Virus from Yahoo News

Clicked on a link in Yahoo news section about the Dalai Lama. About as innocent as a link can get. Avast triggered, the file was not executed, no harm done. Here is the avast log. ESET online is running now.

1/26/2010 6:40:13 AM	SYSTEM	1640	Sign of "JS:Pdfka-TW [Expl]" has been found in "http://ditrnbibarsp.com/kav/kav1.exe/oHdfbc1b88V0100f070006Rd9f71314102T94e2cf1f201l0409K57868056317" file.

Avast and Powershadow had my back. Use a virtualizer app!

According to my ISP "ditrnbibarsp.com" doesn't exist so whatever this code was for it wouldn't had worked anyway.

Richard S.

According to my ISP "ditrnbibarsp.com" doesn't exist so whatever this code was for it wouldn't had worked anyway.

Really? I can ping it at 216.146.35.99, for which whois lists contact info as Manchester UK.

Edited: but a few minutes later I can't ping it at all!

Ah, just done a reverse look-up on that IP and it comes up: 216.146.35.99 is nx-redir.dyndnsinternetguide.com.

I use dyndns' dns servers ... ignore my previous post methinks! I can't find any look-up info for that domain.

It's probably been blacklisted by my ISP then:

> ditrnbibarsp.com

Server: cache1.service.virginmedia.net

Address: 194.168.4.100

*** cache1.service.virginmedia.net can't find ditrnbibarsp.com: Non-existent domain

>

Richard S.

The original link in the yahoo news panel was gone when I got hooked back up to net about three minutes later. Looked for it on yahoo for a while, was just gone. Google has information about the url and the exe file. Whatever it was it woke up avast pretty quick.

Might that be Manchester, New Hampshire, USA?

I was getting that annoying popup selling phony malware detection when reading Yahoo comics, so started reading (the same) comics in comics.com

Malwarebytes, Avast, Defender, Spybot all report my pc is clean.

It's probably been blacklisted by my ISP then:

Most likely and for very good reason. Here's the Norton Safe Web statistics of that bad site:

http://safeweb.norton.com/report/show?url=ditrnbibarsp.com

Edit:

It's a good ideal to block that domain in the Windows HOSTS file.