PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Malware (https://www.pprune.org/computer-internet-issues-troubleshooting/314816-malware.html)

Tosh McCaber 22nd Feb 2008 09:01
Malware
 
My Ad-Aware runs tell me that I have the undernoted malware results in my Fire fox Bookmarks.

Family: Malware
Category: Browser: Firefox Bookmark URL: http://www.thebugs.ws/search.shtml?w...rom%20v7.0.8.2


Family: Malware
Category: Browser: Firefox Bookmark URL: http://www.symantic.com

I remove them, but, the next day the same two have appeared. Now, "thebugs" has connotations of spyware- but Symantic, I thought is a reputable company who wouldn't be involved in carrying out spying or spreading malware??

Besides which, at a glance on my list of bookmarks, I can't find either (I haven't pressed "Remove" on Ad-Aware yet.)

Is there a way to find them? And what would be the cause of them returning?

Thanks for reading,

Tosh

Tarq57 22nd Feb 2008 10:10
The first one implies an attempt to connect to a warez (cracked software) site, in this case probably to get a free version of Nero.
Ring any bells at all? Anyone using the computer likely to try this?
The second has got to be some kind of FP, on the face of it. But the fact they are not actually in your bookmarks implies something a little more sinister, perhaps an attempted browser hijack.
Any other symptoms?
Personally, I wouldn't touch AdAware anymore, support for SE has been discontinued, and the 2007 version I found exceedingly buggy and had plenty of false detections during its brief life on my machine.
Try scanning with something a bit more effective, like Superantispyware. (free and paid versions available.)

Saab Dastard 22nd Feb 2008 10:58
Symantic is indeed a suspicious name - the genuine name is Symantec.

You probably have some malware / virus that needs cleaning out. Check your startup folder (yours and All Users) and the registry for "Run" or "Run Once" entries.

Lots of info available on cleaning up your system - Hijack This is a good start.

SD

airborne_artist 22nd Feb 2008 12:55
Except that if you click on URL: http://www.symantic.com it forwards to http://www.symantec.com/index.jsp :E

Tosh McCaber 22nd Feb 2008 18:05
I already have Nero, for some time now, and I've never heard of the thebugs website! I'll see what tonight's scan produces.

Thanks for the replies so far- I'll give SuperAntiSpyware a go as well.

Saab Dastard 22nd Feb 2008 18:55
airborne_artist, I wasn't brave enough to click on the link, so I'll take your word for it! :)

SD

Bushfiva 23rd Feb 2008 00:22
"I'm bookmarking warez sites looking for Nero cracks. What could possibly go wrong?"

thebugs.ws is one of the sites added as a bookmark by the favadd-d trojan, which can be a drive-by install. But that's on IE only, I think. Ad aware probably flags it since it may indicate a favadd-d infection.

Since this bookmark includes the search terms, it was probably a deliberate bookmark and as such, it's safe.

Symantec owns symantic.com, so that's safe, too.

Tosh McCaber 23rd Feb 2008 07:26
I'm on Firefox(only)

Tarq57 23rd Feb 2008 09:22
Tosh, try opening IE, see if the "malware" found by AdAware appears in the bookmarks.
Anyone else likely to have used the 'pooter and used IE? Don't know if it's otherwise possible to have bookmarks created in it "out of nowhere", so to speak. Probably is, somehow.


All times are GMT. The time now is 12:32.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.