gabrio

site has been cleaned guys, check it out ;-)

just sent you a PM.

and for the note i just did a HJT and i found these, so i still had some minor stuff, deleted now: O20 - AppInit_DLLs: karina.dat O20 - Winlogon Notify: wvUkHWMG - wvUkHWMG.dll (file missing) i remember this KARINA.DAT from the previous cleaning.... jeesus

this thing i have outlined does NOT Exist now when i check the "source" with IE7.

well i ran lots of checks and the code is clean, then i have upgraded my computer to IE7 and the problem disappeared, i had the site's scripts checked and they are clean, in fact i got the malicious code showing in the code, BUT only when loading the site and then checking the TEMP files... if i check the code i have here oin my hdd (that i load onto the server) it's 100% clean, so what i want to say is that i am almost 99% sure that it was a flaw of IE6 which was triggered with my website for some resaon, but the site itself is clean or they must have hacked the script but that's not the case most likely since after running IE7 now i am fine. i found out that there was a script in the code but ONLY when i was still infected, let me paste this.... i ONLY seen this when i was infected... so tech people on this? on the website there is one script that rotates the thumbs (smart thumbs) and one script that manages traffic (Arrow trader lite III)

hello there i am going insane since yesterday with this issue, basically when i visit my website - sorry guys it's a porn website[site removed by moderator] - if that's a problem for you i am sorry, but i can assure that it's 100% clean since I MADE IT and in fact that is what drives me nuts since at this point i am not sure whether its database has been hacked or anything...basically when i visit the site, it loads a little and then i get a warning from Mcafee that an applet has been downloaded and a malicious script (java i guess) has been detected but of course it can't stop it and then it just restarts the computer and on the next restart it's right there and i get the trojan installed and it tells me that my computer is infected and all bla bla bla... anyway the applet is called "maniman". now when i run Malwarebytes, it gets the infection and cleans it but EVERY TIME i go to my website, i catch it again... now thing is that i had the site checked from friends and they didn't have problems, so i guess that it's a problem of my local machine?? this is the report of the scan after cleaning: Malwarebytes' Anti-Malware 1.24 Database version: 1030 Windows 5.1.2600 Service Pack 3 8.15.27 07/08/2008 mbam-log-8-7-2008 (08-15-25).txt Scan type: Quick Scan Objects scanned: 42649 Time elapsed: 2 minute(s), 29 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\karina.dat (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\winivstr.exe (Rogue.Installer) -> No action taken. C:\Documents and Settings\Gabrio\Local Settings\Temporary Internet Files\Content.IE5\I6NDXU2R\Install[1].exe (Rogue.Installer) -> No action taken. C:\WINDOWS\system32\buritos.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken. C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\buritos.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Gabrio\Local Settings\Temp\us0105.exe (Trojan.Agent) -> No action taken. can anybody help me a little bit? this is frustrating as i need to work with this machine i have been trying some online scans as well thanks! Gabrio