Virus adds javascript to sites

I've got a little problem. A virus, or some kind of malicious script is appending the following code to all the sites that Firefox and IE browse to. This does not occur with Chrome or Safari.



I'm running NoScript on Firefox so it's being blocked, but I would very much like to remove it.

I've run a thorough virus scan with Avast and an Adware scan with Ad-Aware, both with the latest updates.

I know this probably isn't the best forum for this kind of problem, but I thought you might have a good idea about the files that might be affected and I can repair.

Does it always add it to the cgi-bin directory?

Feedma.com isn't my directory, or the directory of the site I'm viewing. It just adds the script reference (from the feedma site) to all the pages I view.

This very page I've right clicked -> View Source, and it's the same as above - the extra line is at the very end.

Be sure to run your AV/malware/spyware solutions of choice - looks like a popup ad script to me.

But thanks for helping

Thanks for the advice I had mbam in my downloads folder, never installed.

Starting a full scan of drives C, D, E, F, G, H, J and I. Only 4tbs to go.

Edit: 9 objects infected already. Yay!

In the mean time, maybe add feedma.com to your hosts file pointed back at localhost so you can browse freely.

Good call joebert. I forget about this, but I use my hosts as a cross-browser ad blocker since I swap around a lot. This site has a list that's updated pretty often.

@alex

I love thinking of things before you guys do

@UPSGuy

My most sincere apologies (Don't worry, I've got plans to make one that scans all 3 instantly with a 100% success rate)

13 objects found after 12 minutes of scanning. Should have got a mac.

I love it when people make comments like this, I find it hilarious. I haven't run an anti-virus, anti-malware, or anti-anything software on any of my home computers in years and I haven't caught a virus or anything malicious during that time. I do run a hardware firewall though. I also have two kids using those PC's and nothing. People like to point fingers at Microsoft and say it is their fault but it isn't. Most of the time it is your fault you got a virus. You clicked on something you shouldn't have, you opened an attachment you shouldn't have, or whatever. The bottom line is, you did something not Microsoft.

Naw, stick with computers.

I love it when people get cocky and end up with VIRUSES ON THEIR COMPUTER because they don't want to listen.

Noscript for Firefox, nice. How does that help you as far as IE or the thing you probably have running in the background looking for nasty updates ?

What I want to know, is how is this thing making that line show up in the HTML source you're viewing ?
Are you sure you're not going through a proxy that's adding it or something ?

I would think that if something's hijacking the page inbetween the time it gets to your computer, to the time it gets saved to the HTML cache and displayed, ALL browsers would be affected.

Quote from Alex89



A .com is domain, it's never a directory. The code you posted showed the script in the cgi-bin directory which is why I asked about that particular directory. How did the virus writers get write access to your cgi-bin directory?

I think Alex meant it was a directory site. As in a link exchange directory kind of thing(I'm not going to look, personally). The URL is for THEIR cgi-bin. The virus is inserting that snippet into all the sites he views.