Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection from expired link?


  • Please log in to reply
5 replies to this topic

#1 freefall321

freefall321

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 27 December 2014 - 03:10 PM

Hi,
 
A few days ago I was browsing a website and I clicked on a link that linked to a website that has long expired and I was redirected to a page from Norton saying that my laptop was infected and that I would need to call a number to fix it. The link in question is "hxxp://kpopfever.com/2012/06/uhm-tae-woongs-secret-picture-of-kim-seung-woo-joo-won-fast-asleep/". This particular blog no longer exists and the number the redirected page wanted me to call was 1 866 330 6665. A google search indicates that this number belongs to a company called Geek Care which apparently specializes in tech support. I don't know how legit this company is, but that's not what I'm worried about as I did not call the number. I am, however, worried that something got into my computer when I visited the expired link. I unfortunately do not have a screencap of the page, but I was hoping that I could still receive some help.
 
I'm running Windows XP and I've already run a scan in Avast and Malwarebytes and they didn't really find anything, just some unwanted programs that were removed.

Edited by Orange Blossom, 27 December 2014 - 03:16 PM.
Deactivated link just in case. ~ OB


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:03 PM

Posted 27 December 2014 - 03:28 PM

First, Do not post potentially dangerous live links on an open forum.

 

Second, I have looked for Geek Care, and if it exists it is very well hidden

 

NOTE : Over 90% of infections are picked up by clicking on Random links that are in unknown areas.
 

they didn't really find anything, just some unwanted programs that were removed.

 

Rescan with Malwarebytes and your Antivirus, then run a Temp File Cleaner to be sure there is nothing left

 

Please download Temp File Cleaner by Old Timer
Usage Instructions:

1.Download TFC from the download link above and save the file on your desktop.
2.Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
3.Double-click on the TFC icon.
4.When the program opens, click on the Start button. 

5. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
6.When done, press Exit, and reboot your computer to finish the cleanup..............
Note: After removing temp files, the computer may show to be slow than usual, but it will improve once the cache is rebuild.

 

Post back if you suspect there is any problems still there.

 

Thank You -



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:03 PM

Posted 04 January 2015 - 01:44 AM

Hello freefall321.

 

You have not replied to the topic in over 5 days, do you still need help or advice ??

 

Thank You -



#4 edwardspbe

edwardspbe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 January 2015 - 05:27 PM

This is just a nucence page...  has a forever looping piece of javascript that tricks you into thinking you are infected.  I did some digging and the phone number (1 866 330 6665) is actually a Microsoft call center in India.  Someone is probably answering a lot of questions at someone else's expense.

 

BTW/ there are a bunch of these pages littered throughout the web.  The tablet I was asked to look at was going to http : / / internet - cookies . net / error - warning. html.  It's harmless to.  The cute thing is the writer even named the forever function lol().   Guess they were the only one's laughing. 



#5 freefall321

freefall321
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 14 January 2015 - 12:07 AM

Hi noknojon,

 

So sorry I did not reply back sooner. I did another scan with Malwarebytes and Avast and ran the cleaner as you instructed and they all did not find anything suspicious. I am also very sorry for posting the link to my post, I did not know that I should not post potentially dangerous links to an active forum.

 

edwardspbe: Are you saying that I should have nothing to worry about as this page was only created for the purpose of deceiving people?

 

Before I continue to use my laptop regularly again, I was wondering if there is a good free program out there that I can scan my computer with to ensure that all threats have been terminated.

 

Thank you so much.


Edited by freefall321, 14 January 2015 - 12:07 AM.


#6 edwardspbe

edwardspbe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 14 January 2015 - 09:31 AM

>> edwardspbe: Are you saying that I should have nothing to worry about as this page was only created for the purpose of deceiving people?

 

Yes, that is what I was saying.  It's hard to know what their motive is/was, but there is no harm done to your system.  There are some browser versions that will let you interrupt Javascript that continually loops.  Chrome (for example) will prompt you on the second attempt to stop with the checkbox/question "prevent this page from displaying additional dialogs".  If you click the checkbox, the javascript (that is tricking you) will stop.  Then you can "view page source" to view the actual page content.  This is where you can view the Javascript code that is being executed.  This is where you will find the following code;

function lol() {
    while(1) alert("Critical Security Warning!\n\nYour PC is infected with a malicious virus due to recent. Internet activity\n\nPlease Contact Tech support at 1-866-330-6665 Immediately to scan and resolve any potential risk to your personal and financial information.\n");	
};

At least that is the text found in the (previously indicated) page.  I'm sure your's was very similar.

 

Favourite scanners;  


Edited by edwardspbe, 14 January 2015 - 09:38 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users