Virus warning on A2K pages

DrewDad, is that why some are having problems posting, and getting em post notices?

BM

I've stopped getting the message.

Here's what I found at Symantec (http://securityresponse.symantec.com/avcenter/venc/data/downloader.newest.html):

Trojan.Alwayup
Discovered on: March 17, 2005
Last Updated on: March 23, 2005 03:31:02 PM

Trojan.Alwayup is a Trojan horse that attempts to steal system information. The Trojan also downloads and executes the latest version of itself it on the compromised computer.

Note: Virus definitions dated March 21,2005 or earlier may detect this threat as Downloader.Newest.


Type: Trojan Horse
Infection Length: 36,864 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Virus Definitions (Intelligent Updater) *
March 17, 2005


Virus Definitions (LiveUpdate™) **
March 17, 2005

*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**
LiveUpdate virus definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.

Wild

Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Easy
Threat Metrics


Wild:
Low
Damage:
Low
Distribution:
Low



Damage

Payload Trigger: n/a
Payload: n/a
Large scale e-mailing: n/a
Deletes files: n/a
Modifies files: n/a
Degrades performance: Constant downloading of files may degrade network performance.
Causes system instability: n/a
Releases confidential info: n/a
Compromises security settings: n/a
Distribution

Subject of email: n/a
Name of attachment: n/a
Size of attachment: n/a
Time stamp of attachment: n/a
Ports: n/a
Shared drives: n/a
Target of infection: n/a


When Trojan.Alwayup is executed, it performs the following actions:


Copies itself as %System%\winupdt.exe.

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).


Creates a mutex named "WinUpdtMutex" so that only one instance of the threat runs on the compromised computer.


Uses TCP port 80 to send an HTTP GET request every 10 seconds to the alwaysupdatednews.com domain. The threat will download and execute the latest copy of itself from this domain.


May also send system information about the compromised computer to the alwaysupdatednews.com domain.

I am pretty doubtful that a2k brings you a virus...

It's pretty clear that it was a web page, and A2K was the only page I had up at the time. I suspect maybe an advertiser, since it didn't happen on every page. In any case, it seems to have stopped.

Email files go to the Temporary Internet Files folder as well. However, the description given is not sufficient for me to have any idea where you got that warning from, or even how you came to conclude it was A2K.



If it was from A2K, that is easly the most likely vector.