1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Phishing Problem - Google Images - t3.gstatic.com

Discussion in 'Virus & Other Malware Removal' started by XFiiire, Jul 14, 2010.

Thread Status:
Not open for further replies.
  1. XFiiire

    XFiiire Thread Starter

    Jul 14, 2010

    Every single time I search any phrase on Google Images on Firefox (or Internet Explorer - but Firefox is my main browser), my Kaspersky Internet Security alerts me to Phishing Attacks -
    this is one example

    blocked: phishing address http://t3.gstatic.com/images
    URL: http://t3.gstatic.com/images?q=tbn:...t.com/albums/ll176/yescomm/hello/hello020.gif

    Hence the apparent phishing attack seems to operate by taking the images shown from the search and then turning it into what Kaspersky finds as a phishing attack - those images (on the browser) do not show up - they become a blank white box normally with a small red X in the top left hand corner

    This started after visiting a dodgy website which offered me one of those rogue spyware/antivirus softwares - my normal procedure is just to abort firefox and upon the session restore simply untick the box for the "rogue" website - although this seems to have failed

    So far I have scanned with Malwarebytes and found Rogue.RegSweep - although quarantining and deleting this has not solved the problem

    Malwarebytes' Anti-Malware 1.46

    Database version: 4310

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    14/07/2010 00:23:04
    mbam-log-2010-07-14 (00-23-04).txt

    Scan type: Quick scan
    Objects scanned: 137196
    Time elapsed: 21 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    At the moment I am scanning my whole system using Trend Micro Housecall - although I am still unsure as to whether it fill find anything on my system and whether if it will solve the problem

    What should I do?

    Note: I have done one system restore to the 13th of July (the latest one I had to restore to) - previous to this date I did not have the problem

    Note: When using Firefox's Private Browsing Mode and searching Google Images - the problem does not occur - Kaspersky does not warn me of any phishing attempts and all the images on Google show up as they normally should

    Thank You

    Edit: It seems like it does affect Private Browsing... however that means that for some reason on one occasion it did not do anything and the Google Image Search actually worked
  2. Blade81

    Blade81 Malware Specialist

    Oct 27, 2006

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.


    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
  3. XFiiire

    XFiiire Thread Starter

    Jul 14, 2010
    Hi Blade81,

    Thank you for your response, ((should have posted it here earlier - but I was on holiday :) )), I managed to solve the problem eventually through doing a few scans of my computer and scanning the registry which removed some entries.

    The problem has been removed - I used Malwarebytes, Uniblue Registry Booster, Trend Micro Housecall and (after the event - this scan did not find any threats) Kaspersky Internet Security 2011

    Though thanks again for replying

  4. Blade81

    Blade81 Malware Specialist

    Oct 27, 2006
    Ok. Thanks for letting us know :)
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/935603