Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Trojan clicker?
Avatar
joel2007
Member
Members
October 6, 2010 - 3:09 am
Member Since: October 4, 2010
Forum Posts: 35
sp_UserOfflineSmall Offline

Hello, my AV software caught it before it had a chance to infect my PC.
[img:11uo972z]http://img188.imageshack.us/img188/6988/trojanclicker.png[/img:11uo972z]

I do a research about [COLOR="blue"]fiji water[/COLOR] using google search. I see the website which is:
[code:11uo972z]hxxp://structuralevolution.org/blog/2008/06/05/avoid-fiji-water-unless-you-like-arsenic/[/code:11uo972z]
After I clicked on the website link. My AV software detected the Trojan.
My question is:
I did not download or click on a download link or install anything. How can the virus attack my computer?

Avatar
grr
Member
Members
October 6, 2010 - 3:49 am
Member Since: April 26, 2010
Forum Posts: 211
sp_UserOfflineSmall Offline

looks like it is a script based virus/trojan.

[quote:3otvf5zg]Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide

Avatar
Jim Hillier
Admin
October 6, 2010 - 4:26 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Hey Joel - Grr is correct. The site in question has most likely been affected by what is known as a 'drive-by' infection.

I just accessed the site myself, from Firefox within a sandbox (virtual environment) and Avast issued me with a warning that it had just blocked a malicious site.

The site is actually rated Green (safe) by leading site advisory services so it would almost definitely be some outside influence.

One of the very reasons we need strong security...and some brownie points for your AV software methinks!

Cheers....Jim

Avatar
David Hartsock
Admin
October 6, 2010 - 4:27 am
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

Grr has the right idea. Out of curiosity what browser were you using?

Avatar
joel2007
Member
Members
October 6, 2010 - 3:16 pm
Member Since: October 4, 2010
Forum Posts: 35
sp_UserOfflineSmall Offline

[quote="DavesComputerTips":28n2a3ke]Grr has the right idea. Out of curiosity what browser were you using?[/quote:28n2a3ke]
I'm using FF.
Is there a way to know the website has virus before click on the website link? I don't want to be got hit again when I do my research.

Avatar
Jim Hillier
Admin
October 6, 2010 - 5:10 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Joel,

There are plenty of online services which will check a site/link for malware for you. All you are generally required to do is just copy and paste (or type) the URL into the dialogue box and then click on a 'Scan' (or similar) button.

Dr.Web has one [url=http://online.us.drweb.com/?url=1:1j0fslv8]HERE[/url:1j0fslv8]
AVG has one [url=http://linkscanner.explabs.com/linkscanner/avg/:1j0fslv8]HERE[/url:1j0fslv8]

Another way to protect yourself would be to use something like Sandboxie, I use it all the time. Each time you run it Sandboxie sets up a temporary virtual environment. Select the option to 'Run Web browser sandboxed' and just surf as usual. When your session is over just delete the contents of the sandbox and everything is gone; history, downloads, added bookmarks, any malware, everything.....nothing gets near your system.

Of course that would mean, if you wanted to retain any info, you would need to take notes during sandboxed browsing and re-visit any worthwhile sites normally.

Your security programs and any site advisory service will still operate as per normal during the sandboxed browsing session and continue to issue warnings, except any malware will be contained (imprisoned if you like) within the sandbox.

Sandboxie is free, [url=http://www.sandboxie.com/:1j0fslv8]Sandboxie Home Page[/url:1j0fslv8]

Cheers....Jim

Avatar
joel2007
Member
Members
October 6, 2010 - 5:41 pm
Member Since: October 4, 2010
Forum Posts: 35
sp_UserOfflineSmall Offline

Dr.Web shows clean: http://online.us.drweb.com/cache/?i=651 ... f1d3233c59
AVG shows clean: http://linkscanner.explabs.com/linkscan ... e-arsenic/

Avatar
Jim Hillier
Admin
October 6, 2010 - 6:18 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Joel - Just re-visited the site in question (from the link you posted originally) and it is indeed now clean. No warning from Avast nor any warnings from any of my other security software.

This is the nature of these drive-by threats...here today, gone tomorrow!!

Cheers....Jim

Avatar
David Hartsock
Admin
October 6, 2010 - 6:38 pm
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

Websites actually live on a remote computer. As such they are susceptible to similar issues if the owner of the computer doesn't use strong passwords and keep the underlying software up to date.

There was probably an underlying software vulnerability, or the site owner did not have a strong password. This would allow a third party access to the content on the server. When this happens they usually place a script on the site which downloads items to your computer, and place the actual site in an iframe. The download happens in the background without the visitor's knowledge and the site displays at normal - Yes, they are a sneaky bunch, which is why security software and safe practices are important!

Avatar
joel2007
Member
Members
October 6, 2010 - 8:58 pm
Member Since: October 4, 2010
Forum Posts: 35
sp_UserOfflineSmall Offline

Thank you .

Avatar
grr
Member
Members
October 7, 2010 - 2:35 am
Member Since: April 26, 2010
Forum Posts: 211
sp_UserOfflineSmall Offline

what AV u have?

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 73
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 681
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3231
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1956
Posts: 13572
Newest Members:
Toastmaster, smartwindows, instaproapk, mousetesteronline, keshamatt
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 212, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!