Register to reply

Google Search PhysicsForums Virus Attack

Share this thread:
(Q)
#1
Jun3-04, 04:27 PM
P: 144
While searching a topic on Google, I ran across a link that lead to Physicsforums so I clicked the link.

The next thing I knew, my computer was under massive attack. Viruses were being delivered as anti-virus warning windows began popping up. Spybots and Malware were being delivered - found over 60 in one pass. Programs of some sort were being installed. My browser opening page was highjacked.

So, what happened? Why did a link leading to this forum get re-directed?
Phys.Org News Partner Science news on Phys.org
Flapping baby birds give clues to origin of flight
Prions can trigger 'stuck' wine fermentations, researchers find
Socially-assistive robots help kids with autism learn by providing personalized prompts
Chen
#2
Jun3-04, 04:37 PM
Chen's Avatar
P: 1,004
Do you by any chance still have the original link from Google? I would email everything you have to chroot or Greg, just in case this is a problem with this site. I doubt it, though, and you can probably attribute what happened to spyware that was already installed on your computer.
DarkAnt
#3
Jun3-04, 05:03 PM
P: 194
that must have been scary

Pattielli
#4
Jun3-04, 05:16 PM
P: 285
Google Search PhysicsForums Virus Attack

Quote Quote by DarkAnt
that must have been scary
No, not scary at all, Web developers know well what problems they might be...
Pattielli
#5
Jun3-04, 05:19 PM
P: 285
Quote Quote by (Q)
While searching a topic on Google, I ran across a link that lead to Physicsforums so I clicked the link.

The next thing I knew, my computer was under massive attack. Viruses were being delivered as anti-virus warning windows began popping up. Spybots and Malware were being delivered - found over 60 in one pass. Programs of some sort were being installed. My browser opening page was highjacked.

So, what happened? Why did a link leading to this forum get re-directed?
Give me that link, I want to know how dangerous it really is..
dduardo
#6
Jun3-04, 06:21 PM
Emeritus
dduardo's Avatar
P: 1,919
Give me the link too. I'll believe it when I see it. The more likely senario being that you went to another, it openned a pop-under that you didn't see. Then you happened to go to click on a link to physicsforums when the pop-under initiated its attack against your computer.
(Q)
#7
Jun3-04, 06:24 PM
P: 144
I went back in my history folder and found the link below:

www.physicsforums.com/archive/t-8466
Pattielli
#8
Jun4-04, 07:12 AM
P: 285
Quote Quote by (Q)
I went back in my history folder and found the link below:

www.physicsforums.com/archive/t-8466
Why didn't I see anything similar to what you said ??? (-.-)
I guess those viruses have found out other sources, so they have gone chase them, and left this thread alone, (there is also possibility that they are afraid of Pattielli--()) uhmm, it is internet though, there will never be anything so called statability, if viruses saw something strange/ irritative, they will choose other ways to run immediately, I addmit it is hard to catch them, and much harder if they are already well-trained (well-made) ones--again internet, it is internet ! yeah -- yeah --yeah!
dduardo
#9
Jun4-04, 08:34 AM
Emeritus
dduardo's Avatar
P: 1,919
You must have gotten it for somewhere else. Even though I'm in linux have popup blocking, I would have seen a little icon telling me it blocked something.
BoulderHead
#10
Jun4-04, 10:19 AM
P: n/a
I'm with (Q) on this matter. Here's what I did;

1) Deleted all TIF files
2) Ran AdAware and removed all traces.
3) Clicked on that link provided by (Q).

Two popup windows and WMP opened.
Popup 1: Web Page Dialog for Westwood College Online.
Popup 2: Microsoft Internet Explorer for Gambling.com

So, I closed the player and killed the two popups, then hit the refresh button on my browser window;

Three popups, WMP, and an Install program dialog box appeared. Killed all instances and ran AdAware again. Seven instances were detected, all cookies. Here's the list;

@advertising[1].txt
@casalemedia[1].txt
@centrport[2].txt
@doubleclick[1].txt
@mediaplex[1].txt
@servedby.advertising[1].txt
@z1.adserver[1].txt

Also, in checking the TIF folder I found the following executables, two of which I'm fairly certain are adware related from having dealt with them in the past;

np1
np2
si1
si2
install026

In short, I have every reason to believe that link is buggy.
Pattielli
#11
Jun4-04, 10:43 AM
P: 285
I used to visit codeguru where I got much more than these things, and whenever i run adware, i see them even in my registry.
By the way, after glancing at what you posted, I would highly recommend not to accept third-party cookies, then turn on the ad-block function available in your browser if that is not explorer. But if it is, you should google and download an ads-blocker for free, I am sorry i don't remember its URL but i am sure there are a lot!
If you like or as a careful person, you should check the internet options and check "ask before accepting cookies". If there is something that you shouldn't put your trust on, just click NO and everything would be fine !

Hope that can be of help!
dduardo
#12
Jun4-04, 10:51 AM
Emeritus
dduardo's Avatar
P: 1,919
It's a shame I never have to worry about these problems. I almost feel bad for you windows users.
TALewis
#13
Jun4-04, 10:53 AM
P: 199
Windows users too can be free from web browsing pains by using a better browser such as Mozilla Firefox:

http://www.mozilla.org/products/firefox/
BoulderHead
#14
Jun4-04, 10:59 AM
P: n/a
Thanks all, but I'm not asking how to avoid such things, merely supporting what (Q) said as being accurate and alerting anyone who may be interested in looking into this matter (Greg?).


Register to reply

Related Discussions
Can you google search PF blogs? Forum Feedback & Announcements 10
Google Desktop Search... Computing & Technology 9