We keep getting a box up from our internet security (Avast) telling us it has stopped a trojan horse from accessing our computer. At the same time we are getting a box up which is telling us to scan our computer with Malware Download. by Malwarescan.com. We have been told by Avast it is a dangerous site. We are having trouble shutting the box down and are having to unplug the telephone or restart the computer by cont alt delete and going to shutdown and restart. We have Zone alarm spy blocker installed and thought it would stop this spyware from getting in. Any comments.? Thank Graham

I've started getting exactly the same in the last 2 or 3 days, Norton blocks 'Downloader' but the malware site is 'kin annoying to say the least.

Don’t download anything at all unless you can verify it's genuine, or you'll have only yourself to blame.

Bin Norton it's rubbish, AVG works much better and finds viruses that Norton can't and it's free.

[Edited on 10/1/08 by Mr Whippy]

We don't have norton on this computer but we used to have it on our last one. We never had these problems then. We have only had this computer up and running for less than a week. What security blocker do you suggest to stop this kind of thing happening? We have Avast on at the moment. Graham

my other pc just says 'cannot locate operating system' now when i try to start it up... i don't know why

Don't download anything from malware-scan com whatever you do.
http://www.siteadvisor.com/sites/malware-scan.com?ref=safesearch&client_ver=FF_26.5_6176&locale=en-GB&premium=false&aff_id=0

Can't really advise further, my anti-virus solution is not running windows

quote:

---

Originally posted by iank
Don't download anything from malware-scan com whatever you do.
http://www.siteadvisor.com/sites/malware-scan.com?ref=safesearch&client_ver=FF_26.5_6176&locale=en-GB&premium=false&aff_id=0

Can't really advise further, my anti-virus solution is not running windows

---

This is the same site that tried to upload the downloader.tibs virus to my machine last weekend. DON'T USE IT it is a c8nt to close as it keeps on throwing up another pop up. I got there by trying to use a legitimate site while searching for Belgian Bus travel tickets
I think/hope i've got rid of it as all seems well at the moment. Going to do a scan later on and see.

Text from the first page of the link I provided (it carries on in the same vein. it's a mcafee site by the way)

malware-scan.com
Red Verdict Image

In our tests, we found downloads on this site that some people consider adware, spyware or other potentially unwanted programs.

Are you the owner of this site? Add a comment
User Reviews (27)


page 1 of 3

Learn more about our reviewer system.

Rating: Adware, spyware, or viruses

Posted at 01/04/2008-09:27:38 PM by rallybrendan2008, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: Adware, spyware, or viruses

I didn't download anything from the site, so I don't know if it actually has a virus, spyware, etc. but the site is deceptive at best. When you first come to the site it PRETENDS to be scanning your system and comes up with errors and tells you to download their program to fix them. I can say that it pretends with confidence for a few reasons, but mainly because it shows "Local Disc(C", "Local Disc(D", "DVD-RAM(F" and "Shared Documents". My computer is not configured that way--it's just a canned script trying to scare you into downloading their program. Heaven only knows what it will do once you download it. Don't trust it--run away!

Posted at 11/29/2007-01:38:06 AM by dcm32, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: Adware, spyware, or viruses

(Also directly related to "Phising or other scams" and indirectly to "Browser exploit"

I would like to apologise greatly for my previous error and state that "malware-scan[DOT]com IS a current malware threat.
My analysis was brief and ignorant. After further reviewing this domain, I decided to run it through my own URL scanner in an attempt to locate any sub-pages other than the home page of this domain: It was then that I located "scanner[DOT]malware-scan[DOT]com".
Once I entered this page, I was redirected to the domain of the rogue anti-malware application "MalwareAlarm". Once there, I was subject to multiple browser-incorperated windows, text based, and image based warnings attempting to goad me in to believing my PC was infected with malware.
MalwareAlarm it self was not origionally directly related to the malware-scan domain. However, the fact that I recieved this redirection indicates that the domain: "malware-scan[DOT]com" is still utilised to promote rogue anti-malware applications.

Once again, I apologise profusely for any confusion my previous review may have caused and renounce any "This site is good" ratings submitted on my part towards this particular domain.
----------------------------------------------------------

d4rkr1d3r

Posted at 11/26/2007-12:58:16 PM by darkrider53, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: This site is good

This domain was once utilised to promote rogue anti-malware applications through a deceptive, fake malware scan .swf ("ShockWaveFlash" - "Macromedia Flash/Shockwave" proprietary vector graphics file format) image with with no malware scanning capibilites. This .swf image would then warn the user of non-existant malware infections on thier PC in an attempt to phish thier credit card (or other financial) details.

However, at this moment in time (25th November 2007, 21:02) the domain is simply blank except for a simple phrase: "Welcome to nginx!".

The HTML source of the domain has been analysed and tested for malicious content on a test PC and none could be located.
Here is the page source:

<html>
<head>
<title>Welcome to nginx!</title>
</head>
<body bgcolor="white" text="black">
<center><h1>Welcome to nginx!</h1></center>
</body>
</html>

As you can see, the HTML coding contains simply the phrase mentioned before, which is paralleled in the <title> at the top of the browser window.

"nginx" is a legitimate lightweight, Russian web server/reverse proxy and mail (IMAP/POP3) proxy. nginx is currently employed on 329076 domains (0.26% market share).

Therefore, at this particular moment in time, the domain serves no active threat to the general public and should be dismissed as a threat until it's possible renewal as a malware distributing domain.
----------------------------------------------------------

d4rkr1d3r

Posted at 11/25/2007-03:10:21 PM by darkrider53, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: Adware, spyware, or viruses

this is a bad site. dont trust it.

Posted at 11/18/2007-01:31:42 PM by Zandy190, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: Phishing or other scams

Fake

Posted at 11/18/2007-12:44:01 PM by Terrum, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: Adware, spyware, or viruses

Total Malware site! Attempts to install itself under the guise of 'spyware protection.' This site is a MAJOR RISK and can cause MAJOR HARM.

Posted at 11/13/2007-10:28:57 AM by edwards, Reviewer , View profile [ Reputation score: 1 / 9 ]

Rating: Adware, spyware, or viruses

Another Rough antispyware from RBN

scanner.malware-scan.com/aswp/Install-bTBybmluZ3g-Y3I1X3Vz-MQ.exe

Posted at 10/26/2007-07:33:48 AM by iamthelost, Reviewer , View profile [ Reputation score: 2 / 9 ]


Another rough antispyware from RBN

scanner.malware-scan.com/aswp/Install-bTBybmluZ3g-Y3I1X3Vz-MQ.exe

Posted at 10/26/2007-07:33:25 AM by iamthelost, Reviewer , View profile [ Reputation score: 2 / 9 ]

Rating: Adware, spyware, or viruses

It's a fake anti-spyware site that tries to scare you into buying a useless product. It may also be trying to install itself through a backdoor.




[Edited on 10/1/08 by iank]

A hostageware trojan.
Encountered a PC one similar just before Xmas Antivira sorted it out once pc was booted in safe mode with the system restore turned off.

Usual method is
(1) remove any existing anti-virus software
(2) down load Hijack This
(3) Download Startup List
(4) Download and install AntiVira
(5) Turn off system restore
(6) Boot in safe mode
(7) Run Widows TaskManager (ctrl alt del) and stop any running process that iffy
(8) Run HighjackThis and clear out anything iffy
(8) Install Free Antivira, update it and do a smart scan.
(9) Reboot in normal mode
(10) Turn system restore back on.

Nearly forgot

(11) Install Firefox !

quote:

---

Originally posted by iank
my anti-virus solution is not running windows

---

quote:

---

Originally posted by violentblue

quote:

---

Originally posted by iank
my anti-virus solution is not running windows

---

i've found this to be the best solution as well.

---

quote:

---

Originally posted by Mr Whippy

Bin Norton it's rubbish, AVG works much better and finds viruses that Norton can't and it's free.

[Edited on 10/1/08 by Mr Whippy]

---

quote:

---

Originally posted by Hellfire

quote:

---

Originally posted by violentblue

quote:

---

Originally posted by iank
my anti-virus solution is not running windows

---

i've found this to be the best solution as well.

---

I found this is ok - if you don't want the majority industry standard software that people cant be arsed to write trojans/virii for in the first place. Good in one way but bad in another - I'll persevere with Windoze... oh and firefox and AVG...

Steve

---

quote:

---

Originally posted by Pants On Fire

quote:

---

Originally posted by Mr Whippy

Bin Norton it's rubbish, AVG works much better and finds viruses that Norton can't and it's free.

[Edited on 10/1/08 by Mr Whippy]

---

Uninstalled Norton and put AVG on, turned up 6 threats and Trojans that Norton missed. Ta Mr Whippy!

---

Thanks for all your help we have managed to get rid of our malware in the end with a little help from a friend and spyware called spydoctor. We tried loads of spyware blockers and this was the only one we could get to dispose of it. The files were hidden in drive C and the pig came from Russia in the form of a Trojan Horse. So far no pop ups have got through since we got rid. Touch Wood. Graham