Help ATS with a contribution via PayPal:
learn more

browser hijack during login

page: 1
5
<<   2 >>

log in

join

posted on Mar, 21 2011 @ 05:57 AM
link   
hello all.
i am asking for assistance on a matter that irks me quite a lot at the moment.

every time i attempt to log in to this site, the browser is hijacked/redirected and an attempt to inject a trojan is initiated. malicious script also tries to embed. i have the information on the culprit/website. i am reluctant to contact this company to complain as i feel this would compromise my email account. i have considered setting up a web based account to use but before i do i ask this. Is there any tips or information the honourable members can supply for me to grab this by the collar? i was considering irc anon but feel this may be problematic and/or premature if there are other remedies at hand. the website in question is us based and i am in the uk.
i would appreciate your thought on this.
regards fakedirt




posted on Mar, 21 2011 @ 06:08 AM
link   
Windows i presume?

What browser?
Please don't say IE


Only this site huh?

How are you logged in now?

edit on 21-3-2011 by Ahmose because: (no reason given)



posted on Mar, 21 2011 @ 06:18 AM
link   
reply to post by fakedirt
 


There are a few browsers to choose from. On the chance you are using Firefox, install the noscript add-on. That may help with the malicious script issue.



posted on Mar, 21 2011 @ 06:21 AM
link   

Originally posted by fakedirt
every time i attempt to log in to this site,
i have the information on the culprit/website.l

You really need to clarify this. After reading your entire comment, I am pretty sure you are not talking about ATS, but in the beginning of your comment, since you say 'this site,' it seems like you are talking about ATS.
Either way, you should clarify.



posted on Mar, 21 2011 @ 06:24 AM
link   
If you've been previously infected it will happen on a lot of websites.

As in, it's taking you to their website. It's *NOT* ATS.

and frankly it could be a million things, your details are scant.

If you don't want to use your email, use a FREE email account, such as GMAIL or one of the plethora of random ones you can use and throw away, and redirect it to dodgeit.com... which is an entirely anonymous email receiving service. You use it with any name... donthijackmybrowser@dodgeit.com as your sending Email will have any responses sent to that url.

Run SpyBot - www.safer-networking.org... - it detects most browser hijacks. Or spyware.

Make sure you update the patterns as soon as you download it.

If you actually have a virus that is acting like this, check your HOSTS file. unlikely but some URL's get redirected via their IP to a different host, bypassing DNS.

With Windows it's in C:\Windows\System32\drivers\etc\ and is called hosts

All it should contain is 127.0.0.1 localhost and a bunch of #'remmed out statements above.

Spybot can show you all of these as well as determine any threats on your PC - it takes a while but it does work quite well.



posted on Mar, 21 2011 @ 06:29 AM
link   
There has been a rash / plague of rogue antivirus activity on the web in the last few months. Some information regarding that can be found here. These are insidious little programs that infect your system and sit idle - attacking at a later time (based upon any number of trigger mechanisms).

It sounds to me like you may be experiencing this problem. Here are some resources:

An overview "How To".
Malware Bytes.
Avast Antivirus.
Windows Defender.

All of the above have links to free of charge versions that work very well.

There are many members here, on ATS, who are very skilled at helping and are usually quite happy to do so. You'll probably have to devote a couple of hours to clearing this up - and will probably need to start your system in safe mode. If you are tech savvy, this won't be an issue at all. If not, please be honest with those helping you, let them know exactly what you are familiar with, and what you are not. They will walk you through it all very patiently - and they've helped many members fix these types of issues lately.

~Heff



posted on Mar, 21 2011 @ 07:15 AM
link   
To ahmose
you are quite correct, ie. i think i hear giggles. i attempt to log in on
the log-in page and then i get redirected to a website that attempts a generic trojan download.
i kill the browser,run ccleaner and try again. usually third attempt and i get to log in.

To kz6090
i visited www.grc.com kindly supplied by autowrench and ran a full diagnostic on my system.
it all came back with flying colours, no vunerabilities whatsoever. kav 2011 business use is on my
system and over the past three days i have run the scan several times with new updates.

To brokencircles
i attempt to log in on the log-in page of this site and as soon as i start to type my username,it
redirects my browser. as i stated prior, i checked out the grc site for browser vunerabilities and
it came back tip-top.

To badwolf
many thanks for the advice. i will follow your suggestions on that.

To hefficide
i appreciate the links you have supplied. i will of course follow up on these.

to all who have posted, many thanks for your time. i was on this site a month ago and clicked a link
sent by a member. my system died and it took me 13 hours to get it up to speed again from factory bare bones. when i enquired to the poster regarding the link, i received no reply whatsoever. maybe the member was unaware of the issue. my anti-virus picks up the attempts of the trojan download and denies entry. i have the details if anyone requests them i will gladly post them.

btw i am running xp pro x64 service pack 3. currently updated to latest windows updates and kav anti-virus database.
i have been using kaspersky since early 2000 and i have all the settings on maximum for scans etc.

regards fakedirt



posted on Mar, 21 2011 @ 07:43 AM
link   
Can we assume that you have alerted ATS to what you believe is the culprit thread or posting?



posted on Mar, 21 2011 @ 07:47 AM
link   
reply to post by fakedirt
 





i was on this site a month ago and clicked a link sent by a member. my system died and it took me 13 hours to get it up to speed again from factory bare bones. when i enquired to the poster regarding the link, i received no reply whatsoever. maybe the member was unaware of the issue. my anti-virus picks up the attempts of the trojan download and denies entry. i have the details if anyone requests them i will gladly post them.


I for one, would love to know the exact link you clicked that caused all your computer troubles so I can steer well clear of both the link and the member who posted it!

Some other good and free antivirus software: CCleaner; SuperAntiSpyware Free Edition and SpywareBlaster.
edit on 21-3-2011 by OptimisticPessimist because: (no reason given)



posted on Mar, 21 2011 @ 08:03 AM
link   
I have had this happen a couple of times also, trying to access the ATS home page, my computer is clean too so I guess someone is trying to be smart.



posted on Mar, 21 2011 @ 08:14 AM
link   
reply to post by Aliensun
 

hello aliensun.
i haven't got round to alerting the admin yet. i was leaning towards correcting this issue locally first and if all else failed, i would then inform the admin if i was 100% sure it was attached to the login page which at the moment i am not. however, the issue does not show up on any other site i visit and they could be counted on one hand. i am also unsure as to whether my computer crash was/is related to this issue now at hand. after the crash, i did a full install all day and nighter with the assistance of an honourable member who provided me with the data bandwidth needed as i am on limited payg dongle. data pauper!
regards fakedirt

hello optimisticpessimist
as requested www.abovetopsecret.com... poster was smurfy posted on 6-2-2011 @ 09:53 PM. link was scribd. i posted to the member my concerns but received no reply. as i stated earlier i clicked the link, it loaded the page and then wham! dead computer.
regards fakedirt



posted on Mar, 21 2011 @ 08:58 AM
link   
reply to post by badw0lf
 

hello badwolf
i checked the hosts and nothing there except the initial ip address.
i downloaded spybot with the latest updates and again nothing. no threats detected.
as i attempted to log in this time round the same redirection occured. the site is as follows
21/03/2011 09:47:24 Internet Explorer Detected: HEUR:Trojan.Script.Generic antivscannorthwestern.com...[7]
BE CAREFUL, there is a trojan connected to this page.
regards fakedirt.



posted on Mar, 21 2011 @ 09:19 AM
link   
hello all
after using the spybot program, i logged into ats again and it redirected once again. i logged out, disconnected and ran ccleaner. i then went back to the spybot program and initiated the immunisation aspect. this seems to have cleared the problem of the redirection as i have tested the log-in twice now and no redirection occurs. as with most things in life, this i feel will be a continuous work in progress. thank you all for your input and if i could sent virtual beers, there would be six-packs galore for your advice. again many thanks you have all blown some cobwebs out of my bonce!
regards fakedirt.




posted on Mar, 21 2011 @ 09:20 AM
link   
reply to post by fakedirt
 


2 words Malwarebytes & Superantispyware FREE VERSIONS

take my word if you have somethin on ur pc it will atleast find it....AVG SUCKS and gives too many false flags.........spybot is pretty good for a completely free software but again misses quite a bit and removes important files at times.......

It's awesome though so many people on here willing to help.....I love this site....

www.superantispyware.com...
www.malwarebytes.org... both fully legit scanners...no bloatware

-JagSR



posted on Mar, 21 2011 @ 09:22 AM
link   
reply to post by JagSR
 


thanks for the links jag, i will look into them
2nd
regards fakedirt


btw i love this site as well.
edit on 21-3-2011 by fakedirt because: (no reason given)



posted on Mar, 21 2011 @ 09:26 AM
link   

Originally posted by fakedirt
To ahmose
you are quite correct, ie. i think i hear giggles. i attempt to log in on
the log-in page and then i get redirected to a website that attempts a generic trojan download.
i kill the browser,run ccleaner and try again. usually third attempt and i get to log in.



Hi fakedirt..

That is the first thing you should change.
Stop using IE!

That alone will stop your PC from a lot of crap trying to get through.

Use firefox.
Chromium and seamonkey are also good..

But from your details,
it sounds like you'd be best off with firefox.

IE is nothing but trouble my friend.

I havent used any antvirus, antimalware, antispyware rubbish in a long time, ever since i switched to ubuntu,
so i cant offer much there.

Ever thought about switching to something like Ubuntu?

One of the best decisions i ever made.



posted on Mar, 21 2011 @ 10:00 AM
link   
reply to post by fakedirt
 


Hmm, let me think a bit, it's not ATS or we'd all get it..

Man this reminds me of the days of being helpdesk lol, I'll help as much as I can dude..

gotta look at it a bit tho, bbiab



posted on Mar, 21 2011 @ 12:14 PM
link   
reply to post by Ahmose
 

hello ahmose
i am seriously considering using firefox. at the moment i am looking into issues regarding compatability with my anti-virus platform and also my e-mail system. do you know of a q and a site that addresses any potential problems? i know i should trawl for it myself however i would appreciate any advice you could offer.
regards fakedirt.



posted on Mar, 21 2011 @ 12:19 PM
link   
reply to post by badw0lf
 


hello badwolf.
the spybot link you gave me did the trick. i ran my system several times including log ins to make sure things were as peachy as they could be. i appreciate the assistance you have given. as i have stated to another poster, i am seriously thinking of changing my browser. i am just a tad reluctant at the moment until i can clue up on potential issues regarding compatability. many thanks for your help.
regards fakedirt



posted on Mar, 21 2011 @ 01:32 PM
link   
Hello, sorry to resurrect this thread I am having a similar problem with ATS front page. It only seems to happen on ATS. A pop up appears and claims to be running a scan of my computer. Can this be resolved using the same resources?

If so which link on the Spybot website Badwolf suggested should I download?

I am using Google Chrome today instead of IE, but I remember this happening before and eventually it affected chrome too.





new topics

top topics



 
5
<<   2 >>

log in

join