hxxp://lakenormanguide.com

Immediately upon visiting Antivir warns about HTML/Dldr.Iframe.DP and I also noticed some sort of Active-X attempt later(?) if you ignore and continue on. I didn't mess with it any further.

My remote user had AVG 7.5, which detected this site but every time I cleaned it, it would not remove the browse tab from IE7. For a while I thought there was some nastier infection but turns out it was AVG interfering so I finally had to go into the registry to get rid of tab that had the site open.

I e-mailed the hosting company about this site but they misunderstood my first e-mail. I replied and put it as plainly as I could.

first, let me say that i am not an "expert", or an "expert-researcher"..

i went to "lakenormanguide.com", but no webpage was displayed, except for the usual "page cannot be found", or whatever it is, so i thought that the website had been taken down.. none the less, i later found that antivir had silently quarantined a file from there.. interestingly, when i tried to delete the quarantined file, i wasn't allowed to delete it, but was told that the file was in use.. i then scanned my computer and antivir flagged the "HTML/Dldr.Iframe.DP" file in "c/documents and settings/all users/avira/antivir/temp/webguard"!

when i looked in the antivir/temp/webguard folder, i couldn't see any file, there.. eventually, i closed "webguard" and "avguard", and i was then able to delete the quarantined file, and the "antivir/temp/webguard" folder was showing as being "empty"..

this kind of ties in with your seeing the tab remaining, in firefox, i think.. it was strange, not being able to delete the quarantined file and finding the "HTML/Dldr.Iframe.DP " file in the "webguard" folder..

i did full scans with various programs and none of them reported anything odd, now..

the "lakenormanguide.com" website is now saying "we have been hacked", so the issue, there, is being addressed.. personally, i wish the problem, there, was still active.. i wanted to report this issue to avira, where the file didn't seem to be properly handled by antivir..

on my computer, i have been noticing that antivir, or antivir's "webguard", has been silently quarantining some files, like the "HTML/Dldr.Iframe.DP " file.. i have adjusted my settings so that maybe that will not continue happening, but, instead, i will always see an alert before anything is quarantined..

Hi. I'm the owner of lakenormanguide.com. I took down the site as soon as I became aware of this problem. A visitor emailed me, and sure enough AVG fired up as soon as I hit the site. I tried to look at the index file to see what was going on but AVG wouldn't allow it so I deleted it, locally and on the server.

FYI, the site is hosted by IPower. All my sites on ipower have been hacked repeatedly, usually using a javascript eval(...) statement to redirect or embed an iframe, they've also used redirects in htaccess.

Thanks to CastleCops for "making cybercriminals unhappy" ... I'd like to see them a lot worse off than unhappy!

-Nigel

P.S. "Boomslang" rings a bell, I just got back from a month in South Africa.

Hi. I'm the owner of lakenormanguide.com. I took down the site as soon as I became aware of this problem. A visitor emailed me, and sure enough AVG fired up as soon as I hit the site. I tried to look at the index file to see what was going on but AVG wouldn't allow it so I deleted it, locally and on the server.

FYI, the site is hosted by IPower. All my sites on ipower have been hacked repeatedly, usually using a javascript eval(...) statement to redirect or embed an iframe, they've also used redirects in htaccess.

Thanks to CastleCops for "making cybercriminals unhappy" ... I'd like to see them a lot worse off than unhappy!

-Nigel

P.S. "Boomslang" rings a bell, I just got back from a month in South Africa.

Hi. I'm the owner of lakenormanguide.com. I took down the site as soon as I became aware of this problem. A visitor emailed me, and sure enough AVG fired up as soon as I hit the site. I tried to look at the index file to see what was going on but AVG wouldn't allow it so I deleted it, locally and on the server.

FYI, the site is hosted by IPower. All my sites on ipower have been hacked repeatedly, usually using a javascript eval(...) statement to redirect or embed an iframe, they've also used redirects in htaccess.

Thanks to CastleCops for "making cybercriminals unhappy" ... I'd like to see them a lot worse off than unhappy!

-Nigel

P.S. "Boomslang" rings a bell, I just got back from a month in South Africa.

Hi. I'm the owner of lakenormanguide.com. I took down the site as soon as I became aware of this problem. A visitor emailed me, and sure enough AVG fired up as soon as I hit the site. I tried to look at the index file to see what was going on but AVG wouldn't allow it so I deleted it, locally and on the server.

FYI, the site is hosted by IPower. All my sites on ipower have been hacked repeatedly, usually using a javascript eval(...) statement to redirect or embed an iframe, they've also used redirects in htaccess.

Thanks to CastleCops for "making cybercriminals unhappy" ... I'd like to see them a lot worse off than unhappy!

-Nigel

P.S. "Boomslang" rings a bell, I just got back from a month in South Africa.

Hi. I'm the owner of lakenormanguide.com. I took down the site as soon as I became aware of this problem. A visitor emailed me, and sure enough AVG fired up as soon as I hit the site. I tried to look at the index file to see what was going on but AVG wouldn't allow it so I deleted it, locally and on the server.

FYI, the site is hosted by IPower. All my sites on ipower have been hacked repeatedly, usually using a javascript eval(...) statement to redirect or embed an iframe, they've also used redirects in htaccess.

Thanks to CastleCops for "making cybercriminals unhappy" ... I'd like to see them a lot worse off than unhappy!

-Nigel

P.S. "Boomslang" rings a bell, I just got back from a month in South Africa.

P.P.S. PHP file type gone in Firefox, each time I click submit on this post I get the file download dialog. Hoping the Firefox update fixes it.

i wish i could get a sample of the malware, to submit to avira..

unless it's something new i've sent a few of these around, and to avira

however i had short access to the page, and then went out and owner had it down right after

but avira was detecting it