Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very suspicious pop-up message in Google search


  • Please log in to reply
9 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:12 AM

Posted 18 February 2010 - 11:02 PM

I don't know if this is the proper forum for this, I've perused--several times--all of BC's forums and decided this one seems most appropriate, so here goes.

This afternoon I received an e-mail from Secunia PSI advising me of a security update for Firefox 3.6--a Highly critical unpatched vulnerability had been discovered http://secunia.com/advisories/38608/ After checking that link and scanning my box, sure enough FF 3.6 was listed as Insecure & unpatched. I decided to search the web for any other news about this and whether Mozilla confirmed this claim, etc. I Googled: "firefox + vulnerability" and proceeded to scan the results, of which there were many reporting various "reported 0-days" for 3.6, but vulnerabilities & patches for at least 2 other versions. When I got to the result for the following link is when the "fun" started:

Posted Image

The startling & unexpected result shook me so badly and made me close the window so quickly that I failed to get a screenshot or write exactly what it said but I'm pretty sure it was this, and in bright vivid loud colors:

You've FAILED at being a FAILURE!!!

I Fart in your General Direction.


I IMMEDIATELY closed this window with Task Manager, disconnected my modem took the screenshot , booted into safe-mode, emptied everything with CCleaner, scanned with SUPERAntiSpyware, which came up clean. rebooted (still disconnected from the web) & ran full scan with MalwareBytes & a bootscan with Avast5 AFTER uninstalling Firefox.

No malware present thank goodness.

After reconnecting to the web I tried to find some way to report this suspicious result... Google pretty much said "don't bother us, contact the webserver or webmaster." I don't know who that is or how to obtain that info. I looked for any agencies to report this to.. US CERT's website said that this "didn't fit their criteria" and sent me on my merry way.

A search of this site left me scratching my head as to which forum to post this to, with not even a hint of who or where I should go to file a report.

Anybody have any ideas/suggestions? At this point I'm ready to just drop the whole thing, unless I discover some malware problem in the next day or 2.

If it matters any:

Dell 2200 Notebook
XP SP3 Home
OA FW
Wireless stand-alone

Edited by Union_Thug, 18 February 2010 - 11:05 PM.


BC AdBot (Login to Remove)

 


#2 Desion

Desion

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 18 February 2010 - 11:51 PM

I wouldnt worry about it too much. The same thing happened to me the other day because i was browsing the web and next thing i know my browser redirects me to this site saying i have viruses (fake) so i exited it out immediately and ran Antivirus Scans and results showed my pc was clean.. so i don't know what the deal is but i say just dont worry about it.

Although, if you really are worried about it, you can download and run a few scanners and post the logs for assistance from experienced users. Click here.

Edited by Desion, 19 February 2010 - 12:00 AM.

Interesting Links:
Softpedia - Online downloads encyclopedia
W3Schools - Website Programming Tutorials
PC World - Everything about technology
Wikipedia - Online Encyclopedia
Photobucket - Free Image Hosting

"I don't support network bridges, they support me."

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:12 AM

Posted 19 February 2010 - 03:56 PM

@ Desion

No offense, but are you a staff volunteer? What is your "tech-savvy" level? Mine is about a 3 on a scale of 1 to 10. I need to hear from someone with a level of 8 to 10. The symptoms you described are not what I am describing. Rogue AV detections and browser redirects, like the ones you described are signs of some kind of malware present, despite your claim of being virus free. Again I hope I am not offending you.

No I am not worried about infection, I already said as much in my OP, I have already done the scan thing not only with the three I mentioned in my post, but also HJT, DDS, RSIT & RootKit Revealer.

My question was then and still is:

Who or where or to what authority can I report this suspicious event to? Or was this just a prank, and should I just leave it at that?

Edited by Union_Thug, 20 February 2010 - 12:12 AM.


#4 Desion

Desion

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 20 February 2010 - 12:00 AM

If your offended by the "You've FAILED" message you posted earlier, then i would suggest not to use the internet at all. No Offense. As for reporting it, i don't find any reason for reporting it, it's just a stupid message - theirs nothing to it..
Interesting Links:
Softpedia - Online downloads encyclopedia
W3Schools - Website Programming Tutorials
PC World - Everything about technology
Wikipedia - Online Encyclopedia
Photobucket - Free Image Hosting

"I don't support network bridges, they support me."

#5 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:12 AM

Posted 20 February 2010 - 12:31 AM

Can you read?

I asked you two questions: Are you staff? What's your tech level?

You give me this.....pearl of wisdom: then i would suggest not to use the internet at all.


Here's another question: Can you spell?

theirs nothing to it..... If your offended...


Edited by elise025, 20 February 2010 - 02:26 AM.
Link removed


#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:06:12 AM

Posted 20 February 2010 - 12:39 AM

From BleepingComputer.com Message Board Rules

There will be no posts meant to offend or hurt any other member, in a manner which is offensive or inflammatory. This includes flaming or instigating arguments.



#7 the_patriot11

the_patriot11

    High Tech Redneck


  • BC Advisor
  • 6,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming USA
  • Local time:05:12 AM

Posted 20 February 2010 - 01:49 AM

union queens right, theres no need to be rude to anyone. However the answer to your question is it was either someones idea of a prank, or at worse, a hacker though I doubt it. I see those links all the time, and you probably could report it to the authorities, but theres not much they could do about it. if its just a link off a website thats not really illegal, if they managed to hack you (unlikely) its illegal but by the time the proper authorities were notified, the person will be long gone.

picard5.jpg

 

Primary system: Motherboard: ASUS M4A89GTD PRO/USB3, Processor: AMD Phenom II x4 945, Memory: 16 gigs of Patriot G2 DDR3 1600, Video: AMD Sapphire Nitro R9 380, Storage: 1 WD 500 gig HD, 1 Hitachi 500 gig HD, and Power supply: Coolermaster 750 watt, OS: Windows 10 64 bit. 

Media Center: Motherboard: Gigabyte mp61p-S3, Processor: AMD Athlon 64 x2 6000+, Memory: 6 gigs Patriot DDR2 800, Video: Gigabyte GeForce GT730, Storage: 500 gig Hitachi, PSU: Seasonic M1211 620W full modular, OS: Windows 10.

If I don't reply within 24 hours of your reply, feel free to send me a pm.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:12 PM

Posted 20 February 2010 - 02:38 AM

Hello Union_Thug,

As pointed out by Queen-Evie and The_Patriot09, there really is no need to be rude here. Please make sure you read also the board rules

Desion was trying to help you and if you think his help is not "qualified", you can make that clear in a civilised manner. Therefore, I removed the link in your last reply.

This is a forum, which means all members can reply to other members topics (with a few exceptions), as long as their posts are not in violation with the forum rules.

As for your issue, I agree with The_Patriot09 here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:12 AM

Posted 20 February 2010 - 03:43 AM

@ patriot & @ elise

Thank you for your replies.

I have sent along PM's to @evie & @elise apologizing for my part in acting rudely and I assure you it will not happen again, at least not from my end.

Thank you for all you do.

Edited by Union_Thug, 20 February 2010 - 03:47 AM.


#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:12 AM

Posted 22 February 2010 - 06:49 PM

To answer your original question, though, the only thing you can really do is look at the address in your address bar when you are at the site. This way you can make sure you are actually at the right site. Then look for a contact us for the site and report what you have seen. As people have said, it could have been a hacked site, or a site that is attempting to look like another one, etc.

Reporting to the site owner is really the only action you can take




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users