Effect of Spoofing from 85.255.115.221 on Firefox 2?

Discussion in 'malware problems & news' started by Alabaster, Jan 4, 2008.

Thread Status:
Not open for further replies.
  1. Alabaster

    Alabaster Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    2
    I was spoofed from a Google-Search to 85.255.115.221 (instead of produkte24.com) and FF started popping up a Window which wanted to "search for malware". I immediately finished my Firefox session but of course I wasn't able to reproduce the attack (as described in https://www.wilderssecurity.com/showthread.php?t=136452&highlight=85.255.115.221 and https://www.wilderssecurity.com/showthread.php?t=175666&highlight=85.255.115.221)
    How can I find out, if my computer picked up malicious software?
    I have Avast running which didn't notice anything but that means nothing of course.
    All threads mentioning 85.255.115.221 speak only of IE being attacked, but the popup (my FF is configured to prevent popups!) seems to indicate that they might have come up with something for FF2-users.
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Last edited by a moderator: Jan 4, 2008
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    Hello alabaster,

    The very best thing you could would be to post a log at one of the forums listed in this Announcement and have an expert go over your log.
     
  4. Alabaster

    Alabaster Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    2
    Thanks for your help, I ran hijackthis but the logs were clean
    (no suspicous software, nameserver in the tcp-ip settings was not redirected, no malicous hosts entries).
    So I assume, that google actually presents redirected pages.
    I excluded ukrainia from my router, so I hope, this was the last thing I heard from 85.255.112.0/20.
     
  5. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    What if you downloaded something that, as part of its abilities, was hiding itself where you have been looking and removing its presence from any (HJT, etc) logs?
     
Loading...
Thread Status:
Not open for further replies.