MoDaCo is undergoing planned maintenance. Site functionality may be reduced - follow @modaco or @paulobrien on Twitter for updates.

  • Announcements

    • Reminder - MoDaCo position on illegal content

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such software
      Nintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)


      CUSTOM ROMS

      You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not be hosted directly in topic via the MoDaCo attachment system
      ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)
      ROMs must give full credit to the original author
      This decision has been taken in light of the huge amount of interest in this area of device customisation within the community, and member feedback! Please note that custom ROM discussion should be kept in specific device sub-areas, (e.g. Kaiser.MoDaCo.com for Kaiser based devices). ISSUES If you have any issues with this policy, please contact me directly via PM. P
    • Support MoDaCo by signing up to a MoDaCo Silver or Gold membership

      To sign up to an annual MoDaCo Silver subscription which will eliminate all ads from the site (as well as giving you access to the MoDaCo Online Kitchens for Android) for only £9.99 using PayPal, Credit or Debit Card, ensure you are logged in to the site, and then click the link below, which will take you directly to the subscription store! You can also sign up to an annual MoDaCo Gold subscription for £29.99, which adds the benefits listed below! PURCHASE A MODACO SUBSCRIPTION - FREE Titanium Backup Mobile for Android worth $5.99! - FREE 1 year PrivateInternetAccess.com worth $39.95! - FREE 1 year LastPass Premium worth $12! - FREE CalcConvert for Pocket PC from Binaryfish worth $17.95! - FREE Calendar Bar for Pocket PC from OmegaOne worth $9.99! - FREE CamerAware for Pocket PC and Smartphone from MoDaCo worth £19.99 / $30! - FREE Chronos for Pocket PC from ActiveKitten worth $14.95! - FREE CodeWallet Pro for Smartphone and Pocket PC from DeveloperOne worth up to $24.95! - FREE Concentrix for Pocket PC from eSoft Interactive worth $9.95! - FREE FlexMail for Pocket PC and Smartphone from WebIS worth up to $59.90! - FREE FTouchSL for Pocket PC from Vekoff s.r.o. worth 10 euro / $12.50! - FREE Jewel Challenge for Pocket PC from eSoft Interactive worth $9.95! - FREE John Cody's Alerts Pro for Smartphone from Omnisoft worth $14.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> Dutch for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> French for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> German for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> Italian for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> Spanish for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> Dutch for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> French for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> German for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> Russian for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> Turkish for Smartphone from Lingvosoft worth $49.95! - FREE Note2Self for Pocket PC and Smartphone from WebIS worth up to $19.90! - FREE Opera 8.60 for Pocket PC and Smartphone from Opera Software worth up to $48! - FREE Pocket Informant for Pocket PC and Smartphone from WebIS worth up to $59.90! - FREE Pocket Launcher for Pocket PC and Smartphone from Conduits worth $9.95! - FREE PTab for Pocket PC and Smartphone from z4soft worth up to $60! - FREE Resco Explorer for Pocket PC and Smartphone from Resco worth up to $49.90! - FREE Safemode for Pocket PC from monocube worth $12.95 - FREE SplashPhoto for Pocket PC and Smartphone from SplashData worth up to $59.90! - FREE Sprite Backup for Pocket PC and Smartphone from Sprite Software worth $29.95! - FREE Teksoft Glyphs UI for Pocket PC and Smartphone from Teksoft €9.95! - FREE Teksoft HeadsetRemote for Pocket PC and Smartphone from Teksoft €4.95! - FREE Traffic Jam for Pocket PC from eSoft Interactive worth $9.95! - FREE unlock (1 per year) from imei-check.co.uk - DISCOUNT of 10% at MoDaCo FairDeal - DISCOUNT of 10% at Semsons.com - FORUM - AD FREE SITE - FORUM - custom rank / title - FORUM - double competition entries - FORUM - double post attachment space - FORUM - no search flood control - FORUM - priority event registration - FORUM - triple PM space
    • Reminder: Selling items on the forum directly is not allowed

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspensions / ban.

Adware / spyware in modaco adds?

13 posts in this topic

Posted · Report post

See screendump. Wasn't log'd in at the time. Syntax struck me as odd. Upon clicking 'no' it tried downloading anyway but my firewall stopped it....

IE6, fully patched, doing a full scan just in case :-(

Nowhere's safe on the t'interweb eh?

M.S

post-254928-1235255379_thumb.jpg

0

Share this post


Link to post
Share on other sites

Posted · Report post

More info:

The setTimeout function tells the browser to run the function ‘vparivatel’ in 60 seconds. This function will then redirect the browser to the page vparivatel.php on the same website. This then asks the user to download the file 1.exe.

This adds an element to the current page containing a pdf object. The pdf file that is loaded by this object attempts to exploit a vulnerability in Adobe Acrobat and Acrobat reader. This vulnerability affects versions prior to 8.1.2. If the exploit is successful it will download and execute the 1.exe file without requiring any interaction from the user.

The 1.exe file downloads and installs the rouge antivirus program Spyware Guard 2008. This program pretends to scan the system and falsely reports that the system is infected. In order to remove these ‘threats’ the users must pay for the full version. One clue for the user that this is not legitimate security software is the misspelling of 'security' in the tab on the left hand side.

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Yea my AVG is going nuts each time I visit the forum. It is saying "Exploit Link to known exploit site (type 502)" each time I view any MoDaCo page.... is this a false positive or is there something here?

EDIT:

Just saw your second post. I did notice it asked me download a PDF! Luckily I use FoxIt not Adobe Reader so hopefully I'm ok.

Gonna do a MalwareBytes scan just in case.

Thanks!

Edited by TheDrizzle
0

Share this post


Link to post
Share on other sites

Posted · Report post

Investigating...

P

0

Share this post


Link to post
Share on other sites

Posted · Report post

Should be gone now, continuing diagnosis...

P

0

Share this post


Link to post
Share on other sites

Posted · Report post

On the lappy Kaspersky found it as soon as I clicked on the site :(

Windows Onecare did not even flinch and let the little beatie screw up my main PC.

0

Share this post


Link to post
Share on other sites

Posted · Report post

Windows Onecare did not even flinch and let the little beatie screw up my main PC.

Should only be an issue if you allow the re-direct and file install by clicking on it, although *any* action in the dialogue box ( even clicking 'no') prompts for the download. I'd suggest you reset your browser security settings to default? My laptop has a corporate norton on there but I use onecare on other machine and it's usually very good.

M.S

0

Share this post


Link to post
Share on other sites

Posted · Report post

Did not get that far, the whole hard drive went in to overtime and the pc went as fast as an Orange ROM :(

Using FF and all security settings will be the default as I generally do not touch them, the same applies to Onecare.

I've found Onecare to be good in the past but then again after this just how good has it really been?

Some guys I know in the security business will only touch Kaspersky but as they say most threats will technically get though until someone reports them.

Now the pc seems to hang on a virus check, third time lucky...

0

Share this post


Link to post
Share on other sites

Posted · Report post

Did not get that far, the whole hard drive went in to overtime and the pc went as fast as an Orange ROM :(

Using FF and all security settings will be the default as I generally do not touch them, the same applies to Onecare.

I've found Onecare to be good in the past but then again after this just how good has it really been?

Some guys I know in the security business will only touch Kaspersky but as they say most threats will technically get though until someone reports them.

Now the pc seems to hang on a virus check, third time lucky...

Check the pop up blocker settings in firefox.

http://support.mozilla.com/en-US/kb/Pop-up+blocker

There are options to handle different file types differently. As this exploit uses a .pdf file it may be you have settings that allow downloads of pdfs ( which are usually safe and inert....)

Also from older posts on t'interweb (June 08) firefox automatically downloads stuff into a cache:

http://alanedwardes.com/posts/firefox-auto...-security-flaw/

"WTF? So does Firefox download stuff for you now? So it turns out it does. When I looked in the OneCare quarantine it displayed the path that the virus was found in. So, I was a bit worried when it turned out that the file was found in the Firefox cache folder. Interesting."

Which version firefox is it? There are/were multiple mutterings about incompatability with onecare for older versions. As onecare has now been discontinued (as some aspects are going to be incorporated in future free offerings from M$) I wouldn't expect too much development with the latest version of firefox etc. Shame as some of the advanced functions with onecare are very good.

I've always given Kaspersky a bit of a wide berth based on F-secure using their engine and being so poor at doing pretty much anything. Everyone has their own favourite and there will be fans and haters of every solution. Norton's 2009 suite has been re-written to improve system performance and is supposedly quite good now.

Kaspersky also uninstalls the very good, free, spybot s&d for no real reason...

http://forum.kaspersky.com/index.php?showt...mp;#entry768506

M.S

0

Share this post


Link to post
Share on other sites

Posted · Report post

Should be gone now, continuing diagnosis...

P

Still doing it - look at the URL it's trying to open, same as the last one, crashed my browser window this time though. :(

More diagnosis needed methinks?

M.S

post-254928-1235325872_thumb.jpg

0

Share this post


Link to post
Share on other sites

Posted · Report post

OK, looks like the owner of caribfinancing has found out about their security issue and is now redirecting calls to that page to google....which means due to the iframe remaining on every page footer every modaco page is being redirected to google! (unless you hit stop in time...).

Virus issue appears to have been resolved but obviously the site just needs tweaking back, watch this space...

0

Share this post


Link to post
Share on other sites

Posted · Report post

Should be all sorted now, nasty hackers... :(

P

0

Share this post


Link to post
Share on other sites

Posted · Report post

hi there i have this same problem on my site, ive deleted it many times from skins but it keeps coming back, please can you tell me how to get rid of it altogether

many thanks

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.