Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Porn Malware, adware, virus

Aug 28, 2015 11:31AM PDT

I am very perplexed as to what is going on with my computer. I'd like to give just a little background information before I dive into my situation. My 12 year old son and I share a home desktop computer. I work from home and am also a full time student. Because I like to monitor the content of my son's Internet use I use a key logger to keeps tabs to make sure he is not doing anything he shouldn't be. Now, yesterday while my son was at school I was playing videos on YouTube while doing some of my school work, after about 30 or so the computer shut itself off (which it does from time to time) so I turned back on, clicked open Google Chrome and started to type in youtube, when Google Chrome quit responding and my computer shut off again. When I turned it back on I decided that probably needed to run ccleaner to clear history, cookies and the registry. Computer worked fine afterwards and I continued to listen to music on YouTube and chat on facebook in anouther tab for about an hour. Later that evening my son used the computer so I checked the key logger later just to be safe when I noticed something really weird. When I had been on the computer earlier in the day and chrome had frozen I could see where I had typed you (for youtube) into the search box, however, one minute later the key logger shows a new tab opening the website youporn and it being visited for 7 secs yet not responding, then it shows up again during the same time (as everything in the key logger is timestamped) as being viewed for one minute. Next, it shows that an actual video was accessed, and my McAfee running at the same time! It says that this video was open on a tab of my computer for an hour and 22 mins!! First, my computer shut down at the start of this youporn thing, second, I ran ccleaner as soon as I turned the computer back on. Third, when I got back on chrome for youtube and facebook I didn't see any other tabs open. Forth, I wasn't even on the computer for an hour and 22 mins after I rebooted. How in the world is this possible? I have no pop ups, ads, and the only issue I've had is my computer shutting down randomly, but this is the first time I've ever seen anything like this. My McAfee is only the free version but I've been told that that was good enough for my purposes. I've tried to Google the issue and ask several people and they all say I must have intentionally went to the site, but I didn't! Do I have a virus? Malware? I have no idea about these things but think it's very strange. Also, in case anyone is wondering I've had the key logger on there for over a year and this has never happened before so I don't believe it's coming from there. Like I said it has never happened before and it hasn't happened since but I'd like to know what is going on. Please advise!

Discussion is locked

- Collapse -
Clarification Request
I know this is long
Aug 28, 2015 8:31PM PDT

I am computer stupid, lol. My computer knowledge ended in the 90s. All I want to know is how this happened and how I can fix it. Any help would be appreciated and I won't be offended if you need to "dumb it down" for me to understand. Wink

- Collapse -
Answer
My first thought is you need to change something.
Aug 28, 2015 12:20PM PDT

The best deterrent I know is the PC is in an open space. OpenDNS and other parental controls are just catching up on IPv6 as noted at https://support.opendns.com/entries/22297860-How-to-properly-block-youporn-com-

That's a very long paragraph so I can't pick out the question. It ends without the question mark so there's no real question here. My advice is to move the PC to a public location and get a better parental control system if that's your choice.

- Collapse -
I don't understand
Aug 28, 2015 8:09PM PDT

I apologize for the long paragraph, I was just trying to explain what happened to see if anyone might be able to explain what happen and how I might prevent it from happening in the future. Unfortunately, I don't know what you tried to tell me. I'm not up to date with computer technology and have no idea what an open DNS is.

- Collapse -
That's the thing.
Aug 29, 2015 6:38AM PDT

To understand what happened would take you learning a lot more.

Maybe a change in tactics would be best. That is, better PC location where you can see what's going on since keyloggers only tell part of the story. Also, I don't see where you asked the user what they did.

My nod to the OpenDNS thread is a tipoff that with the move to IPv6 many prior parental controls are being overrun. But the old standard of PC in the open space where all can see what you are doing seems to always work.

No one here can provide a forensic postmortem that is more than a good guess. My thought or guess is you want to improve your controls.

- Collapse -
Yes I would certainly need more knowledge!
Aug 29, 2015 9:41AM PDT

The computer is in the office, which is in the middle of the house, so for the most part I can monitor him without being being worried. However, there are times when he is able to use the computer and he knows that I am knee deep in work or studies, thus the use of the keylogger.

However, in this case, I was the user of the computer during the time that the website was accessed. I did not see it nor hear it so I am perplexed as to how it even got on the keylogger to begin with. That's what I am questioning. How could a website be accessed and apparently "veiwed" for over an hour while I was on the computer without me even seeing it?

- Collapse -
There is malware that
Aug 29, 2015 10:00AM PDT

Is not detected by the titles given so far that sneak in with apps or browsing.

No one may guess which it was today. You would have to hand the machine over to a forensic team to nail it.

I find such work rewarding (financially) but the cost is in the 5 figures. We have to clone the drive since we can never corrupt the source drive. And then the team clones from that clone so we can dig in and no worry about corrupting the source.

It's very technical and costly so I advise you do the usual scans, clear browser caches and then install more parental controls. Logging only does a portion of what you seem to be after.

- Collapse -
Ok, that is what I wanted to know
Aug 29, 2015 10:28AM PDT

Thank you. I know you can't tell me for certain what actual happened. But it does give me comfort to know that this could be malware. I guess I was a little concerned that someone had "hacked" my connection some how.

Since you seem to be very knowledgeable about the subject what sort of protection (as far as virus, malware, spyware) would you recommend?

Since you mentioned that the parental controls are somewhat dated, what what would you suggest as far parental controls and blocking certain content? As I said in my original post my son is soon to be a teen and as such he is soon to want a smart phone, tablet and so on. I can't protect him all the time but could at least attempt to protect him over my own network. What are my options here?

Thank you! I really appreciate your time.

- Collapse -
We remain the best protection.
Aug 29, 2015 10:52AM PDT

There is nothing today that will save users from themselves. So if they go to shady sites, well it's all bets off. This can confuse folk new to the PC and even seasoned owners. For example, folk may blurt out "How did this happen? I have Norton."

So back to the beginning we go to review that it's a PC (personal computer) that obeys our commands. If you want to lock down you have to move to other OSes like Windows RT, some Linux versions and more.

- Collapse -
Completely understand
Aug 29, 2015 11:07AM PDT

Back in the 90s, when I was still my teens, my curiousity had me clicking around everywhere and I couldn't tell you how many computers I ruined being completely stupid.

Once I got a little older my computer was strickly used for word processing, research, school, and work. I didn't have a problem with my computer for many many years. Then, my son started using the computer....now I have this happening, shut downs, spam mail. Ugh!

Sometimes I wonder if it's more hassle than its worth!

Thank you.

- Collapse -
That's why some ditch Windows.
Aug 29, 2015 11:12AM PDT

You'll see folk talk about Linux which is much safer for those that just click here and there as it won't allow apps and the usual infections.

However all the above tells me it's about parental controls, blocking and maybe logging. I'd look again at OpenDNS.

- Collapse -
I've thought about it
Aug 29, 2015 12:56PM PDT

Linux seems like something to think about.

I'll definitely need to get a better handle on the parental control, blocking and such. I looked briefly into openDNS and it looks like a very good place to start, especially when it boils down to protecting all the devices in the house. Although, I am concerned that it may be a little difficult for me to set up given my puny knowledge.

- Collapse -
might be time
Aug 29, 2015 11:18AM PDT

it might be time to get him his own computer before he does something that could cause you to lose your important files. he is a kid so he will be exploring whether it be porn or free programs, music and movies. If you worry about cost, think about the cost of losing your files to ransomware.

- Collapse -
Answer
browsers have history files, but....
Aug 28, 2015 1:02PM PDT

...seems you already erased that. Your IP from the ISP may have changed and the last assignment had someone seeking such, so it's targeted. Youtube should never forward you to a different site like that. I'd guess you may have a browser exploit running in the background. Recently add an extension or a toolbar? Also check in task manager and see if anything wrong running in it.

- Collapse -
I didn't think it was youtube
Aug 28, 2015 8:20PM PDT

I've been using Youtube for years and this has never happened. I haven't added any toolbars or anything to the computer recently, however, my son did download some things off of the curse client for his World of Warcraft game about two months ago. Unfortunately, I have a very limited knowledge of computers so most of what you said is almost foreign to me. For instance, I have a general knowledge of the IP, but I didn't know they could change so I'm not sure what you mean when you say that it could have changed and the last assignment had someone seeking it. What is a browser exploit? Also, how do I know if anything is wrong in task manager? Sorry for my inexperience.

- Collapse -
Ok I googled browser exploit
Aug 28, 2015 8:59PM PDT

and it does sound very similar to what could be going on. I did lose my homepage a few weeks ago but didn't think much about it. However, I noticed that in the search I did it said that it would redirect intended websites to porn sites and since youtube and youporn are so similar it does make since that it would redirect there. But wouldn't I have seen it or at the very least heard it since the volume was up after listening to music videos? Also, since my computer shutdown right after typing "you" into the browser wouldn't it have stopped processing? Looking at the key logger it's like my computer never shut down.

- Collapse -
malwarebytes
Aug 29, 2015 6:53AM PDT

find it, download and install it, run it. Should fix your problem.

- Collapse -
I am familiar with
Aug 29, 2015 7:44AM PDT

Malwarebytes, so I will do! Thank you!

So is it possible that the browser exploit could do that even when my computer shut down?

- Collapse -
No
Aug 29, 2015 8:01AM PDT
"So is it possible that the browser exploit could do that even when my computer shut down?"

Not unless you have WOL or some other wakeup set on it in BIOS, which would allow it to boot up unattended.
- Collapse -
Nope don't have that.
Aug 29, 2015 9:30AM PDT

Never set that up, not even sure my computer would support it (then again what do I know).

I will use malwarebytes on it this weekend and hope that fixes the issue. It would still be nice to have a possible explanation as to what happen....

- Collapse -
if still having problems
Aug 29, 2015 9:59AM PDT

if after malwarebytes you are still having problems with youporn, I would suggest going to the malware section of the following website and post there. They will have you run some logs and post them so they can look and help you get rid of it. Unfortunately cnet is not setup for that type of indepth help.

http://www.techsupportforum.com/forums/

- Collapse -
Thank you for the link
Aug 29, 2015 10:32AM PDT

I assume the free version of malwarebytes will work for my purposes today. I appreciate the link and will post there if I have additional problems.
I really appreciate your time in trying to help me solve this issue!

- Collapse -
free version is good
Aug 29, 2015 10:36AM PDT

there really is not any difference between the free and paid version other than there is live scanning and a couple other things that will not affect the actual scanning

- Collapse -
Ran malwarebytes
Aug 29, 2015 5:12PM PDT

And it has found 146 PUP.Optional.Mindspark.A threats. Apparently these are potential unwanted programs accorded to several forums I have perused. Could this have caused my issue?

- Collapse -
Link details what these do.
Aug 29, 2015 5:30PM PDT