that this alert was caused by TS, but the forum that I was looking at appeared to be legitimate, and did show up in a Google search, BUT, it must have been fake, and I don't even remember the name of it. And I probably had seven or eight windows open at the time.

    About all I can say is, I was totally shocked when this happened. Norton told me I had a Trojan, that it could not fix. It said to shut down and roboot into safe mode and run a virus scan, which I did. It didn't find a thing, so I don't have a clue if it was for real or not. And I have all the latest updates, for XP as well as Norton. Anyway, in addtion to the scan, I cleared the history, all cookies and temp. files.

    Again, I want to make clear, I don't see how it's possible it could have come from TS and don't believe that it did.
  3. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    Also, I just noticed that there is an article on the front page of TS, about just what may have happened to me. I might have been redirected when I looked at that forum.
  4. Julio Franco

    Julio Franco TechSpot Editor Posts: 6,523   +312

    Thanks for the feedback... however I control all TS' HTML and obviously there is no way that is possible, unless we have been silently hacked or something... ?!?

    I would appreciate any more feedback on the matter.
  5. Goalie

    Goalie Newcomer, in training Posts: 703

    Without knowing how the TS system works, it's possible that this comes from banner ads being hosted offsite, or if a javascript/#include is used to generate the banner ads- remote site graphics throws errors in many programs. Might be curious to know if Spybot S&D detects anythign when the virus scanners run.

    Just some things to look at, dunno if they'll help- if it's cross domain or outta domain that can throw warnings with spy/adware programs, virus scanners, and even firewalls. Doubt it'll be of too much concern, but might give you a starting point.
  6. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    In my case, I forgot to mention, I did run Ad-aware and SpyBot, and checked my ZAP logs. They found nothing at all. I guess it was a false alarm, at least I hope so.
  7. Nodsu

    Nodsu Newcomer, in training Posts: 9,431

    Isn't it the IE update article that features an IE URL spoof link? It's obvious that newer web filtering software would pick that up.
  8. Per Hansson

    Per Hansson TS Server Guru Posts: 1,930   +123 Staff Member

    Sorry, yes Nodsu, you are correct, it was my IE news thingy that made that alert...

    I had no idea AV software did that... (F-Secure didn't alert me)
  9. StormBringer

    StormBringer Newcomer, in training Posts: 2,871

    It may be a script used by one of the ads. I occasionally get trojan block alerts from NPF while on TS pages, though it happens at several other sites with ads as well. I have also noticed that if I have the adblocker enabled, I don't get the alerts. that is why I figured it was an ad causing it. It is quite common for harmless scripts to be detected as trojans and such.
  10. kempermike

    kempermike Newcomer, in training

    spoof.gen

    I started having this same problem a couple of weeks ago. It is showing as a spoof.gen in Microsoft application data with a file stm0x30000088.00 attached to the spoof.gen trojan alert.

    McAfee has been unable to help me find any way to get rid of the file causing this, Microsoft won't even admit that it exists despite me sending them a screen shot of the McAfee pop-up alert and SpyBot S&D and Adaware cannot find anything.

    If anyone comes up with a way to get rid of this thing, please let me know.

    Mike K
  11. Per Hansson

    Per Hansson TS Server Guru Posts: 1,930   +123 Staff Member

    If you got it while viewing the news I posted simply clearing your browsers Temporary Internet Files should get rid of it...

    Though it's nothing harmful, just a strange string of text that brings you to Techspot instead of Microsoft (it was just for demonstrational purposes and also for people to be able to verify if the patch was successfull or not...)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.