iAntivirus by PC Tools

Post Reply
Security_Wiz
Posts: 92
Joined: Sat Jun 28, 2008 7:46 pm

iAntivirus by PC Tools

Post by Security_Wiz » Wed Aug 27, 2008 9:43 pm

Hi,

I was looking up http://www.iantivirus.com in Alexa and stumbled upon the Wayback Machine. I clicked the first result in 2001 for iAntivirus, and it said "The ultimate porn resource." I immediately click away before it loaded. I'd like to know if now I'm infected, and if someone could test out that page on the Wayback Machine.

By the way, the iAntivirus website hasn't even been on for one year, so I wouldn't trust the Wayback Machine.

Guest

If you want to know if

Post by Guest » Thu Aug 28, 2008 3:34 am

If you want to know if you're infected, post a HiJackThis log at one of the sites I've listed below. You may already know all this stuff, considering your screen name of "Security_Wiz", but just in case (I apologize if I'm stating the obvious to you, but I don't know your experience level).

To Download HijackThis go to the following link below:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

1. Click on the "Download" button at the top of the page, then click on the "Download HijackThis Installer" link that will appear . . . it's the very first one.
2. Save HJTInstall.exe to your desktop.
3. Doubleclick on the HJTInstall.exe icon on your desktop. You may get the "open file - security warning" window asking you if you want to run the file. If so, just click "Run".
4. Click "Install". By default it will install HJT to C:\Program Files\Trend Micro\HijackThis and create a HJT icon on your desktop and launch HJT.
5. Click on the "Do a system scan and save a log file" button. It will scan and then save the log to Notepad.
6. Close HJT by clicking on the "X".
7. At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy (doing that copies the text to the clipboard, you won't see it yet....)
8. Go to any of the the Malware Removal forums listed below and Paste the log in a new thread. (To paste - if you use IE as your browser - just click on the "Edit" menu selection, and then "Paste" in the drop down menu)

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. WAIT until a security expert AT ONE OF THE SITES LISTED BELOW looks at your log and interprets it and posts a reply.

Aumha forum: http://forum.aumha.org/viewforum.php?f=30&sid=551c0164e43394407782f68c4c5ebcec

Bleeping Computer: http://www.bleepingcomputer.com/forums/forum22.html

Geeks to Go: http://www.geekstogo.com/forum/Malware-Removal-HijackThis-Logs-Go-Here-f37.html

Major Geeks: http://forums.majorgeeks.com/forumdisplay.php?f=35

Malware removal: http://malwareremoval.com/forum/viewforum.php?f=11&sid=f2bfaa366edf36e99e604bb09dfbfc16

Spyware Info: http://www.spywareinfoforum.com/index.php?showforum=18

Tech Support Guy: http://forums.techguy.org/54-malware-removal-hijackthis-logs/

What the Tech (formerly Tom Coyote forum): http://forums.whatthetech.com/HijackThis_Logs_and_Infections_Removal_f27.html


Be sure to read all the sticky announcements/instructions at the top of each malware forum!

You will probably have to register to post.

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

@Security_Wiz

Post by MysteryFCM » Thu Aug 28, 2008 4:48 am

Firstly, DO NOT post non-obfuscated URL's to suspicious/adult domains ...... thats just silly, not only does it give them referrals, it helps accidental clickity action by Joe Average.

Secondly, the Wayback Machine is just that - an ARCHIVE of websites. It stores copies of sites from YEARS ago. For the site you mentioned, it was first seen in 2001, and last seen in Feb 2008;

http://web.archive.org/web/*/http://www.iantivirus.com/

I've looked through the archives and can't see anything suspicious in the code (in 2001 it was up for sale by dotRegister and by 2005, had transferred through various other domain resellers until 2007 when it simply had ".?." on it's homepage until Feb 2008 when PCTools finally put something there (the WhoIs indicates an update on Nov-07, which was likely when PCT obtained the domain))

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 3 guests