iframe virus found in Left 4 Dead

[udm]

I join this particular server, hosted by this organisation called e-club. I believe it's from Malaysia, Southeast Asia. Anyway, avast reports that the iframe virus was found in the message of the day banner, as well as the mini banner when you press TAB to check your ping. How true is this? Is this a false positive? Can anyone verify this?

[Lisandro]

Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe?
Wasn't the site hacked?

[udm]

It is an iframe, but it is viewed from the game

If any of the avast tech support team has L4D, you may check out this thread, which lists some of its servers:

http://forum.lowyat.net/topic/788783

Their site can be found here:

http://www.e-clubmalaysia.com/

Though, apparently nothing seems to be going wrong with the site itself

I know its asking for too much, but I would really appreciate it if I can solve this to get some sleep. It's been making me quite worried.

[polonus]

Hi udm,

But this is weird looking there and I do not know if it is not malcontent script:

Code: [Select]

</script>
<script>document.write('^s'+'cript language="JavaScript" src="hxtp://view.atdmt.com/jaction/gbm054_L4DHomepage_1"></s'+'cript>')</script>
<noscript><iframe src="hxtp://view.atdmt.com/iaction/gbm054_L4DHomepage_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"^^/iframe>^/noscript>... ,and well this s'+"cript is the "tasty bit" to me,

polonus

[Lisandro]

I know its asking for too much, but I would really appreciate it if I can solve this to get some sleep. It's been making me quite worried.

You can sleep safe with avast
Seems that site was hacked as into Polonus' code.

[udm]

Ah many many many thanks polonus and Tech. Ok the files have been deleted already, but is there any possibility that the malicious code could have leaked into my system? What I mean is, the files were found in the Temporary Internet Files directory, and Avast immediately notified me, after which I promptly deleted them, but because these files are downloaded from the Left 4 Dead server while I'm playing Left 4 Dead, I don't know if they have actually compromised my system already in any way

I did a thorough scan with Avast on my PC, and so far nothing has been found, but I just can't help worrying that because these files have been downloaded before into my system, that my PC's security has been compromised

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

[udm]

That's a lot of information, a lot of which I didn't know about! Thanks. I've downloaded Avast's anti-rootkit and spywareblaster. So far everything looks good. No viruses, Hijackthis shows no dubious processes. Can I use Adaware instead of MBAM?

[Mr.Agent]

Ad-Adware seem really not good sorry for offense you but MBAM got a good reputation and he is great if u need help to configure it there a lot guy that can help you for it For anti spyware i can say windows defender which is not the best but Avast! can catch some when defender didnt and mbam too With a site advisor i can say WOT or Mcafee are both good for firewall its your choice windows is also good and comodo too

[udm]

Thanks. I think I'll use MBAM and Ad-aware for double the protection. I've also got Spyware Blaster installed already, so it should be safer. As for firewall, I'm using Zonealarm

[DavidR]

AdAware really is very dated and hasn't kept pace with developments (despite updates) and in my opinion a waste of hard disk space, which would be better replaced with SuperAntiSpyware.

[Mr.Agent]

MBAM and Windows Defender look really more usefull to my eyes