ccount open admin panel creates popups from ads1.revenue.net

[gspeer]

Script URL: www.cpcldf.com
Version of script: 1.2 (assumed, as started using it in 2008, and 1.2 was released in 2007)
Hosting company:
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution:
ccount pop-up
ccount popup
ccount pop up

Write your message below:

1) I have used ccount now for 2 years (since 4/2008). It has worked great. But recently, now, when I open my admin panel, I get a popup from:
(link removed)

I use System Mechanic Pro version 9.5 for my firewall and virus protection. I have popups blocked, but this one sneaks thru.

2) I also get a virus 'infection' (as noted by System Mechanic) with the infection name of HTML/IFrame.gen. Infection type of 'security exploit'. Action taken 'blocked'

Any ideas on how to block this popup?
is there a possibility of a virus?

THANKS

[Klemen]

This is not a part of CCount, you probably have a virus/adware/sypware installed on your PC.

You should check your computer for viruses and spyware:
http://www.lavasoft.com/
http://www.free-av.com/

Or take your PC to your local computer repair to have it checked.

[gspeer]

I ran my antivirus scan. It found the IFRAME infection and quarantined it. I reboot. But when I open my admin panel at www.cpcldf.com/ccount, I STILL get the popup! (the good news is that my antivirus program does not detect any infection any more when I open the admin panel, like it did before...)

[Henrie]

If you notice the link you posted, it has an added comma at the end. This is the link that leads to the spammed page. When i remove the comma and follow the link to www.cpcldf.com/ccount i get the following message

It seems you were not fully succesfull in removing it.

The message (in dutch language) says:
Trojan horse found.
Filename: http://cpcldf.com/ccount/
Malware name: HTML:IFrame-CC [Trj]
Malware type: Trojan horse
VPS version: 100129-0, 29-01-2010

I wish you succes with removing it.

Greetings,
Henrie

[Klemen]

The infection is in your web site. You should re-upload a clean ccount index.php file to the server and if it's still there then either your hosting company is adding Javascript to your pages or you have an exploit running on your server.

[gspeer]

Did you run avast against the website? I presume your personal computer was clean... where is this virus (on the website server???)

Also, your 'picture' was helpful, but it overlaid some of the text message you sent me. I cannot read all of your notes...

thanks

[Henrie]

I did not run it specifically against the website. It is always monitoring my web browser with the Web Shield function.

The screenshot is not overlaying any text. I cut of the screenshot a little to high. The partial text you see at the top is of my file manager Total Commander.

And i may hope i have a virus free computer. I don't run the true time virus scanner for fun.

[gspeer]

Thank you for your suggestion... I re-uploaded a clean ccount index.php file to the server. I no longer get the popup...

(fyi... the comma at the end of my website was manually entered as part of sentence structure... I REALLY mean www.cpcldf.com/ccount (without the comma)

I do not have a Web Shield function... could you please trying going to the website again and see if your Web Shield function comes up with any virus? If it is clean, then I am back in business... WITH MUCH MUCH THANKS AND APPRECIATION. Please let me know what you find...

[Henrie]

Hello gspeer,

No alarm bells ringing anymore when i visit http://cpcldf.com/ccount/
All seems well from my end.

Greetings,
Henrie