Website causing problems (AcroRd32.exe)- Please help

[h@ck3r]

A few members have reported over the last week that when they come on my website, their antivirus suite is issuing a warning that there's a virus on my site.

Nod32 is not showing any problems when I view the site- However.. when you go onto this site AcroRd32.exe starts, and it's hogging up memory resourses big time.

See screenshot on my PC:

Only things I've installed lately are:

Dock in Rock
Classifieds
VBTubePro

Any help will be most appreciated with this, before I start losing valued members

 

[h@ck3r]

Found the answer top this problem by myself.. seems there's a problem with DockInRock!!

I would advise nobody uses this: http://www.vbteam.info/vb-3-8-x-add...ions/19288-dock-rock.html?highlight=dock+rock

I changed my header/ navbar coding back to normal, and it still triggered acrobat reader... but I then removed the files from my server that makes dockinrock work, and the problem has been fixed.

Possible trojan/ virus? Maybe a mod/ admin can look into this.

Thanks

 

[snoopdo2g]

Wow if that's the case, i won't install it lol...
i was just gonna download it and install. but i think im gonna wait untill mod/admin answer as well.

 

[h@ck3r]

Just came across this on Milw0rm:

http://milw0rm.com/exploits/8595]Affected[/url] Version : Acrobat Reader 8.1.2 - 9.0
Vendor Patch : Adobe - Security Advisories : APSB09-04 - Security Updates available for Adobe Reader and Acrobat
Tested On : XP SP2 / SP3

from ZDI : Zero Day Initiative

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations
of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a
malicious web site or open a malicious file.The specific flaw exists when processing malicious
JavaScript contained in a PDF document. When supplying a specially crafted argument to the getIcon()
method of a Collab object, proper bounds checking is not performed resulting in a stack overflow.
If successfully exploited full control of the affected machine running under the credentials of the
currently logged in user can be achieved.

This vulnerability was discovered by:

Tenable Network Security (here is a man named Nicolas Pouvesle and we know == > he have lots of exploitation method )

Exploit By : Security Researchs

note : this exploit is just for purpose so shellcode will execute calc if you want other shellcode change shellcode .

Exploit Link : http://abysssec.com/Adobe.Collab.getIcon().pdf
Mirror Link : http://milw0rm.com/sploits/2009-Adobe.Collab.getIcon.pdf

# milw0rm.com [2009-05-04]

I've had reports from some members that when they come to my website, their internet security software is saying my website's a 'malicious site'.

Can anyone tell me what I need to do to remove this problem?

I've posted an update here: http://www.vbteam.info/programming/22454-someone-hacked-my-website.html#post104475

 

[El Intocable]

I have try this Mod with diferent antiviruses like AVG, Nod32, Kapersberry, and no problem, Did you install something else?