# NOD32 picking up on a URL in the site code.



## Jesterace (Sep 13, 2008)

Is there a reason for this link? NOD32 has just started notifying me that it's blocked this link. Almost looks like a referral type link hidden in the website code. 

CODE

I get the alert on every page I visit on this site, wierd.


----------



## Maikel Steneker (Sep 13, 2008)

Doesn't do anything for me. Using Firefox 3.0.1 on Ubuntu 8.04.1.


----------



## Dack (Sep 13, 2008)

There is something going on. I just got the flash attempt at downloading the "Antivirus 2008" fake virus a minute ago. Acrobat kicked off to try and install it.


----------



## Jesterace (Sep 13, 2008)

Yeah, There's something there, I get it with Firefox and Chrome, haven't tried IE yet.


----------



## Minox (Sep 13, 2008)

I'm getting the exact same result with NOD32 and Firefox 3.01 and I only get this problem when visiting Gbatemp.


----------



## FAST6191 (Sep 13, 2008)

I will leave the web coding to the people that know what they are doing but confirmed that something is up.
Anyhow I was playing around with firebug (realtime website editor plugin for firefox) and it displays left of the My Controls · View New Posts part.

I checked on the site and it is not too good either.

If you are especially concerned "search-you-need.com" resolves to 58.65.234.77
You can add that or search-you-need.com to your hosts file (make sure it goes to localhost (127.0.0.1 = localhost) or some other harmless IP.

http://accs-net.com/hosts/how_to_use_hosts.html (there is bound to be a better guide somewhere but it will get the job done)


----------



## Prime (Sep 13, 2008)

Shiro786 said:
			
		

> I can vouch for this dude too.
> 
> 
> 
> ...



Your not the only one:

http://gbatemp.net/index.php?showtopic=104818

I posted that topic before seeing this btw


----------



## Minox (Sep 13, 2008)

I'm not getting that message anymore for some reason and I can't find it in the source where it used to be.


----------



## Prime (Sep 13, 2008)

Well it has stopped for me just after I posted that reply


----------



## shaunj66 (Sep 13, 2008)

The site has been compromised, unfortunately. I'm on it now. 

I've removed all traces I could find of Search-You-Need. 

Please continue to be vigilant and report any other oddities in this thread.


----------



## Prime (Sep 13, 2008)

Thanks shaunj66 it was really bugging me


----------



## Salamantis (Sep 13, 2008)

shaunj66 said:
			
		

> The site has been compromised, unfortunately. I'm on it now.
> 
> I've removed all traces I could find of Search-You-Need.
> 
> Please continue to be vigilant and report any other oddities in this thread.


Do you mean it was hacked? What happened?


----------



## AndreXL (Sep 13, 2008)

I've been using Adblock Plus with:
#IFRAME(width=1)(height=1)
Maybe, that's what keeping me from seeing this issue. Good thing I guess.
[edit]
The issue is width and height on 0. I guess I just missed it then...


----------



## DeMoN (Sep 13, 2008)

Had a similar (or the same) problem with Kaspersky AV a while ago but it seems to have disappeared now.


----------

