Browser Hijack Undetected? Online-pro-antivirus-scanner.com
Hello,
I started having problems yesterday, I thought it was just a random thing that wouldn't happen again, but I ran into the problem again today...
I have the BitDefender antivirus 2009 on my laptop, using Windows Vista.
When I browse a certain website (so far it only happened on that particular website), all of a sudden I get redirected to a specific webpage (http://online-pro-antivirus-scanner.com) with an url long like my arm...
It shos a webpage that looks like an online scanner currently scanning my computer (I know it is fake, but it is made to look very real), then it says my computer is under attack from a (please pardon the xpression) shitload of viruses, and having a trojan being installed on y computer.
Then a small popup window appears, saying that my computer is heavily infected and yada yada yada, asks me to get their removal tool or whatever to clean my computer.
There's 2 buttons, OK and Cancel. I usually just use the little "x" in the upper right corner, I don't want to click on those...
Then it reloads the page and starts the fake scanning again, and same popup window. I end up having to close the browser tab, or my browser, to get rid of it.
So far I noticed it only redirects me like that when I use the "reply" function on the forums of the site, and then again, not all the time.
I am worried I have a browser hijacker or something that got installed on my computer somehow, but since I didn't install anything new recently and scan anything I download with BD, I don't know how it got there.
(On a side note, it started happening not that long after a problem with a supposed "exploit.swf.gen" had started poping on the same site, but turned out to be a false alert... When the detection of that exploit stopped with BD, this started... I don't know if it is just a coincidence or if it is related... Here is a link to the previous problem: http://forum.bitdefender.com/index.php?showtopic=14597 )
Whenever I get redirected to that fake page, I open BD to manually start a scan, or a deep scan. So far, it didn't find anything.
What could be causing this and how do I get rid of it?
Comments
-
Hello Evilkitty ,
For start , please follow the instructions from the next BitDefender article : http://kb.bitdefender.com/KB490 , run Avis and Gmer and upload the resulting reports here : http://www.sendspace.com/ , then post the download links .
You are redirected to a rogue antivirus website . Each day new versions of this type of malware appear and that is why is hard for any antivirus program to detect and remove this type of malicious software. After you post the download links , my colleagues from the Virus Analysis team will analyze the generated reports and we will contact you back with a proper resolution .
Thank you .0 -
Hello Evilkitty ,
Each day new versions of this type of malware appear and that is why is hard for any antivirus program to detect and remove this type of malicious software.
Thank you .
You said that but i didn't and this is totaly not true.
Some strong antivirus detects this and alot of New Unknown virus with their generic engine before the malware has been released, it's only Bitdefender that is behing some few strong antivirus.
So don't say that it's hard for "any" antivirus program to detect this type of malicious software because you are wrong.0 -
Thank you!
Here is the information requested:
1. Describe the behavior of the computer that led you to belive the system is infected;
. See first post
2. Provide a screenshot displaying the malware or the effects of the malware (if applicable);
. Here are the three screenshots:
. First, I get directed to a blank page: http://www.sendspace.com/file/ujhur6
. Second, I get directed to a page that seems to fake a scanning of my computer: http://www.sendspace.com/file/9pquzm
. Third, I get another popup telling me I have a gazillion viruses on my computer: http://www.sendspace.com/file/p0iicb
3. Update your BitDefender, run a Deep System scan and send us the scan log attached to the email;
. BitDefender deep scan log: http://www.sendspace.com/file/s212gu
4. A AVIS log (as described below):
. AVIS log: http://www.sendspace.com/file/4m9co8
5. A GMER log (as described below):
. GMER log: http://www.sendspace.com/file/6sbk31
I believe it was all the information needed.
Thanks again.0 -
Hello Evilkitty ,
We have sent the files to our Virus Lab for analysis purposes and we will contact you with more information once this process has been successfully completed.
Thank you .0