FAUST.

[Suu]

Not sure. Avast sure as hell didn't catch it on the way in.

[Faust]

Not sure. Avast sure as hell didn't catch it on the way in.

You caught it yesterday? Any idea if it was from here, normally projectw are pretty damn stringent on their adverts. In fact, I think they make them for the advertisers, they cant alter the code, just up an image.

[Suu]

To be honest, now I'm not completely sure. I'm just a bit wiggy now considering I'm finishing up my final paper. I'm opening my task manager and going, "OMG OMG OMG WHAT'S THAT" and then remembering it's a normal file. 

Viruses are proof that you shouldn't give nerds wedgies in middle school.

[Richter]

Viruses are proof that people will be vindictive fucks in any situation, and not have the skill or tact to only punish the wedgie-er when the opportunity to shit in the well comes up.

[Faust]

To be honest, now I'm not completely sure. I'm just a bit wiggy now considering I'm finishing up my final paper. I'm opening my task manager and going, "OMG OMG OMG WHAT'S THAT" and then remembering it's a normal file. 

Viruses are proof that you shouldn't give nerds wedgies in middle school.

Email that file to yourself, and dropbox it, and whatever other backups you have.
Not because you need that redundancy, but so that you never need to worry about it.

[Triple Zero]

Hrm, The eek a poo page seems clean, its just a web comic and there is nothing funny in the source code.
The IP you gave leads to a page that just has the words Welcome to nginx! on it. Nothing fancy in the code but could have nasty stuff elsewhere on their site. I don't know how

"Nginx" is webserver software, just like Apache or IIS. You probably get that message when you surf to an IP instead of a domain name, because depending on configuration sometimes the server needs to look at which hostname is being requested to know which page it needs to serve (if multiple domains are served from one server with one IP), and then if you use the IP, it gets no hostname, so it gets confused and displays a "welcome!" page instead, because it thinks that you haven't configured the server yet, so you must be new here and wants you to feel welcome to using its humble software to run your server.

[Faust]

Hrm, The eek a poo page seems clean, its just a web comic and there is nothing funny in the source code.
The IP you gave leads to a page that just has the words Welcome to nginx! on it. Nothing fancy in the code but could have nasty stuff elsewhere on their site. I don't know how

"Nginx" is webserver software, just like Apache or IIS. You probably get that message when you surf to an IP instead of a domain name, because depending on configuration sometimes the server needs to look at which hostname is being requested to know which page it needs to serve (if multiple domains are served from one server with one IP), and then if you use the IP, it gets no hostname, so it gets confused and displays a "welcome!" page instead, because it thinks that you haven't configured the server yet, so you must be new here and wants you to feel welcome to using its humble software to run your server.

Ah so if its not linked up to a domain then its probably doing something else malicious in communication with the virus on suu's machine.

[the last yatto]

91.217.162.176

Google fu returns reports of it hosting dm3.exe


And

http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=91.217.162.176&submit.x=0&submit.y=0&submit=Search

Contact info

[Triple Zero]

Hrm, The eek a poo page seems clean, its just a web comic and there is nothing funny in the source code.
The IP you gave leads to a page that just has the words Welcome to nginx! on it. Nothing fancy in the code but could have nasty stuff elsewhere on their site. I don't know how

"Nginx" is webserver software, just like Apache or IIS. You probably get that message when you surf to an IP instead of a domain name, because depending on configuration sometimes the server needs to look at which hostname is being requested to know which page it needs to serve (if multiple domains are served from one server with one IP), and then if you use the IP, it gets no hostname, so it gets confused and displays a "welcome!" page instead, because it thinks that you haven't configured the server yet, so you must be new here and wants you to feel welcome to using its humble software to run your server.

Ah so if its not linked up to a domain then its probably doing something else malicious in communication with the virus on suu's machine.

I was assuming it's just not set up to serve a webpage when connected via a raw IP. Kind of in the same way as how with some sites you must visit http://www.domain.com but http://domain.com gives an error cause they forgot to configure it. Or the other way around. The point is, it points to a configuration error / oversight, not necessarily that it's hosting a virus.

Um so yeah the point is to figure out what domain name(s) are set up for that IP, because then possibly the server would click and remember it's supposed to serve a website not a server welcome screen. So Reverse DNS Lookup!

... Well, I tried a couple of reverse DNS tools, but they give no hostname for that particular IP, and that is fishy. Because usually at least an IP has some hostname corresponding to their webhost or ISP or something, and the RFCs* say every IP should have at least one hostname.


* RFC = "Request For Comments" is a collection of documents (some over 20 years old) that describe the Protocols of HTTP, TCP/IP, The Internet and Everything. It's the Rules.