Unsolved
This post is more than 5 years old
3 Apprentice
•
15.3K Posts
0
11112
Warning: Winfixer can be obtained by MIS-spelling "Symantec"
winfixer is the single-most-common piece of malware currently in circulation
there have been several reports offered as to it source...
as a warning / public-service, i will now list 3
alleged
BAD sites, that will create this problem.
THESE SITES MUST BE AVOIDED ---- DO *NOT* GO TO THEM.
Please note that, as a precaution (to keep people from accidentally clicking on these),
I have suppressed the link format, by replacing "
." by the WORD "dot"
BAD site: www dot Symant
ic dot com <====
BAD: Do *NOT* go here
BAD site: www dot 600pics dot com <====
BAD: Do *NOT* go here
BAD site: www dot gasbuddies dot com <====
BAD: Do *NOT* go here
Key point: the first site involves a deceptive MIS-spelling of Symantec....
the "i" is what makes that site bad...
but with an "e", it's the legitimate site for Norton products.
And there are probably many other sites generating winfixer as well, also based on mis-spellings... so we all have to be extra-careful.
Documentation of my information/allegations:
symant
ic source (
verified by the editors of C|Net / Download.com) :
600pics source (
listed by Computer Associates International):
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094807
gasbuddies source (
alleged by various sites, all essentially similar):
http://www.vegasgasprices.com/Forum_MSG.aspx?master=1&category=1055&topic=133293&page_no=1
[
with acknowledgement to RKinner, who helped get me started on this research, and who initially located a version of the 3rd site]
Message Edited by ky331 on 09-26-2005 03:01 PM
Bertha2
711 Posts
0
September 26th, 2005 16:00
Midnight Star
4.8K Posts
0
September 27th, 2005 11:00
=====
load: class BlackBox.class not found.
java.lang.ClassNotFoundException: BlackBox.class
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed.
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 10 more
load: class BlackBox.class not found.
java.lang.ClassNotFoundException: BlackBox.class
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed.
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 10 more
load: class Mein.class not found.
java.lang.ClassNotFoundException: Mein.class
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed.
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 10 more
=====
It's interesting to see what someone else wants to do to YOUR computer WITHOUT your permission or even knowledge.
Mike.
Midnight Star
4.8K Posts
0
September 27th, 2005 11:00
"Java" seems to be the way (vector) they are getting the "bad" files onto the target system (the one visiting those sites), at least on one of those sites (possibly all - didnt check) and their referee(s). A "Java" trace, shows three attempts to run a downloader program (a java based trojan downloader) which was embedded into the webpage, with an interesting finish...a window pops up saying
"Update done. Microsoft".
:)
=====
Mike.
Vandread
98 Posts
0
October 11th, 2005 19:00