While searching yesterday I had a screen pop-up. It was headed "August Opinion Survey>>>AT&T U-verse California." The associated URL was: http://2015survey 'dot' com-visitor3t3o 'dot' link/ (I hope the 'dot' edits in the URL will prevent it from opening.) AT&T had installed a U-verse gateway recently to establish FTTN service for me with Sonic, so I cautiously poked my way down through it. Here is the list of service premiums they offered. Anti-Aging System Keranique Hair Regrowth for Women Permium #-Cig Vape Kit Pure Garcinia Cambogia Weight Loss Kit Neuro Elite - Brain Supplement Getting Sleepy - All Natural Sleep Aid Pearl-e-Whites - Teeth Whitening System High Potency Wrinkle Reduction Cream I left no personal information other than the numeric URL of my router which they harvested. I don't doubt that they wanted me to "claim my prize." I was so offended by the list of premiums that I sent a note to Sonic support and was told that I was infected with "Data Room 2015 Survey " virus or browser add-on. I ran Malwarebytes and found nothing. I checked all my browser add-ons and found nothing. I searched and tried to connect "Data Room 2015 Survey " and the 2015survey.com URL above and found nothing. I thought I'd document my experience here and ask if I should continue to search for a virus or take any other steps. thanks baumgrenze
I was brought back to this post while doing maintenance today. I've not experienced a second instance of the unwanted survey. Could there be a version that runs once as one is web-surfing? Here is what I found in my browser search history (User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 Build identifier: 20150827182544) FWIW I learned that I could copy a line from the history file, paste it into Word where it appeared as the 'text description' of a hypertext link. That let me select the link and 'edit' the hypertext which let me copy the entire URL in the edit box, cancel the edit, and paste it. I found this url just before the 'survey' popped up: "http://wdboot.hol.es/cari/6_AWG_Copper_Stranded_Wire.html" just before that was: "http://connect5364.com/ctrd/click/newjump1.do?affiliate=66305&subid=nosubid&terms=hol.es 6 THHN Building Wire The Home Depot Wdboot.hol.es Blog&ai=IBMq6lU2f2ecgtGWdaKx8LwYy1y78Rqwu2xnOzPWnFCC4s7ihFjHs3Sa8xZfh-vkI7JzGFzuKsSSUMM" It all traces back to this Google search: https://www.google.com/search?num=50&q=+thhn+6/1+stranded+"cerrowire.com"+"copper"+"19+strand"&oq=+thhn+6/1+stranded+"cerrowire.com"+"copper"+"19+strand"&gs_l=serp.3...51089.51089.0.51348.1.1.0.0.0.0.118.118.0j1.1.0. Google search for [thhn 6/1 stranded "cerrowire.com" "copper" "19 strand"] 7 results (0.25 seconds) ~ Removed Posted Search Results. Already Included in Above Google link ~ Does this mean anything to malware experts? I did scroll down through 'add/remove programs' carefully and also searched the terms in the blog link. The list is mercifully short. I found nothing I thought was 'odd.' There was " Everything 1.3.4.686 " and "7-Zip 9.22beta" which have no publisher but make sense to me. I concluded that it might be a "useful utility" if MS allowed on to select all the information in the 'add/remove programs' display and paste it into a document/spreadsheet for searching, etc. Copy and paste would allow quick searches. Is there a way to do this? Thanks again, baumgrenze