Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Source of the virus

Created: 20 Jun 2011 • Updated: 20 Jun 2011 | 2 comments

Hi, Earlier today I went to a site named Tip.it to help me figure out something in a game I play and I left with 2 viruses. Upon loading the site I noticed in the bottom left corner of my Firefox browser it tells you all of the sites that are loading as the page is loading, and one of the results was "dual-boxing.com". This is pretty normal, so I thought it was just an ad or whatever until I got virus alerts and messages that said "Web Attack: Suspicious Executable Image Download Detected" from IP address '74.50.25.251'. And I Googled that Ip it linked me to a VPS which at the time was connected with "Dual-Boxing.com", and considering the fact that tip.it was loading dual-boxing.com I figured it was them. I have the virus completely blocked from making more changes to my CPU, and am about to be in the process of removing it but one thing I would like to know is where the virus came from.

I visited dual-boxing.com 2 days after getting the virus and after research I am almost 100% sure that they are not at fault, and tip.it is known to be a trusted site. I would really like to know if there is any info or anything I can share with you guys that can help you find the source of the virus I got?

-Thanks

Discussion Filed Under:

Comments 2 CommentsJump to latest comment

pete_4u2002's picture

within LAN you can get to know thew source using risk tracer.

Joao Costa's picture

Most often these viruses come from poisoned results inserted into ad networks.

Even if you will find the URL of the site that tried to infect you it won't be of much use. These are usually url's registered for that purposed and dumped when they are blacklisted.