ollyhume

When I load the site homepage I am alerted that file js.tongji.cn.yahoo.com/642262/ystat.js is infected. Apperently in is an 'Exploit JavaScript Obfusication (type 624)'. Anyone know what that means and how worried I should be? Anyone else getting the same message? I'm using AVG EDIT: It's on every page that I load on the site. I might stay away for a while until this is sorted. [ Last edited by ollyhume at 3-8-2009 23:01 ]

serena75

It's seems to be a malware. I found this information (read below). Run a virus scan on your computer, just in case. Maybe it's not on your computer, but on viptv. If it is, you can't do anything about it. We'll have to wait and see what admin says about it.

Quote:

This JavaScript (JS) malware may be hosted on a Web site and run when a user accesses the said Web site. Ones a user accesses the website where this malware is hosted, they will be automatically be redirected to certain malicous Web sites to download file. Trend Micro detects the downloaded files the following: * err.www404.cn/614.gif[/img] - detected by Trend Micro as VBS_PSYME.CIL * err.www404.cn/real10.gif[/img] - detected by Trend Micro as JS_REAPLAY.B * err.www404.cn/bf.gif[/img] - detected by Trend Micro as JS_EXPLOIT.GQ * err.www404.cn/lz.gif[/img] - detected by Trend Micro as JS_EXPLOIT.GR * err.www404.cn/real11.gif[/img] - detected by Trend Micro as JS_REALPLAY.AI * js.tongji.cn.yahoo.com/621252/ystat.js[/url] - unavailable It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

[ Last edited by serena75 at 3-9-2009 00:31 ]

ollyhume

Yeah I scanned my PC and it's clear. It's definately on viptv, hopefully they will remove it quickly. Thanks a lot for the quick reply and help, I really appreciate it.

waterlilybarb

I alerted admin to your post and the problem.

angelsj

Also getting this message, just so you know you are not alone

fatgerbil

I am getting the same message and i only get it on viptv each time i open a page. i am also using avg i have scanned my computer and found nothing

serena75

You're welcome. I haven't seen this warning at all. Maybe because I'm on vista.

ollyhume

I'm on vista too and it's happening on both my PC's. I think it might just be AVG that picks it up, it must just be one of the embeded adverts on the pages. It's probably just trying to do something it shouldn't like a re-direct or pop-up. I don't think it's something to worry about since no file is being downloaded. Although I am deleting my cookies when my browser closes just to be sure.

serena75

Thanks for letting us know. I'm not using AVG. I did a scan too and my computer is clean. [ Last edited by serena75 at 3-9-2009 13:34 ]

LaveticusPrime

I am using NOD32 virus program but I have not received any warning and my computer is running smoothly. I use the site everyday so I am not sure what the prob could be but I also think it could be that your virus program is reacting to an advert or something.

gabsimom

I use vista and When I had AVG it blocked the site for some unknown reason. I have never got a virus from here. I had to disable AVG everytime I came here and I was stil fine. It must be A bad combo of AVG and Vista.

vic1992

If your antivirus warned you, your computer is safe, the anti-virus took care of it. Make sure you update the virus signature file often to keep it up to date. There is an addon for firefox called NoScript. I advise people to install it and give permission only to trusted sites. Even then start with temporarily give permission. Javascript exploit is not a rare occurrence. Read about it here: http://noscript.net/ then click on get it. You'll need to restart Firefox after the install is done. Also in the Firefox preferences, don't allow third parties cookies. Don't allow popups. If you go on a site and you want the popup, you give this site only permission. Firefox will ask you. Hope this helps.

serena75

I found this information on another site.

Quote:

AVG has recently (in the last 24-48 hours) sent out an update to their Web Shield software. It now appears that this update is causing the software to incorrectly identify a perfectly safe page counting process as some kind of threat. As a result some users are receiving a threat alert when visiting forums at Aimoo as well as other websites. If you are among those affected you will receive a message saying this; Threat Detected! File name - js.tongji.cn.yahoo.com/611067/ystat.js Threat name - Exploit Javascript Obfuscation (type 624) Please note, this is a incorrect report, known as a false positive, and there is NO THREAT. If you are affected please report this to AVG to ensure they are aware of the extent of the problem. The more complaints they receive the quicker they will send out an update to correct the issue. Just send an email to virus@avg.com and include a link to the website in question along with the information of what was being detected, i.e. the info listed in the error message. You do not need to include a screen shot, simply quoting the above information will be adequate.

vic1992

Ah, so it was a false positive. Good work Serena. My advice holds all the same, lots of javascript exploits out there.

waterlilybarb

Thank you Serena. I, too, use AVG - did a scan of my computer and found nothing. I have sent the info you found on to admin. Much appreciated.

serena75

Thanks, vic. You're welcome, barb

ollyhume

Seems to be corrected now, panic over. Thanks everyone, You proved there are still nice people around.