Main Area and Open Discussion > General Software Discussion

A strange Hijack?

<< < (2/2)

Renegade:
Do be careful about which "AdBlock" you use though. There are like 50 trillion of them out there with the same name, and some really suck and will grind your browser to a halt. Check for reviews about them. (And I mean 5 minutes to load a page - literally...)

fenixproductions:
a couple of years ago (XP admin account), I was opening tabs in the background, from a google search.-tomos (August 02, 2012, 11:25 AM)
--- End quote ---
Thread just in time?
I had similar issue 2 days ago on my PC: some Java applet (or Uplay I forgot to disable) started in background tab and created crappy application in my TEMP folder. Comodo reacted immediately but I was unable to do anything because intruder showed fullscreen window (white with 404 page) on top of everything. Since it was constantly putting itself on top of everything I couldn't even kill it from Task Manager. Live Security Premium fake AV was running and I thought nothing can be done. Although second screen was unchanged I couldn't even close my system so… hard reset into Admin mode.

Luckily: such crap did not start automatically. I've cleared TEMP folder completely, managed to find and disable bad stuff with Autoruns, and run couple of helpful applications (including HijackThis). After full system scan it appeared that manual play with DEL button and Autoruns was enough and only some trash in browser cache was additionally removed.

BUT now my believe in having clean system decreased… and browsing with browsers plugins disabled is not as comfortable as with them.

f0dder:
a couple of years ago (XP admin account), I was opening tabs in the background, from a google search.-tomos (August 02, 2012, 11:25 AM)
--- End quote ---
Thread just in time?
I had similar issue 2 days ago on my PC: some Java applet (or Uplay I forgot to disable) started in background tab and created crappy application in my TEMP folder. -fenixproductions (August 02, 2012, 03:17 PM)
--- End quote ---
Whoa, people still have the Java plugin in their browsers? :-O

We're forced to use Java applets in .dk because of the whole "NemID" scandal (enforced "digital signatures" that's really just a defunct Single-Sign-On mechanism that's open to a lot of abuse, including MITM) - but since that's the only use I have for Java applets, and since Java is one of the biggest security holes for several years... it's delegated to a virtual machine with a browser that's only used for official sites + webbanking, and has NoScript+AdBlockPlus+CertificatePatrol.

Giampy:
But if you visit sites of that... quality... where they use advertisements that are allowed to use those tactics? You really, really, really shouldn't be browsing without NoScript + AdBlockPlus. Heck, people who frequent that kind of warez/pr0n/stream-tv-shows sites should be doing so from a browser not just with NS+ABP, but preferably a sandboxed one, and it definitely wouldn't hurt running it from a VM.
-f0dder (August 02, 2012, 02:56 PM)
--- End quote ---

I want to clarify that website is not of that kind. It's more serious. It shows the list of Tv programs just like http://au.tv.yahoo.com/tv-guide for example.

f0dder:
But if you visit sites of that... quality... where they use advertisements that are allowed to use those tactics? You really, really, really shouldn't be browsing without NoScript + AdBlockPlus. Heck, people who frequent that kind of warez/pr0n/stream-tv-shows sites should be doing so from a browser not just with NS+ABP, but preferably a sandboxed one, and it definitely wouldn't hurt running it from a VM.
-f0dder (August 02, 2012, 02:56 PM)
--- End quote ---
I want to clarify that website is not of that kind. It's more serious. It shows the list of Tv programs just like http://au.tv.yahoo.com/tv-guide for example.
-Giampy (August 02, 2012, 04:36 PM)
--- End quote ---
Ah, fair enough.

But still, if it shows banner ads of that kind? It's definitely in the danger zone. Heck, even totally reputable sites using (as) reputable (as they come) banner services have ended up serving malware because the banner servers were hacked.

It's really not safe surfing the web without NS+ABP, and you definitely don't want the Java plugin installed in your day-to-day browser either.

Navigation

[0] Message Index

[*] Previous page