next »

[akaro]

My KIS 2010 detects a malicious url on main 110mb.com page in "connect with friends" section:
Please DO NOT OPEN them:

Code:

http://r1rk9np7bpcsfoeekl0khkd2juj27q3o.friendconnect.gmodules.com/gadgets/ifr?url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fmembers.xml&container=peoplesense&parent=http%3A%2F%2Fwww.110mb.com%2F&mid=0&view=profile&libs=opensocial-0.8%3Askins&v=0.444.1&lang=en&communityId=01898783130854715924&caller=http%3A%2F%2Fwww.110mb.com%2F

The login page tries to open another malicious url :

Code:

http://hit.clickaider.com/pv?lng=175&&lnks=&t=110MB.com%20-%20Free%20Hosting%20Site%20Everyone%20Loves!&c=6e5ac7a7-608&r=http%3A%2F%2Fwww.110mb.com%2F&tz=180&loc=http%3A%2F%2Fwww.110mb.com%2Flogin.php&rnd=5609

why is that?

[Richard F]

My guess would be that you have a piece of malicious software on your computer. Quite often adware or spyware puts stuff like that into your websites.

[ultimatebuster]

Scan for viruses. I doubt that 110mb got infected. Some malicious software maybe injecting ad code onto webpages. Check the source and see if you find any similar code on other sites

[EpicCyndaquil]

No, listen to what he says guys. I noticed this too as soon as I updated to KIS 2010.

It claims malware is what it links to. 110mb should be wary of this.

[Piotr GRD]

As far as I know - gmodules.com and clickaider.com are safe.
So we can assume that subdomains of it are safe, too.
Possible that Kaspersky is giving false positive.

If so - 110mb AND ESPECIALLY Google and ClickAider should be aware of this and talk with Kaspersky team about.

[andre]

Clickaider removed.

[EpicCyndaquil]

Clickaider removed.

AH HA! So it was something malicious! Thanks for doing something about it Andre.

[baby-boomer-rock-and-roll]

I was looking for a way to turn off radarurl (there is no option for this in my profile) Anyway I was looking in file manager and I looked in some files put there by 110mb and one file I clicked on was called "editor_images" and within this was a file called "bbutton_3.png" and when I clicked this Avast popped up with a warning :

file name - http://autoonline-advisor.us/
Malware name - HTMLIframe-inf
Malware type - Virus/Worm

AND

File Name - http://updatedownloadcenter2.com/news.php
Malware name - JS:Downloader-EK [Trj]
Malware type - Trojan Horse
VPS version - 090927-0, 09/27/2009

I just clicked abort and got outa there. Is this something 110mb should know about ? Does it mean my site is infected and spreading this stuff ?

BTW I never did find a way to turn off radarurl.

[Clookster]

Clickaider removed.

AH HA! So it was something malicious! Thanks for doing something about it Andre.

Not necessarily, but if every antivirus/antispyware/... gives a false positive on it, people will start losing trust in 110mb, because 90% of the people does not even know what a false positive is and blindly trusts their protection software... hence it's was better to remove it.

Note that I'm not saying it is malicious or not... just saying that you don't have to say it is if you're not sure, but just thinking that...