Raul6, on Feb 22 2009, 18:48, said:
what virus is being detected by what software?
Mysterious Stranger, on Feb 21 2009, 22:38, said:
The setTimeout function tells the browser to run the function ‘vparivatel’ in 60 seconds. This function will then redirect the browser to the page vparivatel.php on the same website. This then asks the user to download the file 1.exe.
This adds an element to the current page containing a pdf object. The pdf file that is loaded by this object attempts to exploit a vulnerability in Adobe Acrobat and Acrobat reader. This vulnerability affects versions prior to 8.1.2. If the exploit is successful it will download and execute the 1.exe file without requiring any interaction from the user.
The 1.exe file downloads and installs the rouge antivirus program Spyware Guard 2008. This program pretends to scan the system and falsely reports that the system is infected. In order to remove these ‘threats’ the users must pay for the full version. One clue for the user that this is not legitimate security software is the misspelling of 'security' in the tab on the left hand side.
RoadTrip, on Feb 22 2009, 19:09, said:
How do I tell if I got it and how do I get rid of it?
It's a rogueware / malware app to get you to pay for some software you don't need. Use adaware and spybot or similar and if you've got it they'll detect it.