Giveaway of the Day Forums

1. 

   Tailteann
   Member

   Greetings good folks...

   I was doing google search and when I clicked on a link that showed as safe...and extra unexpected window opened in my browser (not a pop up). The content was completely blocked by the No Script add-on in my FF browswer.

   Then last night during another search, I clicked on a blog link that WOT (web of truth) showed as green, and three extra windows opened...one with porn. Just for the record...this is a newish laptop and has never been to a porn site or done a porn search. And no one has the password for it but me.

   I'm security conscious; and though I like to surf on occasion, I'm cautious. I've paid AVG Security Suite, the Free version of Malwarebytes, Search and Destroy, along with windows Defender scans run regularly. I keep my laptop up to date (including extra vulnerable stuff like flash and java), clean of cookies and old files with CC Cleaner and Revo.

   Nothing, nada, zilch has come up on scans.

   This is kind of freaking me out... :/ Any advice?

   Posted 15 years ago #
2. 

   thenameipicked
   Member

   Do you know what blog you were on? I want to check it out (it could be that it *was* trusted, but now they aren't).

   Posted 15 years ago #
3. 

   Terri218
   Member

   It sounds like the virus I got a while ago - it kept trying to open up windows to porn sites and viagara ads. WOT kept coming up as red so I closed them immediately but it was a pain until I got it off my computer. It took a few days to get updated into my anti-virus program and I stayed off that computer for a while. it's completely gone now (I hope).

   If I understand it correctly, if a virus is brand new, no anti-virus program can stop it since they don't have the definition of it yet.

   Posted 15 years ago #
4. 

   Tailteann
   Member

   Terri218: Yikes. I'm scanning now with avast which I just downloaded...thinking to do a boot scan but the free version no longer has it. I'll probably be uninstalling it when done not to have two anti-virus (I did turn the resident scanners off).

   I'll log off this laptop for a few days until things update and stick to my PC. It's so upsetting. I hope I don't have to end up dumping and reloading my whole system because of this.

   Thenameipic: I can't remember the first one but I thought maybe I clicked on something accidentally and then it was totally blocked in content by no script and so wasn't overly upset. I could only see the links and the the no script symbol next to them. It was reassuring...until the next triple one with the porn. :/

   Posted 15 years ago #
5. 

   Anonymous
   Unregistered

   I not go to new try a fix fist & Terri218 is right but in a few day with update will fix can try http://housecall.treadmicro.com/ online scan new firefox or Opera just to test befor you try that firefox go to tools Options Add-ons & Plugins & click Disable just to test most Add-ons & Plugins you not need, if you know the name of the bad web site add to block in firefox.
   all so add Adblock Plus & spywareblock you see I add 3 easylist, easylistGeneral, Malware block 'To stop spyware '.

   Adblock Plus by Wladimir Palant * Adblock Plus Updated July 13, 2009 Add to Firefox
   chrome://adblockplus/content/ui/tip_subscriptions.xul
   choose one subscription from the list,Add a different subscription
   https://easylist.adblockplus.org/easylist.txt
   > EasyList (by Ares2, originally Rick752)General ad blocking list
   > View all subscriptions > http://adblockplus.org/en/subscriptions
   > Huge list of known domains serving malware.> Subscribe: Malware Domains

   Posted 15 years ago #
6. 

   watcher13
   Member

   Tailteann, I've afraid I don't have any magic answer for you, just some thoughts.

   I don't know that you'd have to dump Avast. The AVs usually don't damage each other and only fight when you have more than one resident scanner on.

   Obviously, if you can isolate whether it's a browser or add-on, or whether it's Windows itself that's hooked (probably browser level, though), you'll have a better idea how to procede. If Windows, you can do the obvious things to try and find nasty little suprises. You've probably already checked your autostart programs for strangers, don't forget to check windows services, too. Some hackers try and hide them there. In any case, you can also use search to search by date. You can search "date created" by a specific day and maybe you'll find a suspicious file.

   I assume this is happening with No Scripts on (I LIKE that add-on, but it definately takes some getting used to). If not, you might want to try to put up with it blocking all sites initially and see if it still happens. That would obviously indicate that it's a script, so at least you'd know what you were looking for. I assume you checked for a new add-on, more importantly, have you tried disabling any add-ons that might be vulnerable, or all of them - you never know. I doubt you have any, but something like iMacros or even a an autoform utility like Lazurus could be vulnerable. Then you can try uninstalling-reinstalling that add-on, or just do without.

   Have you thought of reinstalling FF. Or trying IE. I'm saying trying IE as a test to see if you have the same problem. If you don't, that obviously would hint that only FF is hooked and would hint that a reinstall might help - that the hook was in FF, itself, and might be broken by an uninstall-reinstall. Do you have FF version 3.5? If not, that would give you an excuse to do a new install, anyway. Though I'd do a full uninstall of the earlier version, first. And I'd do it with revo uninstaller. Have you used that? http://www.revouninstaller.com Revo tries to read the program's structure - it may just read the install or uninstall logs, or it may try and read the various links (the "calls") to other files - so you might get lucky and it might find a "hook" file if the hacker didn't take the necessary precautions to hide it. I'd use it on it's most aggressive mode. People say that mode is too slow, but I haven't found that. In fact, Revo's good to have, anyway, because it can sometimes uninstall when the built-in uninstaller is corrupt, and it has some other tools, like a junk file cleaner to augment your ccleaner. Besides, it's free and even has a portable version, which seems to me to be just as good as the main version.

   As to finding brand new viruses, that's, obviously, a problem. I only used the AVG free version and that was about 4 years ago. I assume it has heuristics to detect suspicious behavior from new viruses and you have that feature turned on. If not, it's probably worth it. I use the AntiVir free version and am pretty happy with it. It's heuristics can be annoying, until the community complains enough about false hits so that Avira fixes them. I've had that happen on my AT&T homepage and on TV Guide's site. Still, it doesn't happen that often, so it's more than worth it to me.

   In any case, I don't think you'll have to reinstall windows. At the worst, this is an embarassing annoyance. Take a deep breath and just be patient. You'll find it.

   I should add, another way to prevent this in the future is to try a virtual surfing. Such as Sandboxie or Returnil. I use returnil to test GOTDs. http://www.sandboxie.com, http://www.returnilvirtualsystem.com The only problem is that if you forget that you have them on and make a bunch of changes or turn them off and try to access recent surf history, it's all gone. Still, everybody's surfing habits are different and it might be right up your alley.

   Posted 15 years ago #
7. 

   pavid
   gamer extraordinaire & knowledgeable computer nerd who likes to argue, but is still a very nice guy

   I don't think you have anything to worry about Tailteann. As more and more of us use various tools to block ads and scripts and to check sites, sites become more adept at finding ways to bypass them. One thing to keep in mind about site rating services is that they are a month or more behind. A site that was good 2 months ago may have decided that they need more revenue and so they are now accepting questionable sources of money. All we users can do is keep the tools we use up to date and use common sense.

   Posted 15 years ago #
8. 

   aRenegade
   Member

   Ahhh sweet troubleshooting, don’t you just love it? It wouldn’t hurt checking if there are any IE add-ons that were recently installed; it’s possible there may be something there that triggers the symptoms you’re describing. Try running IE with no add-ons and see what happens. If the symptoms disappear access Internet Options, Programs Tab, Manage Add-ons (button). You’ll be able to see the dates any add-ons were installed to help you deal with it.

   For future reference anytime a pop-up or some window opens that seems out of place, unexpected, or suspicious NEVER close it by the clicking the windows close button (i.e., X), malware can actually be activated that way. A user could be thinking they’re safe because they closed a suspicious window before any damage was done, but guess what? Always close a suspicious window thru the “Task Manager” (Right-click an empty space on the taskbar, and then click Task Manager). This method is the safest way to keep your PC malware free; which is something I learned the hard way. Also, be mindful of the “System Restore” in that it may be harboring a malware you may have just got rid of. It’s easy to forget about those kinds of things until a day comes when you are reminded; another lesson learned the hard way…lol

   Posted 15 years ago #
9. 

   Robert
   StrayCat

   Tailteann
   For closing pop-ups the safe way,the way aRenegade explained to you,take a look at the vid on this page or use the "close other tabs" option in FF in case multiple tabs keep loading.
   Just popping in.LOL.

   Posted 15 years ago #
10. 

    Terri218
    Member

    When I was getting those pop-ups opening up one after the other, waiting for the Task Manager to close them would have been impossible. I never could have kept up with them. At least closing with the X got them off my screen immediately. Of course the only real fix was to scan and clean my hard drive to get rid of them completely.

    Posted 15 years ago #
11. 

    Tailteann
    Member

    Thanks for all the great advice!

    I -think- the issue was resolved by the first suggestion of waiting it out. I was off line for a few days and updated everything on my laptop last night. AVG caught nothing (when that sub runs out, I'm checking other options). Then the free Malwarebytes immediately caught something called "Rogue.SmartProtector" and it turned out to be a very new threat detection (according to their forum mods) that had inserted itself in:

    C:\ProgramData\Microsoft\Media Index

    Since I rarely have infections showing up on scans, I'm crossing my fingers this is the culprit.

    Hotdoge: I've AdBlock+ installed and it's a favorite.

    Watcher13: I think the uninstall with revo than reinstall is a good idea...and it's high on my list if this problem wasn't resolved by malwarebytes. I've never heard of these virtual surfing programs and am definitely going to check them out. :)

    pavid: True, I try not to depend on WOT, more use it as guide. I find it to be slightly subjective at times.

    aRenedge: I didn't know that about closing the windows using the 'x' could activate spyware...how about just closing your browser on them all? The reason I had to reinstall my whole windows set up from scratch was that a nasty virus had installed itself in my system restore on my PC last winter.

    Robert: Thanks for poppin' in w/ that link, lol.

    Posted 15 years ago #

RSS feed for this topic

Reply

You must log in to post.