Terje Posted July 11, 2006 Posted July 11, 2006 Recently bytezandpieces.com has contracted a virus of the trojan variety. I'm not sure how it got it, but it certainly has a trojan of some kind. I couldn't find much in the way of information on it, save for that it tries to load a .wmv. Avg picks it up before it causes too much trouble. Also, it usually crashes IE. Any advice on how to clear this up? Quote
stevevan Posted July 11, 2006 Posted July 11, 2006 (edited) Have you googled the trojan's name? Oh...and welcome to the forums! Edited July 11, 2006 by stevevan Quote
TCH-Bruce Posted July 11, 2006 Posted July 11, 2006 Welcome to the forums. Are you sure of the spelling? I've searched several databases and have found nothing on Xplad.v Quote
TCH-Thomas Posted July 11, 2006 Posted July 11, 2006 Welcome to the forum, Terje. I searched a bit and did not find the exact name you are saying but I found info on some with similar names. See if these helps: http://www.pestpatrol.com/spywarecenter/pest.aspx?id=24731 http://www.pandasoftware.com/com/virus_info/encyclopedia/overview.aspx?idvirus=31604&sitepanda=particulares Quote
sass Posted July 20, 2006 Posted July 20, 2006 I help run bytezandpieces.com, and today while I was fiddling around I noticed that the site is downloading the trojan from the following address: zbzppbwqmm.biz/dl/adv493.php I also noticed the program "webalizer" in my tmp file and wasn't sure if this was related or not. I am not up on script enough to be able to pick out what on my page is causing me to download from this website, and webalizer is open source so I asume it could be used for good or evil. Any suggestions? Thanks, Sass Quote
TCH-Bruce Posted July 20, 2006 Posted July 20, 2006 Welcome to the forums Sass Webalizer is a site statistics script similar to AwStats. This should not be downloading anything. Quote
sass Posted July 20, 2006 Posted July 20, 2006 Welcome to the forums Sass Webalizer is a site statistics script similar to AwStats. This should not be downloading anything. That's good to know. I still wonder what is telling my site to download the trojan. Quote
sass Posted July 20, 2006 Posted July 20, 2006 Just an update: I found a calling card by someone calling himself "Partizan." He links to the following site: http://kizil.org/. I wasn't sure if there was a procedure for reporting these guys or what, but I think he is exploiting our news management system. I'm working on it as we speak. Sass Quote
sass Posted July 20, 2006 Posted July 20, 2006 One more update, the full name of the trojan is xpladv493[1].wmf I recently saw one other site that it had hit, it isn't very widespread yet apparently. Quote
stevevan Posted July 21, 2006 Posted July 21, 2006 I just did a google search and came up with two entries. One of them had to do with Joomla! v 1.0.10 (the latest one). The entry was written in Dutch, but you can bet I'll be paying a little more closer attention to the Joomla! web site in the coming month or so! Quote
Madmanmcp Posted July 21, 2006 Posted July 21, 2006 I noticed that the site is downloading the trojan from the following address: zbzppbwqmm.biz/dl/adv493.php Not sure why you are downloading but this appears to be a legit site. The whois data on the domain appears to be a real person and all the information "looks" real. When you goto the domain h_tp://zbzppbwqmm.biz/ it brings up a "Fedora Core Test Page". Quote
stevevan Posted July 21, 2006 Posted July 21, 2006 Have a look at this site for some interesting info on this. Quote
TCH-JimE Posted July 21, 2006 Posted July 21, 2006 It looks like the original person on the Joomla website was at 1.0.8 and it may have already been there before they updated to 1.0.10 If your still having problems, backup your joomla website and remove all the files and upload a fresh set. If you have an upto date window XP, it should be patched againest this flaw. JimE Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.