Attack from Web Page?

I need some opinions about this. I was surfing (using Opera 8.54). When I surfed into one page my Anti-virus software (Dr. Web) sounded the alarm. I tried pressing either the "move" or "cure" buttons but the alarm kept coming back. Then I remembered I had seen this kind of thing before, so I closed Opera. The alarms stopped. But within a minute WinPatrol PLUS alerted me that hgqhp.exe was trying to insert itself into a startup spot, and was it okay. I said "no," of course. Then some seconds later. WinPatrol PLUS warned me that UnSpyPC was trying to get into a startup spot. So I had it stop that too. Then I used Code Stuff Starter and WinPatrol PLUS to visually look at startup programs. Everything looked okay. But I also noticed that UnSpyPC had managed to install itself on my PC. Not as an autostart, but as a program with an icon on my desktop that pointed at an exe on my hard disk. So I zipped the executables to make sure I did not accidentally click this and start it.

Has anyone here seen anything like this before? What I mean is, have you ever seen a program getting installed like this, plain as day.

In your opinion, should Opera or Dr. Web been able to stop this. Or for that matter, Zone Alarm, which I have running too.

Any other checks I should besides the visual check I did with Starter and Win Patrol.

 

Hi,

Strange how just by visiting that page UnSpyPC got, NOT only DL'd, but installed too ? Even though you were alerted to startups etc, i would double check to see what did get in ! ZA or a browser won't stop something you allow by clicking on it, or downloading etc.

Are you sure that you didn't click on anything ?

What site was it ?

I posted this yesterday about UnSpyPC and it's cousin.

https://www.wilderssecurity.com/showthread.php?t=127319


StevieO

 

Hi StevieO. Thanks for responding.

I try very hard not to click on the wrong things on web sites. If a window pops up, I close it by clicking on the x in the corner. But considering that hgqhp.exe was part of what hit me, I don't think the person who put this site together was playing by normal interface rules.

As for which site it was, I don't know. I followed a link and lots of windows spawned. So I don't know if it was even the link I followed. And in my half panic, I did not have my wits about me to save the link.

 

Hi Andrew,

Nowadays you have to be careful about clicking “Cancel” or “X” on popup windows. There are deceptive practices at work here too.

See here, 2/3 of the way down.
http://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spyware2.mspx

HTH

 

Hi,

Further to Jaws nice link -

I think that the info contained in these links could be very helpful to you and others.

See the post by CalamityJane, Two things: etc - Use ALT-F4 to close pop-up windows - http://www.dslreports.com/forum/remark,15886142~days=9999~start=80

And in this thread thread by mysec - This window is even more malicious - http://www.dslreports.com/forum/remark,15894306


StevieO