Trojan
#17
This is what its telling me
The requested URL could not be retrieved
While trying to retrieve the URL:
https://g35driver.com/forums/
The following threat was encountered:
The requested object is INFECTED with the following viruses: HEUR:Trojan.Script.Iframer
The requested URL could not be retrieved
While trying to retrieve the URL:
https://g35driver.com/forums/
The following threat was encountered:
The requested object is INFECTED with the following viruses: HEUR:Trojan.Script.Iframer
#19
#20
#21
#22
#27
#28
#30
This is what Norton is telling this is: MSIE ADODB.Stream Object File Installation Weakness
I don't know what this means, but I hope it helps.
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to exploit a remote code execution vulnerability using the RDS.DataSpace Objects.
Additional Information
Microsoft Data Access Components (MDAC) provide components for database access, including functionality for querying local and remote databases of various formats.
The MDAC RDS.Dataspace ActiveX control is prone to a remote code execution vulnerability. This issue exists because the control fails to behave securely when it is hosted on a web page. Sufficient restrictions are not placed on the control to prevent it from performing privileged actions when hosted remotely.
An attacker could exploit this issue to install programs, view, modify, or delete data, or create new user accounts on the computer.
Affected
* Hitachi DA Broker for ODBC 01-00, 01-02
* Hitachi DBPARTNER ODBC 01-00, 01-03, 01-06, 01-11
* Hitachi DBPARTNER2 Client 01-05, 01-12
* Hitachi HITSENSER5 01-00, 01-10, 02-80
* Microsoft MDAC 2.5 SP3, 2.7, 2.7 SP1, 2.8
Response
Workaround:
Microsoft has described various workarounds to help prevent exploitation. Please see the referenced security bulletin for more information.
Solution:
Windows 95/98/ME users should obtain fixes from the Windows Update website.
Fixes are available:
Microsoft MDAC 2.8.0 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 Service Pack 1 (KB911562)
Microsoft MDAC 2.8.0 SP2:
Microsoft Patch Security Update for Windows XP x64 Edition (KB911562)
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Windows Server x64 Edition (KB911562)
Microsoft MDAC 2.5 SP3:
Microsoft Patch Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB911562) - English
Microsoft MDAC 2.7 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.7 Service Pack 1 (KB911562)
Microsoft MDAC 2.8 :
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 (KB911562)
Possible False Positives
There are no known false positives associated with this signature.
Additional References
* CVE-2006-0003
* CVE-2006-3510
* Vulnerability in the MDAC Function Could Allow Remote Code Execution
* Microsoft Security Bulletin MS06-014
* SecurityFocus BID: 10514
* SecurityFocus BID: 17462
* SecurityFocus BID: 18900
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to exploit a remote code execution vulnerability using the RDS.DataSpace Objects.
Additional Information
Microsoft Data Access Components (MDAC) provide components for database access, including functionality for querying local and remote databases of various formats.
The MDAC RDS.Dataspace ActiveX control is prone to a remote code execution vulnerability. This issue exists because the control fails to behave securely when it is hosted on a web page. Sufficient restrictions are not placed on the control to prevent it from performing privileged actions when hosted remotely.
An attacker could exploit this issue to install programs, view, modify, or delete data, or create new user accounts on the computer.
Affected
* Hitachi DA Broker for ODBC 01-00, 01-02
* Hitachi DBPARTNER ODBC 01-00, 01-03, 01-06, 01-11
* Hitachi DBPARTNER2 Client 01-05, 01-12
* Hitachi HITSENSER5 01-00, 01-10, 02-80
* Microsoft MDAC 2.5 SP3, 2.7, 2.7 SP1, 2.8
Response
Workaround:
Microsoft has described various workarounds to help prevent exploitation. Please see the referenced security bulletin for more information.
Solution:
Windows 95/98/ME users should obtain fixes from the Windows Update website.
Fixes are available:
Microsoft MDAC 2.8.0 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 Service Pack 1 (KB911562)
Microsoft MDAC 2.8.0 SP2:
Microsoft Patch Security Update for Windows XP x64 Edition (KB911562)
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Windows Server x64 Edition (KB911562)
Microsoft MDAC 2.5 SP3:
Microsoft Patch Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB911562) - English
Microsoft MDAC 2.7 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.7 Service Pack 1 (KB911562)
Microsoft MDAC 2.8 :
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 (KB911562)
Possible False Positives
There are no known false positives associated with this signature.
Additional References
* CVE-2006-0003
* CVE-2006-3510
* Vulnerability in the MDAC Function Could Allow Remote Code Execution
* Microsoft Security Bulletin MS06-014
* SecurityFocus BID: 10514
* SecurityFocus BID: 17462
* SecurityFocus BID: 18900