Spyware, Viruses, & Security forum

General discussion

Caught bug this morning

Need a little help today.
I went to XP forum here at cnet this morning and as soon as I clicked on the latest post for SPS problems I got a popup for "Internet Security Deluxe.How do I get rid of this? I read that it has to do with zlob. Fish

Discussion is locked
You are posting a reply to: Caught bug this morning
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Caught bug this morning
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I would give the following a try......

In reply to: Caught bug this morning

Hi Fish,

Operating Systems: Microsoft

Collapse -
I would give the following a try......

In reply to: I would give the following a try......

Marianna

I got the same popup this morning

I ran this following and all showed clean

Malware antiwarebytes
Super antispyware
Rogue remover
Tweakui reg cleaner
Ccleaner

Opened HiJack this and do not find any new files

No problems with computer so far but this was rather strange acting popup as it open a new tab in Firefox even when canceled and tried to download scanner

Ray

Collapse -
phil

In reply to: I would give the following a try......

did you happen to get your popup from the same place as I did?
I ran avg free ,ccleaner and spybot and found nothing.
Looks like you ran all things suggested by Marianna with no success.

Collapse -
also

In reply to: phil

Forgot to say that I did not download anything from the popup,just xxed it out.Went back later and got the popup again from same place.

Collapse -
Phil & Fish......

In reply to: phil

Did you happen to SEE this post in Feedback:

Happening again this AM...Heads up folks
by Steven Haninger - 7/16/08 5:23 AM
In reply to: Strange behavior only with Cnet tonight by Steven Haninger

Something about scanner (dot) vav-scan (dot) com

Once again, it won't go away. Options "cancel" and "ok" are ambiguous...it continues to scan and/or ask to install a program...even brought up download manager!!! ARGH...had to end FF through task manager. Norton blocked it the first time while in progress. Just had another site pop up...didn't catch the name. Only in Cnet again.


http://forums.cnet.com/5208-7598_102-0.html?hhTest=1&forumID=51&threadID=300898&messageID=2812634#2812634

Do you BOTH have the same?

Collapse -
Marianna

In reply to: Phil & Fish......

Additional info from Hijack log

017-hklm\system\ccs\services\tcpip\parameters\b8583ff2-15f1-48d2-8b65-3493e2e99711 reg binary

Trend analysis states that 017 is a domain hijack

These items are in my in my registry

The pop up came from windows XP forum forget which thread have not returned to see if it popups up again

Read Steve's post ???

Collapse -
Same problem as Steve

In reply to: Marianna

Show up again only this time from feedback when I closed Firefox it opened on desktop when I x out it opened in firefox and tried to scan had to close firefox to stop scanning

It's all over the forum

Is there any association between 017 and this popup or is that another problem

Ray

Collapse -
(NT) I am trying to figure it out........

In reply to: Same problem as Steve

Collapse -
Ray...... 017 Section in HJT.......

In reply to: Same problem as Steve

This section corresponds to Lop.com Domain Hacks.

When you go to a web site using an hostname, like www.bleepingcomputer.com, instead of an IP address, your computer uses a DNS server to resolve the hostname into an IP address like 192.168.1.0. Domain hacks are when the Hijacker changes the DNS servers on your machine to point to their own server, where they can direct you to any site they want. By adding google.com to their DNS server, they can make it so that when you go to www.google.com, they redirect you to a site of their choice.


http://www.bleepingcomputer.com/tutorials/tutorial42.html#O17Diag

What YOU have is different

Did you run CCleaner ? You also could run ATF Cleaner by Atribune:

http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
Collapse -
Marianna

In reply to: Phil & Fish......

It seems like the same thing.I only have the situation when on cnet xp forum.Like I said in my first post it happened after clicking on latest post about SP3 in xp forum.
I guess I'll just sit tight for now and keep my eyes open.Thank'a for your info.Fish

Collapse -
Fish.......

In reply to: Marianna

I guess I'll just sit tight for now and keep my eyes open.

but...... keep BREATHING Devil

Btw. Are you "cruising the internet" with FF ? I have AdBlock Plus active and disabled all ads + iframes. Also NoScript installed.
Collapse -
oops!

In reply to: Fish.......

Sorry for not mentioning that I use IE. Am now exhaling. Happy

Collapse -
FYI: Known issue on Cnet right now...

In reply to: Caught bug this morning

Lee and the engineers are looking into it; Most likely a malicious advertisement.

Do NOT believe the results and do NOT download their software. Immediately navigate away from the page.

John

Collapse -
Hit me at home. . .

In reply to: FYI: Known issue on Cnet right now...

and at work. At work NAV said it blocked the "download. . ." Haven't checked my home machine running AVG. But I did immediately close the page. Was using FF3.

If it is a malicious ad will CNet kick the sh** out of someone?

Collapse -
I Certainly Hope So....How Many...

In reply to: Hit me at home. . .

times have posters complained about malware operations advertising on Cnet?? Many,many to be sure! Minimal background/security checks should be done on potential ad clients (in case baddie running under new names) for the protection of all involved. You'd think credit dept. would be checking for financial reputation at least which might catch a few. JMHO. Sad! SadWink

Collapse -
I Just Got Hit Also After Linking.....

In reply to: I Certainly Hope So....How Many...

thru a post here regarding SpyNoMore to outside site (Site Advisor) in Carols post.
Believe my Spybot Tea Timer &/or Immunize prevented full penetration.
Still enough to disable CCleaner, Sys Restore, corrupted a Spybot Update defs (latest detections, last on list above "English language descriptions") prevented normal shut down,etc.
Luckily, a hard reboot followed by immediate system restore to yesterdays known clean point got me going again. Had to do all updates again (S&Ds came down fine this time).

HJT 2.0.2 now shows no NEW entries in report (compared to last scan).

For now, I suggest no-one link to off site from links in posted replies in any forum here (better safe than sorry..). Lets hope techs get this under control quickly. At least it wasn't Intel chip exploit!! Whew! Grin

Collapse -
I Just Got Hit Also After Linking.....

In reply to: I Just Got Hit Also After Linking.....

After I got the pop up on my desktop and it opened in Firefox and started scanning eventually I was to slow closing it.Shutdown computer.

Was out of pocket for a few hours and then when I returned I opened Firefox and tried to access cnet.
A menu appeared and everything was bunched up on the left side of the page. None of the forums would load. This only effected Firefox IE and Linux Firefox working properly. Tried safe Firefox got the same results.

I had to system restore and then reload Firefox before I could access Cnet.

I also hope they have found the culprit as I do not wish to have to redo this one more time

Ray

Collapse -
This wasn't today was it, Phil?

In reply to: I Just Got Hit Also After Linking.....

I just want to make sure. Ad folks removed the compromised ad already. So I wanted to make sure none of this is happening today anymore.

Thanks!

Collapse -
When did this occur?

In reply to: I Just Got Hit Also After Linking.....

Last night? Anytime reference would help.

Thanks!
-Lee

Collapse -
When did this occur?

In reply to: When did this occur?

Lee

The last of three occured at 11:00 am cdst on 7/16/2008

As honey do projects were pounding on my head I immediately shutdown my computer after xing the rouge scanner.

I did not return to my computer until about 7:30pm on 7/16/2008 at that time found the problem with accessing cnet forums

There has not been any more rogues since I restored my computer

Ray

Collapse -
In Rely to Time of Hit......

In reply to: I Just Got Hit Also After Linking.....

This would have been 10:40 P.M. Cnet Board time on the 17th. I was back up to post in about 35 mins due to minimal damage intrusion & fast action. I mistakenly thought, at the time, that the contagion was limited to the XP forum which I usually visit AFTER this forum & so chose not to go there last night. Happy

Collapse -
Could you double-check that?

In reply to: In Rely to Time of Hit......

The time stamp on your reply is 10:30pm on the 17th. Are you sure that the malicious redirect encounter was on the 17th and not the 16th at 10:40pm?

John

Collapse -
Re: I Just Got Hit Also After..

In reply to: I Just Got Hit Also After Linking.....

Sandy..

If you're referring to the post below, it's only a link to SiteAdvisor. And NOT a direct link to SpyNoMore.

http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=259970&messageID=2560451#2560451

I just wanted to make this clear. I've never posted any links which are harmful, nor would I ever. I would have been the first to be hit, if it were the case. And it's not.

Again.. I just wanted to make the above very clear, in case anyone should interpret it otherwise.
Carol

Collapse -
Carol

In reply to: Re: I Just Got Hit Also After..

>>>I've never posted any links which are harmful, nor would I ever. I would have been the first to be hit, if it were the case. And it's not.

Right Carol. Not any of your link or anyone's link in the said thread but it's the ads/redirection from CNET pages (not only forums) that hit "some members" since July 11.

Glad to see member posted their "findings" after being hit. That made Lee and the CNET team figured out and remove the 'culprit'.

Collapse -
Donna..

In reply to: Carol

Thanks. I had a gut feeling someone (perhaps Sandy) would point this out. I was aware it was the ads/redirection, which caused all the commotion. To include Sandy's problem. Due to the nature of my post (SpyNoMore), I didn't want to leave ANY room for doubt. Hence, why I added '....in case anyone should interpret it otherwise'. Maybe "misinterpreted" would have been a more appropriate term. Posting "nothing at all" might have been .. even more appropriate! Silly Either way.. thank goodness it's over. <<fingers crossed>>

I'm glad to see this was resolved. And in such a speedy manner! Kudos to Lee, the CNET Team and to those who contributed their findings!

Collapse -
:D

In reply to: Donna..

>> thank goodness it's over. <<fingers crossed>>

There's still ads so yes, fingers crossed also Grin

>> Due to the nature of my post (SpyNoMore), I didn't want to leave ANY room for doubt.

I hear you. Some members who is new and not familiar to regular posters and post here might think it's the link and this post needs this posts. I hope you understand what I just wrote ROFL Wink

Collapse -
Sorry, If I Didn't Make That Clear!!!! Absolutely...

In reply to: Re: I Just Got Hit Also After..

NO CHANCE you'd link to a malware site, nor any other regular poster here I would hope. I clicked the link to "safe" Site Advisor that you posted, which is why I felt safe in clicking it. Also why I figured the problem was within Cnet.

Seems outgoing links in general must have been compromised before/during transition from here, before getting to whatever innocent site was linked. I don't believe these linked sites themselves are/were compromised.

Again, sorry if my 4 in the morning post was a bit fuzzy!!! Grin Sandy

Collapse -
No... no.... And no need for apologies..

In reply to: Sorry, If I Didn't Make That Clear!!!! Absolutely...

Sandy..

I really should have known that you of all people, knew I would never post an unsafe link. I'm overly-sensitive about the issue - to a fault. I knew it initially came about due to the ads, but I wanted to make it perfectly clear. I'm the one who should be apologizing to you. (I think I smell a "hug fest" coming on. Grin )

You wrote, "NO CHANCE you'd link to a malware site, nor any other regular poster here I would hope"

I'm glad you clarified it. It's kind of ironic, if you think about it. Although, this specific "regular poster", doesn't seem to be so regular anymore, it happened on more than one occasion where a hyperlink led to an unsafe site. The only reason I posted in the first place, was to make the not-so-regular-member, aware of it. And in so doing, also making other's aware of it. Enough said!!

I hope my (almost) 2:50AM post hasn't created any additional "fuzziness"! If so.. blame the time. Not me. Wink

All is well and..

Enjoy your weekend..
Carol

Collapse -
Thanks!

In reply to: No... no.... And no need for apologies..

Love
Collapse -
Can you guys do me a huge favor, please post your findings

In reply to: Caught bug this morning

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.