Possible Spyware on site - MMA Forum - UFC Forums - UFC Results - MMA Videos
Technology Discuss your computer, operating system, hardware, software, etc. All the latest Technology including digital cameras, iPods, Blackberry, and pretty much anything else you can think of.

Reply
 
LinkBack Thread Tools Display Modes
post #1 of 12 (permalink) Old 05-06-2008, 04:43 AM Thread Starter
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,702
                     
Possible Spyware on site

Hey have any of you ever came to the homepage of this site and get popups from those spyware optimizers and are forced to close your browser so you don't get infected?

I use firefox and several times I come on here and my page just gets redirected to some page claiming to be a spyware optimizer and it can clean my system and I know it's an infection. So I always close the browser windows that are open without clicking on yes or no so I don't get infected.

The page I normally get redirected to is http://www.performanceoptimizer.com/ Therefore, I just wanted to know if anyone else experienced this issue? Also I know I don't have infections on my computer since I was a level 2 technician with both HP and Dell and now I'm a level 1 one tech for the government. So I cleaned my computer and know I don't have a browser hijacker, a virus/trojan or a worm etc on my pc.

So anyone else experience this issue when they got on the site where your page gets redirected to some "fake" spyware program claiming to clean infections off your pc?

If you have the programmers/admins might want to check the adds, since one of the adds might have an infection in it.

Last edited by MagiK11; 05-06-2008 at 04:47 AM.
MagiK11 is offline  
Sponsored Links
Advertisement
 
post #2 of 12 (permalink) Old 05-06-2008, 04:48 AM
MLS
Banned
 
MLS's Avatar
 
Join Date: Jul 2007
Location: Backseat of the PlazzVan
Posts: 6,472
Blog Entries: 2
                     
I just checked with Fire Fox and didn't have anything pop up.
MLS is offline  
post #3 of 12 (permalink) Old 05-06-2008, 04:53 AM Thread Starter
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,702
                     
It doesn't always come up. I'd say about 10 or 20% of the times I come on the homepage I get that site redirected and have to close my broswer. But it only happens on the homepage of mmaforum.com

So I'm thinking it might have something to do with my pc, or one of the adds on the homepage since the adds change. And I'm thinking one of them might be redirecting systems.

Of course if it doesn't happen to anyone else I'll just reformat my pc since I haven't done that since I got vista over a year ago.

Here are screen shots of what happens.

Get on this site only, and sometimes the page gets redirected and here are some screen shots I just took because it just happened recently.

http://img517.imageshack.us/my.php?i...8067602sv9.jpg
http://img171.imageshack.us/my.php?i...0530791ug6.jpg
http://img337.imageshack.us/my.php?i...1534184sy0.jpg
MagiK11 is offline  
post #4 of 12 (permalink) Old 05-06-2008, 06:09 AM
MLS
Banned
 
MLS's Avatar
 
Join Date: Jul 2007
Location: Backseat of the PlazzVan
Posts: 6,472
Blog Entries: 2
                     
You probably should pm T.B. about this.
MLS is offline  
post #5 of 12 (permalink) Old 05-06-2008, 06:10 AM Thread Starter
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,702
                     
Alright, thanks for the info.
MagiK11 is offline  
post #6 of 12 (permalink) Old 05-06-2008, 02:39 PM
Necks are for sheep
 
Breadfan's Avatar
 
Join Date: Jan 2008
Location: Washington State
Posts: 734
                     
I've been using firefox as well and I'm not seeing this happen either.

I suggest if you don't want to reformat to go here
http://www.techsupportforum.com/secu...this-log-help/

Post the situation there, and see what they say. they may ask you to post a Hijackthis log, which is a good idea.

One of us will look at the log and try to figure out what's happening most. Helpful bunch of folk there.
Breadfan is offline  
post #7 of 12 (permalink) Old 05-07-2008, 09:08 AM Thread Starter
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,702
                     
Quote:
Originally Posted by Breadfan View Post
I've been using firefox as well and I'm not seeing this happen either.

I suggest if you don't want to reformat to go here
http://www.techsupportforum.com/secu...this-log-help/

Post the situation there, and see what they say. they may ask you to post a Hijackthis log, which is a good idea.

One of us will look at the log and try to figure out what's happening most. Helpful bunch of folk there.
Thanks, I guess I'll do that but the funny thing is that I ran hijackthis and didn't find anything and also checked it on the hijackthis.de site as well. But maybe I'm overlooking something so I'll post my log on that link later today.

The only weird thing is that those popups only show up once I come on this site with my home notebook.

Here is my log and I'll post it on that link you gave me too.

Logfile of HijackThis v1.99.1
Scan saved at 3:15:22 AM, on 2008-05-08
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\James Coles\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/defa...=ca&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe





I can't seem to see anything wrong in that log.
MagiK11 is offline  
post #8 of 12 (permalink) Old 06-14-2008, 11:22 AM
Middleweight
 
SuzukS's Avatar
 
Join Date: Nov 2006
Location: Melbourne, Australia
Posts: 2,590
           
Quote:
Originally Posted by MagiK11 View Post
Here are screen shots of what happens.

Get on this site only, and sometimes the page gets redirected and here are some screen shots I just took because it just happened recently.

http://img517.imageshack.us/my.php?i...8067602sv9.jpg
http://img171.imageshack.us/my.php?i...0530791ug6.jpg
http://img337.imageshack.us/my.php?i...1534184sy0.jpg
Nice desktop

SuzukS is offline  
post #9 of 12 (permalink) Old 06-16-2008, 06:17 PM
Necks are for sheep
 
Breadfan's Avatar
 
Join Date: Jan 2008
Location: Washington State
Posts: 734
                     
http://www.spywareremove.com/removeMalwareAlarm.html

Try that. Otherwise just Google MalwareAlarm there's a bunch of sites telling you how to remove it. I'm not sure why it pops up only when you're here.

Keep us updated.
Breadfan is offline  
post #10 of 12 (permalink) Old 07-04-2008, 09:42 AM Thread Starter
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,702
                     
I managed to fix the issue myself, but your link helped me out a bit because I overlooked a few things. The only thing which confused me was the fact that I was only being redirected once I came on here. Anyways, it doesn't happen anymore so I'm happy.

Thanks for the tips, and yes, I like that desktop too. She kind of looks like a hotter version of Britney Spears


1. BJ "The Prodigy" Penn
2. Dan "Hollywood" Henderson
3. George "Rush" St Pierre
MagiK11 is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the MMA Forum - UFC Forums - UFC Results - MMA Videos forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome