Chame1eon
06-06-2007, 02:49 PM
Maybe a year ago in the ebaums world forums I saw a post about someone who was taken to adult freind finder every few times he went to ebaums world via the google link. I googled ebaums world and maybe every 5th time i clicked the link i was taken to someipaddress/aff which took me to something resembling the adult freind finder adds you see on some web pages.
When i went back to the forum his post was deleted. So i made one and that was deleted. I kind of forgot about it untill recently while looking for more information about this fine product (http://emuse.ebaumsworld.com/video/watch/95).
Maybe every 5th time I click on the link I'm taken to http://85.255.117.**,
frequently, but not always http://85.255.117.36/riff_last.bin where nod32 blocks a download of a variant of Win32/TrojanDownloader.Ani.Gen trojan.
Sometime times there is a different form of malware.
That ip adress is on a list of false dns servers.
this is the adress maxthon saved when i closed the browser:
http://85.255.117.36/ind.htm?src=28&surl=ebaumsworld.com&sport=80&suri=%2F
If I type Ebaumsworld.com into the address bar I am always taken to one of thier address eg 8.7.232.0.
When I first discovered this i scanned with nod32 adaware symantec security check , houscall, spybot and hijack this.
My pc has no symptoms of a malware infection.
This has apperently been going on for a while.
I don't understand why I am taken to a completely different ip address from google than I am if I jsut type the adress.
Any ideas?
When i went back to the forum his post was deleted. So i made one and that was deleted. I kind of forgot about it untill recently while looking for more information about this fine product (http://emuse.ebaumsworld.com/video/watch/95).
Maybe every 5th time I click on the link I'm taken to http://85.255.117.**,
frequently, but not always http://85.255.117.36/riff_last.bin where nod32 blocks a download of a variant of Win32/TrojanDownloader.Ani.Gen trojan.
Sometime times there is a different form of malware.
That ip adress is on a list of false dns servers.
this is the adress maxthon saved when i closed the browser:
http://85.255.117.36/ind.htm?src=28&surl=ebaumsworld.com&sport=80&suri=%2F
If I type Ebaumsworld.com into the address bar I am always taken to one of thier address eg 8.7.232.0.
When I first discovered this i scanned with nod32 adaware symantec security check , houscall, spybot and hijack this.
My pc has no symptoms of a malware infection.
This has apperently been going on for a while.
I don't understand why I am taken to a completely different ip address from google than I am if I jsut type the adress.
Any ideas?