Attack from Web Page?

Discussion in 'malware problems & news' started by Andrew B., Apr 11, 2006.

Thread Status:
Not open for further replies.
  1. Andrew B.

    Andrew B. Registered Member

    Joined:
    Jul 17, 2003
    Posts:
    34
    I need some opinions about this. I was surfing (using Opera 8.54). When I surfed into one page my Anti-virus software (Dr. Web) sounded the alarm. I tried pressing either the "move" or "cure" buttons but the alarm kept coming back. Then I remembered I had seen this kind of thing before, so I closed Opera. The alarms stopped. But within a minute WinPatrol PLUS alerted me that hgqhp.exe was trying to insert itself into a startup spot, and was it okay. I said "no," of course. Then some seconds later. WinPatrol PLUS warned me that UnSpyPC was trying to get into a startup spot. So I had it stop that too. Then I used Code Stuff Starter and WinPatrol PLUS to visually look at startup programs. Everything looked okay. But I also noticed that UnSpyPC had managed to install itself on my PC. Not as an autostart, but as a program with an icon on my desktop that pointed at an exe on my hard disk. So I zipped the executables to make sure I did not accidentally click this and start it.

    Has anyone here seen anything like this before? What I mean is, have you ever seen a program getting installed like this, plain as day.

    In your opinion, should Opera or Dr. Web been able to stop this. Or for that matter, Zone Alarm, which I have running too.

    Any other checks I should besides the visual check I did with Starter and Win Patrol.
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi,

    Strange how just by visiting that page UnSpyPC got, NOT only DL'd, but installed too ? Even though you were alerted to startups etc, i would double check to see what did get in ! ZA or a browser won't stop something you allow by clicking on it, or downloading etc.

    Are you sure that you didn't click on anything ?

    What site was it ?

    I posted this yesterday about UnSpyPC and it's cousin.

    https://www.wilderssecurity.com/showthread.php?t=127319


    StevieO
     
  3. Andrew B.

    Andrew B. Registered Member

    Joined:
    Jul 17, 2003
    Posts:
    34
    Hi StevieO. Thanks for responding.

    I try very hard not to click on the wrong things on web sites. If a window pops up, I close it by clicking on the x in the corner. But considering that hgqhp.exe was part of what hit me, I don't think the person who put this site together was playing by normal interface rules.

    As for which site it was, I don't know. I followed a link and lots of windows spawned. So I don't know if it was even the link I followed. And in my half panic, I did not have my wits about me to save the link.
     
  4. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Hi Andrew,

    Nowadays you have to be careful about clicking “Cancel” or “X” on popup windows. There are deceptive practices at work here too.

    See here, 2/3 of the way down.
    http://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spyware2.mspx

    HTH
     
  5. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.