Attack from Web Page?

Discussion in 'malware problems & news' started by Andrew B., Apr 11, 2006.

Thread Status:
Not open for further replies.
  1. Andrew B.

    Andrew B. Registered Member

    Joined:
    Jul 17, 2003
    Posts:
    34
    I need some opinions about this. I was surfing (using Opera 8.54). When I surfed into one page my Anti-virus software (Dr. Web) sounded the alarm. I tried pressing either the "move" or "cure" buttons but the alarm kept coming back. Then I remembered I had seen this kind of thing before, so I closed Opera. The alarms stopped. But within a minute WinPatrol PLUS alerted me that hgqhp.exe was trying to insert itself into a startup spot, and was it okay. I said "no," of course. Then some seconds later. WinPatrol PLUS warned me that UnSpyPC was trying to get into a startup spot. So I had it stop that too. Then I used Code Stuff Starter and WinPatrol PLUS to visually look at startup programs. Everything looked okay. But I also noticed that UnSpyPC had managed to install itself on my PC. Not as an autostart, but as a program with an icon on my desktop that pointed at an exe on my hard disk. So I zipped the executables to make sure I did not accidentally click this and start it.

    Has anyone here seen anything like this before? What I mean is, have you ever seen a program getting installed like this, plain as day.

    In your opinion, should Opera or Dr. Web been able to stop this. Or for that matter, Zone Alarm, which I have running too.

    Any other checks I should besides the visual check I did with Starter and Win Patrol.
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi,

    Strange how just by visiting that page UnSpyPC got, NOT only DL'd, but installed too ? Even though you were alerted to startups etc, i would double check to see what did get in ! ZA or a browser won't stop something you allow by clicking on it, or downloading etc.

    Are you sure that you didn't click on anything ?

    What site was it ?

    I posted this yesterday about UnSpyPC and it's cousin.

    https://www.wilderssecurity.com/showthread.php?t=127319


    StevieO
     
  3. Andrew B.

    Andrew B. Registered Member

    Joined:
    Jul 17, 2003
    Posts:
    34
    Hi StevieO. Thanks for responding.

    I try very hard not to click on the wrong things on web sites. If a window pops up, I close it by clicking on the x in the corner. But considering that hgqhp.exe was part of what hit me, I don't think the person who put this site together was playing by normal interface rules.

    As for which site it was, I don't know. I followed a link and lots of windows spawned. So I don't know if it was even the link I followed. And in my half panic, I did not have my wits about me to save the link.
     
  4. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Hi Andrew,

    Nowadays you have to be careful about clicking “Cancel” or “X” on popup windows. There are deceptive practices at work here too.

    See here, 2/3 of the way down.
    http://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spyware2.mspx

    HTH
     
  5. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
Loading...
Thread Status:
Not open for further replies.