Another fp on SOL and a Prevx crash..

Discussion in 'Prevx Releases' started by iNsuRRecTioN, Jan 31, 2011.

Thread Status:
Not open for further replies.
  1. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi Joe,

    I just got another fp on SOL during entering a website url..! :eek:

    This in Opera.. :blink:

    See screenshot.

    And then after I clicked on the "Ignore" button the Prevx app crashed, see screenshot, too.

    regards,

    iNsuRRecTiON
     

    Attached Files:

  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Could you supply more details as to OS 32bit or 64bit with what versions of Prevx and Browsers that make it crash? And if the url is a FP and not a malicious site can you post the link?

    TIA,

    TH
     
    Last edited: Jan 31, 2011
  3. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi there,

    sorry I forgot these.. :blink: :ouch:

    Windows 7 x64 german (as you should have noted it on the screenshot.. :p (x64 not, I know..)), Opera latest 11.01, Prevx latest..

    I cannot post the fp, because I don't have them and I think Prevx don't log it.., doesn't it? (Joe hint..) :shifty:

    As I already wrote, I entered an URL into the address bar and then the warning came up, but the warning URL was a different one..! o_O
    (I think it has to do with how Opera is querying/scanning URLs in background..)
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Unfortunately we don't log the URLs when blocking them. If you do happen to find the original URL again, could you please PM it to me so that I can investigate closer? I can't read it from the screenshot :doubt:
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Also note that Opera 11.01 is not supported by SafeOnline at this time! Only Versions 10.xx are so that could be the cause!

    TH
     
    Last edited: Jan 31, 2011
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I can read it from the screenshot - will PM the URL.
     
  7. mHazweiO

    mHazweiO Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    21
    Location:
    Bavaria, Germany
    Hi,

    I have the exact same issue with the same configuration (Win x64 Home Premium, German and Opera), but I doubt that it is related to the OS language.

    The issue persists since at least Opera version 10.63 and I accustomed myself to it so I didn't report it here.

    It always occurs after visiting a website using "207.net" / "107.net"-code for tracking user activities i.e. www.f-secure.com. So it's identical to the issue iNsuRRecTioN has. I assume that the site with the embedded user tracking code that iNsuRRecTioN visited before was from Unitymedia (german cable network provider). The link in my messages after visiting the F-Secure homepage looks like this: hxxp://fsecure.122.2O7.net/.....

    The odd thing is, that in my case the message is not displayed during visiting the F-secure homepage but after closing and restarting the browser without clearing the browsing cache.
    If I try to enter a web address in the address bar after restart I only manage it to type "www" and this is enough for PrevX to show the message that I try to visit a malicious site. So the PrevX message is triggered by searching the browser cache or the browser history. Clicking "Block" or "ignore" doesn't make any difference. Browsing in the open session isn't possible anymore so I have to clean the browser cache and restart the browser.
    So far I haven't encountered a crash of either Opera or another application while the message is shown.

    Hm, that's interesting. PrevX prevents from posting this reply, so I had to change the http in the example above in hxxp to prevent PrevX from intervening.
     
    Last edited: Feb 2, 2011
  8. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Haha, good/nice one :D

    I hope Joe has new good information on this topic.

    And hopefully Prevx4 will log these blogs for fp reasons.. ;-)

    Btw. Joe, you really can't read the URL on my screenshot if you click on the screenshot and see it in full size?

    Then probably you have to increase the font size on your SOL warnings, because the screenshot is 1:1 resolution.. :ninja:
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,765
    Location:
    Outer space
    I had things like this with Opera before too. It seems that when entering the URL, Opera already loads the pages it thinks you might be typing. So, if during a session you got a warning about a malicious site and close the browser and start it again to browse other sites, it might pop-up again because Opera is loading it again.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've read the URL now (thank you TonyW :)) and forwarded it onto our research team. This URL was blacklisted because it resulted in an exploit on a few users' PCs so the reversal process will take some time as we have to be certain that it is completely clean.

    Thanks! :)
     
  11. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi,

    yes, I hope Prevx4 behaves better with SOL in this way..

    regards,

    iNsuRRecTiON
     
Thread Status:
Not open for further replies.