virus in oembios.net page?


OEM A.C.T. (OEM Activation Control Technology)
This is a method that allows you to create a Windows XP Setup disk that has Multiple Manufacturer oembios.* files on it. During installation a script is run that determines what oembios.* files are needed for the system so that you will have a pre-activated install. This will help lessen the times that you need to call Microsoft for activation. :D

virus in oembios.net page?

Postby kd6aaj » Mon Sep 10, 2007 1:38 pm

I didn't know where else to post this.

AVG won't let me open the oembios.net site, says there is a virus. I guess that's why I haven't been able to go there for a while.

Can someone verify this for me?

kd6aaj
You do not have the required permissions to view the files attached to this post.
kd6aaj
Member

Posts: 30
Users Information
Joined: Mon Sep 03, 2007 11:38 am

Postby Siginet » Mon Sep 10, 2007 2:09 pm

I am using nod32 and I have no problems on the site. You may have a virus on your computer that is activating when you go to some websites.
Image
Windows XP PowerPacker Reviewed in PC-Quest & PC Utilities magazines!
RVM Integrator Reviewed in CPU magazine and Maximum PC!
--Siginet--
User avatar
Siginet
Senior Member

Posts: 1445
Users Information
Joined: Sat May 06, 2006 3:24 pm

Postby kd6aaj » Mon Sep 10, 2007 2:13 pm

Running full scan with AVG now...
kd6aaj
Member

Posts: 30
Users Information
Joined: Mon Sep 03, 2007 11:38 am

Postby mr_smartepants » Mon Sep 10, 2007 2:31 pm

I run Symantec Client Security (corp) 3.1.6, no problems here.
mr_smartepants
Senior Member

Posts: 536
Users Information
Joined: Sat Feb 03, 2007 2:06 am

Postby kd6aaj » Mon Sep 10, 2007 7:04 pm

kd6aaj wrote:Running full scan with AVG now...


I have AVG Antivirus, AVG Antispyware, Zone Alarm Security Suite (Anti Virus turned off to not conflict with AVG), and Spybot Search and Destroy all running.

There is definitely some sort of script embedded in the web page.
Virus scan only shows it when I go there.

If I allow scripts, the page is just blank.
If I deny scripts, the page loads. If I try to save the page or view the source, AVG antivirus pops up with message saying http://www.oembios.nt/index.html is infected with the JS/Psyme Trojan Downloader.

So was http://www.oembios.net/filesets.

The only clue I have is from clicking on "view/privacy report" on the IE tool bar, and seeing "http://127.0.0.1:1025/js.cgi?pa&r=19264"

In case you wondered, this page (http://www.siginetsoftware.com/forum/newreply.php?do=newreply&p=1989) lists http://127.0.0.1:1025/js.cgi?pa&r=29658

Right now my internet
settings are on medium/custom (prompting to run scripts).

I researched it, and the JS/Psyme Trojan is a javascript trojan that is embedded in web pages (source: Symantec, Kasperspy, Grisoft).

I guess AVG just reacts differently than other anti virus software.

I noticed from day one that it took a long time to download from oembios.net, and I have a cable modem. Most downloads timeout.

Can someone check the oembios.net site more thoroghly?
kd6aaj
Member

Posts: 30
Users Information
Joined: Mon Sep 03, 2007 11:38 am

Postby mr_smartepants » Mon Sep 10, 2007 11:46 pm

JS/Psyme-AN attempts to load a web page infected with Troj/Psyme-AN by creating a new object element within the current document/HTML page with a DATA= attribute with a value such as:

<unknown URL>//index.chm::/index.html

where index.chm is a compiled HTML help file containing index.html and index.html is an HTML file containing the Troj/Psyme-AN script.


Well, checking the source code for those webpages doesn't turn up any ".chm" or "data=" attributes. My guess is a false positive.
mr_smartepants
Senior Member

Posts: 536
Users Information
Joined: Sat Feb 03, 2007 2:06 am

Postby eiffel » Tue Sep 11, 2007 8:34 am

Seems however to be an problem with the page. I've tried also after reading this and yes, my Norton Antivrus saids about an Downloader virus.
Usually I visit the page about once a month and no problem until today.
eiffel
Junior Member

Posts: 1
Users Information
Joined: Thu Apr 19, 2007 2:35 am

Postby Bezalel » Tue Sep 11, 2007 10:45 pm

I am having problems with my host (I think a process on the server is injecting the JavaScript in my pages) and am working with them to resolve it. As of now there shouldn't be any trojans on the site.
Bezalel
Junior Member

Posts: 2
Users Information
Joined: Tue Sep 11, 2007 10:42 pm

OEMBIOS.NET is now Virus Free again!!!

Postby kd6aaj » Wed Sep 12, 2007 2:24 am

Bezalel wrote:I am having problems with my host (I think a process on the server is injecting the JavaScript in my pages) and am working with them to resolve it. As of now there shouldn't be any trojans on the site.


Thanks for the quick action, Bezalel!

I can now go there with no problems.

I guess that server had a problem.

Best wishes,

kd6aaj
:)
kd6aaj
Member

Posts: 30
Users Information
Joined: Mon Sep 03, 2007 11:38 am


Return to The OEM A.C.T.

Who is online

Users browsing this forum: No registered users and 1 guest