Being hijacked. One site, one programme

Discussion in 'malware problems & news' started by OldNick, Feb 18, 2008.

Thread Status:
Not open for further replies.
  1. OldNick

    OldNick Registered Member

    Joined:
    Feb 18, 2008
    Posts:
    12
    I am using Mozilla FF2 to browse.

    I use Australia's Bigpond for my ISP, wireless.

    Windows XP.

    I sued to use Zone Alarm (security suite) but had some issues with it. So now I have Comodo FW, and AVG virus and AVG spyware.

    Everything has been fine until today.

    The suddenly Mozilla started behaving strangely on one site, which just happened to be BigPond's. I was posting a help request. This involves only entering my name and email, luckily no logons etc.

    When I tried to send the request, I received an error
    "Internal Server Error:
    Server id: 13->5
    The server encountered an internal error or misconfiguration and was unable to complete your request.
    Please contact the site's support team and inform them of the time of the error and what operation
    you were performing when the error occurred.

    Thank you for your patience."

    The Mozilla Title Bar showed "RightNowTech Webserver:- Mozilla FireFox.

    The Mozilla address bar showed the Bigpond address, plus many many addons as I got further down the line. There was no reference to RightNowTech.

    I assumed the "site's support team"would be Bigpond. They said that they had direct access from their own server (makes sense...they are huge, they are Oz's Telco). They said that they had no connection with RightNowTech. Please run spyware detection.

    Now I had AVG's Virus and spyware both "watching" my system all this time.

    But I ran a spyware check anyway AVG's found nothing. So I ran Ad-Aware. It found 171 trackers without even finishing. Halfway through it, AVG's _Virus_ checker popped up and ID'd AskFinish.exe and Askchoice (I think).exe as trojans. I quarantined them.

    The problem seemed to go away.

    Then it came back....

    I am now running Spyware Guard, and Spyware Blaster. But I feel that the trojan is presenting as a virus.

    I am a bit confused as to why AVG's AV picked up these as a scan, but did not stop them live.

    I also need to get rid of this problem. It puzzles me that it seems only affect one site (Bigpond) and takes me to what looks like a genuine place.

    What gets me is that RightNowTech _seem_ to be a legit site. However, when I tried to contact them, I failed. I got recorded messages asking for my name and phone number.

    Maybe they are just an impressive website that phishes.

    If this is garbled it's because I am confused. Sorry.

    Any help appreciated.

    Nick
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,291
    Location:
    England
  3. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    HTH
    See here for some info:
    http://forums.whirlpool.net.au/forum-replies-archive.cfm/724168.html
    another
    www.daniweb.com/forums/thread28696.html ( have to register)

    Seems there is a legit connection btwn BigPuddle and Rightnow for some services
    As per that thread in whirlpool: it's still some form of passive spyware :mad:
    Although I bet there is small print somewhere... :mad: :mad:

    ?some BHO is corrupted?
    Could still be malicious hijack

    I had some weird issue with the 'puddle home site today as well in FF
    Problem logging in; there are scripting issues there.
    Heh: have blasted them before about lack of support for proper standards and rendering in FF.
    ( never mind the NAB !!)

    Try with IE and see how you go.
    http://ieview.mozdev.org/
    http://ietab.mozdev.org/
    Are you running NOScript?

    lol stapp: fast::thumb:
     
    Last edited: Feb 18, 2008
  4. OldNick

    OldNick Registered Member

    Joined:
    Feb 18, 2008
    Posts:
    12
    mmmmm....the plot sickens.

    I have quite a bit of trouble with the BP site the last few days. They told me they were updating their FAQ and that meant several things (including contact us) were unavailable, and I was brought up stopped in a couple of other places. Now this.

    Thanks for the link. BP deny any connection, but that's rubbish obviously.

    HOWEVER.....I do not have the same trouble in IE6! So something appears to be affecting FF that is not (yet?) into IE6. ....but only on that one site....?

    I am going to google to see if I can find a method getting rid of this little worm.

    Nick
     
  5. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    LOL
    I've had issues with BigPond home page with FF since forever..
    I am constantly amazed by how many Oz 'service' sites from big companies seem to have -cough- optimized their sites for IE
    I have complained to Telstra and the NAB on many occasions for little result :'(
    IIRC: many on line booking agencies in Oz do not work well with FF :(

    I will be interested in what you find.
    Regards
     

    Attached Files:

  6. OldNick

    OldNick Registered Member

    Joined:
    Feb 18, 2008
    Posts:
    12
    There seem to be people here who are familiar with MFF <G>

    I will ask on the Mozilla forums as well, but I am a bit concerned given this new strange behaviour. My firewall is now continually asking me to let FF contact the screen directly....a known Phishing ploy. I do not remember being asked this before.

    Nick
     
Loading...
Thread Status:
Not open for further replies.