Adding my small input, I've had Kaspersky Pure report infected links before trying to load together with Subsim.com. Now, even when blocking, it didn't stop the site from functioning, which would mean that there was some background link somewhere.

I'm just glad I can access Subsim again.

It's left with google trying to defame subsim or advanced hackers not happy with subsim content.

And judging from subsim content it could range from North Korea, Iran, Obama, or the corrupt children in Singapore offended by my blog link or simply a recently disgruntled immature forum member. . . .

But we never know for sure but the intention is surely to ruin the site's reputation and bring down the number of visitors and would be visitors.....to discourage them information or seeing content on this site.

My AV didn't report anything while loading subsim . . .so if there were something it was brief . .. .

I've got the red warning for two days, tried several scans with various progs and found nothing.
This morning it's gone.

Back to normal here too. (Firefox user)

I, too, am no longer experiencing 'attack site' complaints when using FireFox.

It is, perhaps, a little unfair to refer to stopbadware.org as a 'fly-by-night' company; worse, like another poster on this thread, to suggest that it might be involved in extortion.

I made a formal complaint yesterday to their contact e-mail address concerning the facts that:
a) SubSim was not an attack site (evidence: I had accessed SubSim.com repeatedly with FireFox and Internet Explorer, and then had made numerous anti-malware sweeps with different competing anti-virus/anti-spyware programs - no threat was ever seen.)
b) That there was no means for users to communicate to them on their web-pages that there was, in fact, no threat (or no longer a threat) and they should conduct fresh trials for malware.

I received, promptly back by e-mail, a friendly and knowledgeable answer acknowledging my points, stating that SubSim had already been taken off their 'attack sites' list, and agreeing that the real problem probably was attributable to links by users to infected third-party sites (a problem which could affect *any* website that allows readers to make comments, as well as SubSim itself), or alternatively malware delivered by one of SubSim's advertisers (probably unknowingly).

They still haven't addressed point (b) though.

Neal, if you're reading this:
I don't know whether the 'attack sites' problem is connected or not, but a click on my signature brings up a blank page, despite the fact that the files it should access are still there (seen by FTP). PM also sent.

Stiebler.

It's gone now the attack site warning is now GONE!

:yep:

I am still getting a red "malware detected!" warning, using Google Chrome.

here can help you find the culprit.

http://i4.imageban.ru/out/2010/10/21...f222b93bd6.jpg

I can't read the language but can you send the file mentioned on the third line through filedropper.com

That'd be the trojan, why on earth would he want to infect his PC just so he can send it to you? :O:

Received a FF update and problem is gone. Don't know if there related.

Thanks, can you translate the Cyrrilic text? When was that screenshot taken? Does anyone with English Kapeinsky AV get this? I will have to check again but I am pretty sure there are no javascripts in the forum other than the stock forum files.

thanks
Neal

Just got this:

21.10.2010 14:51:45 Web Anti-Virus Detected: HEUR:Exploit.Script.Generic Firefox betaword.co.cc /images/js.php//JIM

21.10.2010 14:51:47 Web Anti-Virus Detected: Trojan-Downloader.Java.Agent.hx Java(TM) Platform SE binary betaword.co.cc /images/jar5.php/bpac/a.class

21.10.2010 14:51:49 Web Anti-Virus Detected: Trojan-Downloader.Java.Agent.hw Java(TM) Platform SE binary betaword.co.cc /images/j.php/M8PFGFzL.class

This attack repeated 4 times. I'm using KAV Pure English version, latest database.

Man I just love KAV. Slows down computers to a halt, but creates a damn good barrier.

Hope this helps a bit.

I Found this in my quarantine folder of Nod32 it was never allowed to install

29/09/2010 …. drerlre.co.cc/client.zip… java/TrojanDownloader.agent.NBU trojan
29/09/2010 … drerlre .co.cc/1.zip ….. A variant of java/Mugade

(I removed the http:// to stop them being active links)

I connected using my Firefox browser http://www.silenthuntermods.com/foru...d/nononono.gif

As for you saying that my antivirus is a free $1 worthless package I would reply well At least it found the Trojans and blocked them the first time and to prove to you it was Real I was stupid enough to let them in.

29/09/2010 … drerlre.co.cc/client.zip …java/trojandownloader.agent.nbu
29/09/2010 … drerlre.co.cc/1.zip … a variant of java/mugade
I already said that they seemed to have gone

But I dont see why other people who in this instance are just blowing wind try to
Rubbish anyone who reported this

I can vouch that the trojan Seawolf is speaking of was there, I tried one of the links he posted above back then and my Avast picked it up aswell.

I also googled the address and it was listed on multiple malware/trojan prevention sites as a a trojan.

I have no idea why only few are getting these things, tho. :hmmm:

One thing to note is that most of these trojans (I think all but one) that have been reported are all coming from co.cc ending URLs.