Odd behavior on a previously trusted website.

Discussion in 'malware problems & news' started by Carbonyl, Apr 29, 2011.

Thread Status:
Not open for further replies.
  1. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Hi everyone. I'm sorry if this question doesn't belong in this forum. I'm just unsure where else I would place it, and I'm hoping for some expert opinions.

    In the way of background: I'm using Opera 11.10, with javascript and plugins turned globally off and only activated on a whitelist bases through site preferences. I'm running NOD32, latest version. I keep my browser contained in Sandboxie, registered version, 3.54. The Sandbox I'm using has dropped rights, excludes internet access for all but Opera, and denies any program to run besides Opera. I'm running Windows 7 x64, Professional, SP1.

    Lately I've been having very strange, yet semi-reproducable, issues with my computer. In specific, whenever I try to visit the website for VLC (I usually Google VLC, then hit the top link. I don't want to link directly in this thread), my computer completely locks up for about 10-20 seconds. There's no keyboard, no mouse movement, and no response from anything. After this time, the computer will snap back, and all will be well. The issue thereafter cannot be reproduced until the computer restarts.

    This morning the issue seemed to get worse, as Opera seemed to crash to desktop when the 10 second freeze occurred. Then, after the 'snap back', Opera was running again on the VLC page. I found this strange, because with Sandboxie in place, Opera shouldn't have been able to crash, then restart. I also got no crash dialog about it.

    Now, this could very well be a hardware issue - But I'm beginning to suspect there may be something nasty on the VLC page. I'm not an expert, so I was hoping someone might be able to take a look and see if anything might be there? I've tried scanning my machine with MBAM, Hitman Pro, and NOD, and all come back clean. I also didn't see any stray processes start or run in Process Explorer or SandBoxie... But I suppose I could've been rooted in this process.

    I have tried asking over on the Opera forums, but have had little luck. Any help in this matter would be greatly appreciated. Thanks!
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    If you mean -videolan.org- then I have absolutely no problem with that in Iron, FF or IE9. :p
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256

    Yes, though with a -/vlc- appended onto it. I appreciate that other aren't seeing the issue. I can get by just fine with Opera 11.10 on my OS X machine, too. I'm just curious what about that webpage could bring an entire computer to a screeching halt - Particularly with Javascript and Plugins disabled. I find it somewhat suspicious, but don't have the technical knowledge to analyze the page source.

    The fact that the Event Viewer in Windows 7 is useless doesn't help. I wish I had a log file to figure out what was going on!
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Everything OK accessing with Chromium.

    Could NOD32 web scanner be the cause? Have you tried disabling the web scanner?

    Also, check with Process Explorer if any process is using too much CPU, when you access the URL.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Carbonyl

    Hi, i'm using FF with NoScript etc, i get no lockups but do see this

    v1.gif

    So i wonder if it "might" be something to do with that ?
     
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I use ESS (with web-scanner ON) and I can access both the HTTP and HTTPS site just fine. Using both Safari 5.0.5 and IE 8. But I do get the Invalid Cert Warning just as CloneRanger.
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,968
    Location:
    U.S.A.
    Carbonyl, videolan.org is clean: -http://www.urlvoid.com/scan/videolan.org- Just FYI.

    CloneRanger, you are accessing the HTTPS URL and my FF 4.0.1 did show the same as you, however, the Perspectives add-on kicked in and allowed the site. Firefox threw up a Security Warning but Perspectives shows a consistent certificate.

    2011-04-29_114934.gif

    2011-04-29_114905.gif

    2011-04-29_115020.gif

    If Carbonyl is navigating to the site via Google's link, it is an HTTP URL.
     
  8. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Thanks for the reassurance, everyone. I appreciate the information.

    In the way of an update, I spent the weekend tracking down the issue. The only recent change I had made to my system was the addition of a SaiTek flightstick. For some reason, the profiler software and support software for that flightstick must've been the issue. When I killed the processes and disabled them from autostarting, the hardlocking was no longer an issue.

    Why this happened only with the VLC webpage remains a mystery to me o_O But I still appreciate all the investigative work! Thanks again.
     
Loading...
Thread Status:
Not open for further replies.