   | Senior Member with 1,259 posts. | | Join Date: Nov 2004 Location: 40°38'28"N 124°13'27"W Experience: Hendrix | |  Spyware warning! If you are hijacked to this website,
hit your "back button".
This one seems to affect all web browsers,
on all platforms, and is infecting many websites.
DO NOT INSTALL THIS!
If you have been hit by this, please run HJT, and
check for tracking cookies, as well.
AVAST! caught this one, but Norton's didn't.
I run Firefox 2.0.0.20 over Windows 2000,
and Konqueror 3.1.2 over KDE (Redhat linux).
This is yet another web virus.  
__________________
Si Dios quiere, asi, lo mismo quiero, tambien.
Que sera sera, y entonces, debemos tocar alguno
que El daremos.
Last edited by gyrgrls : 24-Apr-2009 08:18 PM.
Reason: lost attachment
| | | Senior Member with 1,259 posts. | | Join Date: Nov 2004 Location: 40°38'28"N 124°13'27"W Experience: Hendrix | | Is the internet safe anymore? | | | Senior Member with 1,259 posts. | | Join Date: Nov 2004 Location: 40°38'28"N 124°13'27"W Experience: Hendrix | | To clarify:
The site itself is just pushing 'spyware'.
But my browser was hijacked, and I was taken to this site..
I will do a log dump, if needed.
But a HJT log won't be necessary.
I already got rid of the trojan (which was written
in Javascript)
Just a "head's up" 
__________________
Si Dios quiere, asi, lo mismo quiero, tambien.
Que sera sera, y entonces, debemos tocar alguno
que El daremos. |  | Distinguished Member with 7,668 posts. | | Join Date: Mar 2009 Location: Cyberspace Experience: Advanced | | Quote: |
AVAST! caught this one, but Norton's didn't.
| Are you by any chance running two AV at the same time?
Are you saying you were redirected to the site prompting you to scan for drivers? Uniblue is a legitimate company, are you sure it was spyware and not a false positive from Avast?
Do you have more info on the threat? | | | Senior Member with 1,259 posts. | | Join Date: Nov 2004 Location: 40°38'28"N 124°13'27"W Experience: Hendrix | | OK, what I have so far is this:
0A432217665C09080000001A
(rest snipped)
Uniblue might be legit,
but how did I get redirected there, even
running Firefox, under Linux, with pop-up
blockers enabled?
Many legitimate sites exist, but the piggy-backers
will harvest them. It's sick, really.
I am not even blaming Uniblue.
I just resent the fact that my browser was hijacked.
One can hardly surf the web without Javascript enabled,
yet this is a gaping security hole..
The minimum requirement for online banking is 48 bit SSL,
yet many sites run JS, wide open..
Just a heads-up
P.S.: I can make a fake https:// website. It's easy, really.
I have also hacked Win 98 via plain HTML code,
just to show it could be done (although NT seems more robust).
I do this, because, as a Unix system administrator,
I demand security. I actually try to hack into my own system,
in order to find any holes.
But this new Javascript exploit is REAL.
It is hole in JS, and not in the web browser, itself.
Be well.
__________________
Si Dios quiere, asi, lo mismo quiero, tambien.
Que sera sera, y entonces, debemos tocar alguno
que El daremos. | | | Senior Member with 1,259 posts. | | Join Date: Nov 2004 Location: 40°38'28"N 124°13'27"W Experience: Hendrix | | OMG! I Can't believe it!
Marsha's site is still infected!
This is what it looks like,
in ASCII format: (it's not binary,
so It can't hurt you, displayed as-is,
as it is well obfuscated).
Last edited by Cookiegal : 03-May-2009 04:34 PM.
Reason: Removed code so users don't get alerts from their a/v programs
| | | Distinguished Member with 7,668 posts. | | Join Date: Mar 2009 Location: Cyberspace Experience: Advanced | | | | | | Senior Member with 1,259 posts. | | Join Date: Nov 2004 Location: 40°38'28"N 124°13'27"W Experience: Hendrix | | Ouch!
I didn't mean to post malicious code.
But it came through my browser, and AVAST!
complained loudly, upon reading my own post. 
I fixed it.
I "x'ed out" the first few bytes,
thereby deliberately corrupting the code,
so it can't execute.
I am so sorry....
BTW:
I didn't write this little goody. Someone else did,
and it is infecting websites like crazy... 
__________________
Si Dios quiere, asi, lo mismo quiero, tambien.
Que sera sera, y entonces, debemos tocar alguno
que El daremos.
Last edited by gyrgrls : 25-Apr-2009 04:46 AM.
Reason: clarification
|  | Distinguished Member with 37,126 posts. | | Join Date: Aug 2003 Location: Corn Fields of OHIO Experience: Einstein Jr. Indeed | | | |  THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.
|
Smart Search
| Find your solution! | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:59 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
|  |
|
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
General Security 
Search 
