[TC] Gaming Forums

Here's something interesting.

Today whilst I was browsing the internet, my web page was hijacked. It changed page on it's own (not opened a new tab) to what on first appearance looked like the Adobe Flash Update website.

Without even clicking the download button, this window pops up, prompting me to save the file.

On closer inspection, you can see that in the navigation bar, the URL is not that of the Adobe Website, it's an IP address which means it could pretty much be any computer in the world. Perhaps more interestingly where I'm being sent the file from is also an IP, fom a different address.

Now, look even closer, "Your System: Windows , Chrome" not only is that extremely unspecific, but I am using Firefox, and don't have Chrome installed.

I don't believe for one second that this site is legitimate. But I wonder how my page got hijacked like this? does that mean there could be something malicious already on my machine? I have avast generally permanently on and there doesn't -appear- to be any suspiscious looking programs in the task manager..

Has anyone also had this? and if it is a virus on the PC side and not an infected website, do they know how to get rid of? Cheers

i didnt know you were into childish crying tommer ;P

but seriously, i have not had this problem before but i did have a problem on chrome where some words on pretty much every website i went on linked me to one of those stupid ads, you know the ones that say things like "do you want to loose weight?" etc.
I managed to solve it by re installing the browser

Look's like you possibly have a virus/you're part of someones botnet. I've seen people being able to execute webpages through a web console to the infected PC. The .exe its trying to download is most likely a keylogger. Download Malware bytes, disconnect from the internet run a deep scan and leave your pc to it.

Tell us the results.

Quote:Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.

Obviously some suspicious, https://www.virustotal.com/en/ip-address...formation/

Got the laptop running a full scan w/ Malware Bytes atm. Guess that's one machine out of commission for today. Two more to fall back upon, one being ubuntu so \o/

I saw for a split second prior to my browser page being hijacked an application execute itself then dissapear on the task bar. I wonder if it's possible through system logs to find out what that was that was executed and see if it's related.

Did my scan. It found a few suspiscious looking things, but I'm not sure really if they're related. Got rid of them anyway, had the system restarted. Guess i'll let ya know if the problem comes back in some form or another.

Did you had a typo in the addressbar by any chance? Check browser history?

Think at one point I visited a goggle.com or .net .. can't remember at this point, don't keep browser history for longer than 12h either.

(2014-03-06 23:53)Tommer Wrote: [ -> ]Think at one point I visited a goggle.com or .net .. can't remember at this point, don't keep browser history for longer than 12h either.

Doubt it would of been one of them PUP's. Hmmm.. Lets see if it comes back again. If it does record what you did to make it happen. Also try giving it a scan in safemode just to be sure.

I am using Avast free program virus you can go scan from upstart and it will take 2hours maybe to clean all out and it will delete all virus i do that sometimes

Hijacked router/modem maybe? There are dozen of news these days about captured routers that will redirect web requests to any site the attacker wants by changing dns entries. I'd recommend you check the manufacturers site if there are any news to your hardware.