Java shows as malware

Status
Not open for further replies.

Deaver

SatelliteGuys Family
Original poster
I'm using my work computer at home, since they've up the virus scan settings everytime I come to this forum, I get 'malware' warnings. These messages get sent back to the home office and then they call me and tell me i'm 'infected'. I'm going to have to resort to only coming by on weekends, when I have my home computer (I spend the week on the road).

I'll have to catch up with the site on the weekends, thanks guys.
 
yep, I'm getting crazy alerts all of a sudden too

here's the alerts

Connections aborted JS:pDFKA-YD exploit detected in iexplore.exe process
also detecting as JS:pDFKA-WK exploit
 
Last edited:
Interesting...

The only Java on the homepage was the Blogtalk Radio player (which I am sure is not malware) but to be safe I disabled it.

Let me know if you get any warnings.
 
I'm sure it's not malware, just a false positive, but all of a sudden it's causing my AV to trip up.
 
MalwareBytes is blocking the following IP

17:50:55 Greg IP-BLOCK 217.23.13.45

Happens each time I navigate to this site.

Looks to be a website in the Netherlands....


According to DSL Reports =-===========

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
 
damn, it's back for me. 2 alerts for different exploits every time I load a page. Happening on 2 different PCs.

Here's my log for today since it started. Other PC is showing same stuff, these were from loading the main forum page and the home page and a couple times loading the pub members forum

2/24/2010 6:16:24 PM http://koren.in/x/pdfnew.php?src=tb&id=766 [L] JS:pdfka-YD [Expl] (0)
2/24/2010 6:16:25 PM http://koren.in/x/pdf.php?src=tb&id=766 [L] JS:pdfka-WK [Expl] (0)
2/24/2010 6:16:46 PM http://koren.in/x/pdf.php?src=marcos&id=bomba [L] JS:pdfka-WK [Expl] (0)
2/24/2010 6:16:46 PM http://koren.in/x/pdfnew.php?src=marcos&id=bomba [L] JS:pdfka-YD [Expl] (0)
2/24/2010 6:16:47 PM http://koren.in/x/pdf.php?src=marcos&id=bomba [L] JS:pdfka-WK [Expl] (0)
2/24/2010 7:36:26 PM http://koren.in/x/pdfnew.php?src=tb&id=766 [L] JS:pdfka-YD [Expl] (0)
2/24/2010 7:36:27 PM http://koren.in/x/pdf.php?src=tb&id=766 [L] JS:pdfka-WK [Expl] (0)
2/24/2010 8:19:44 PM http://koren.in/x/pdfnew.php?src=tb&id=766 [L] JS:pdfka-YD [Expl] (0)
2/24/2010 8:19:45 PM http://koren.in/x/pdf.php?src=tb&id=766 [L] JS:pdfka-WK [Expl] (0)
2/24/2010 9:18:38 PM http://koren.in/x/pdfnew.php?src=tb&id=766 [L] JS:pdfka-YD [Expl] (0)
2/24/2010 9:18:39 PM http://koren.in/x/pdf.php?src=tb&id=766 [L] JS:pdfka-WK [Expl] (0)
 
I think I got it. I have gone through the source code on two machines loged in as different test users accounts.

There was an update to an ad display program that I installed last night, but after I installed it I realized that we were no longer using that one and didn't do more with it. (It was installed but not turned on) It has now been uninstalled.

Lets hope that it as that and the blog talk radio are the only two changes made to the system over the past few weeks. :)
 
yep, looks like it went away hopefully for good. Both of the PC's I'm using right now aren't showing any issues.
 
Thank god!

Well at least I know what rouge program has been giving us these issues the past few months. (This has happened a few times)

I am sorry guys. Thanks for helping me kill it.
 
Hi Scott, glad I wasn't the only one, I just had to stop by and look up some info and saw everyone else was posting. I didnt' get any message when I loaded up this time.

THANKS!! now i can surf the forum again.
 
What pisses me off about this one is the code was smart so its not seen by any of the staff accounts. While I do check the site once a day from a non staff account, normally he only way I find out about these is from your reports.

Again my apologies. :(

I am going to stay up for a few more minutes and make sure we are good.
 
Status
Not open for further replies.
***

Users Who Are Viewing This Thread (Total: 1, Members: 0, Guests: 1)

Who Read This Thread (Total Members: 1)

Latest posts