Attack from Web Page?

Andrew B. · #1 April 11th, 2006, 11:36 PM

I need some opinions about this. I was surfing (using Opera 8.54). When I surfed into one page my Anti-virus software (Dr. Web) sounded the alarm. I tried pressing either the "move" or "cure" buttons but the alarm kept coming back. Then I remembered I had seen this kind of thing before, so I closed Opera. The alarms stopped. But within a minute WinPatrol PLUS alerted me that hgqhp.exe was trying to insert itself into a startup spot, and was it okay. I said "no," of course. Then some seconds later. WinPatrol PLUS warned me that UnSpyPC was trying to get into a startup spot. So I had it stop that too. Then I used Code Stuff Starter and WinPatrol PLUS to visually look at startup programs. Everything looked okay. But I also noticed that UnSpyPC had managed to install itself on my PC. Not as an autostart, but as a program with an icon on my desktop that pointed at an exe on my hard disk. So I zipped the executables to make sure I did not accidentally click this and start it.

Has anyone here seen anything like this before? What I mean is, have you ever seen a program getting installed like this, plain as day.

In your opinion, should Opera or Dr. Web been able to stop this. Or for that matter, Zone Alarm, which I have running too.

Any other checks I should besides the visual check I did with Starter and Win Patrol.

StevieO · #2 April 12th, 2006, 12:00 AM

Hi,

Strange how just by visiting that page UnSpyPC got, NOT only DL'd, but installed too ? Even though you were alerted to startups etc, i would double check to see what did get in ! ZA or a browser won't stop something you allow by clicking on it, or downloading etc.

Are you sure that you didn't click on anything ?

What site was it ?

I posted this yesterday about UnSpyPC and it's cousin.

http://www.wilderssecurity.com/showthread.php?t=127319

StevieO

Andrew B. · #3 April 14th, 2006, 12:14 AM

Hi StevieO. Thanks for responding.

I try very hard not to click on the wrong things on web sites. If a window pops up, I close it by clicking on the x in the corner. But considering that hgqhp.exe was part of what hit me, I don't think the person who put this site together was playing by normal interface rules.

As for which site it was, I don't know. I followed a link and lots of windows spawned. So I don't know if it was even the link I followed. And in my half panic, I did not have my wits about me to save the link.

Jaws · #4 April 14th, 2006, 09:55 AM

Hi Andrew,

Nowadays you have to be careful about clicking “Cancel” or “X” on popup windows. There are deceptive practices at work here too.

See here, 2/3 of the way down.
http://www.microsoft.com/windowsxp/u..._spyware2.mspx

Quote:

Help Stop Web Sites from Creating Deceptive Windows

Another source of spyware are deceptive windows that look like dialog boxes. For example, a Web site might open a window that contains a prompt and a Cancel button. When you click the Cancel button, the Web site installs spyware on your computer. Still others create pop-up windows with the title bar and Close button hidden from view and then trick you in to clicking a Close button on the window. Likewise, clicking this button installs spyware on your computer.

HTH

StevieO · #5 April 14th, 2006, 02:29 PM

Hi,

Further to Jaws nice link -

I think that the info contained in these links could be very helpful to you and others.

See the post by CalamityJane, Two things: etc - Use ALT-F4 to close pop-up windows - http://www.dslreports.com/forum/rema...=9999~start=80

And in this thread thread by mysec - This window is even more malicious - http://www.dslreports.com/forum/remark,15894306

StevieO

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search