Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this url safe?


  • Please log in to reply
19 replies to this topic

#1 Erando

Erando

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 January 2015 - 07:32 PM

I was visiting a subtitle website (opensubtitles.org) and a strange popup with just .gif file 1px - 1 px.

I am using Firefox (latest version) and Windows 8.1.

http://sender.hstpnetwork.com/transporter/241.php?id=2535&ref=aHR0cDovL3d3dy5vcGVuc3VidGl0bGVzLm9yZy9lbi9zZWFyY2g=&ruri=&r=78662257&sz=947&res=1920x947&tok=5702410011542075&ts=9.473

I don't know why Kaspersky Anti-Banner, (part of KIS 2015) didn't block it...

 

Anyway what is important, is this url safe?

 

Please let me know.

 

Thank you


Edited by Erando, 10 January 2015 - 07:38 PM.


BC AdBot (Login to Remove)

 


#2 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:07:15 AM

Posted 10 January 2015 - 07:42 PM

hello I opened the url in my browser and it went to www.bet365.com, looks like a gambling site ,bingo .cards ect ect ,seems safe if you want to gamble .


My answers are my opinion only,usually


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:15 AM

Posted 10 January 2015 - 07:46 PM

If you suspected that an url is malicious, you can upload it to VirusTotal. It has an option to scan urls in addition to files.

#4 buddy215

buddy215

  • BC Advisor
  • 13,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:15 AM

Posted 10 January 2015 - 07:50 PM

If you are using Firefox....you should install NoScript....then you won't need to worry about driveby installs of malware. Most likely you

would not even see that popup. Adblock Plus will block legit servers from placing ads that they contain malware.

 

The URL resolves to Bet 365 Group Limited, is a United Kingdom based gambling company.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 mainer21

mainer21

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:02:15 AM

Posted 10 January 2015 - 07:54 PM

Opensubtitles checks out as rouge. According to Zulu url scanner.

http://zulu.zscaler.com/submission/show/0c0339978f011d84dbb495997dce44b4-1420937366



#6 Erando

Erando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 January 2015 - 07:58 PM

So it seems just a redirect url script for counting ads impression and referring. At least it was not a malware.

 

Thank you caperjac for your time. :)

 

---

 

Alexstraza,  how to scan when a new url is created on every user? So of if it changes a new id of every session?

 

fox example on my first visit i got:     url.com/phpsciprtmalcious.php?id=2388&session=4

 

And the second time I visit the same url, it doesnt work, so when i copy paste on Virustotal will scan another page, default or 404 not found?

 

How to scan this kind of url that change continually? Thanks

 

-----

 

Buddy215, thank you I will try them. I hope they don't interfre with the normal functions of sites. Thanks.

 

-----

 

mainer21, what do you mean by "check out as rouge" ? Thanks.


Edited by Erando, 10 January 2015 - 08:14 PM.


#7 Miguel_92

Miguel_92

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:15 AM

Posted 10 January 2015 - 08:03 PM

I think mainer21 means it's a rogue which basically means it's a bad site.



#8 buddy215

buddy215

  • BC Advisor
  • 13,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:15 AM

Posted 10 January 2015 - 08:15 PM

Adblock Plus is a no-brainer. NoScript will take a bit learning how to best use. But oh so well worth the time.

 

It is likely that ad was placed by some adware on your computer. You can use the programs below to find and remove adware and malware.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE MBAM LOG FOR REVIEW.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Erando

Erando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 January 2015 - 08:48 PM

Logs for Malware Bytes Premium Trial:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11.1.2015
Scan Time: 02:29:13
Logfile: mal2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.19
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: mysuername

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327558
Time Elapsed: 3 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I download CCleaner and deleted the temporary files and registry errors.

 

 

I also Installed AdwCleaner and scanned here you have my log file:

# AdwCleaner v4.107 - Report created 11/01/2015 at 02:46:22
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : myuser- user-PC
# Running from : C:\Users\myusername\Downloads\adwcleaner_4.107.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\myusername\AppData\Roaming\Mozilla\Firefox\Profiles\i9sed22v.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [863 octets] - [11/01/2015 02:44:36]
AdwCleaner[R1].txt - [784 octets] - [11/01/2015 02:46:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [843 octets] ##########


Should I remove this file "C:\Users\mysusername\AppData\Roaming\Mozilla\Firefox\Profiles\i9sed22v.default\user.js" ???

 

Is this an adware/malware/trojan?


Edited by Erando, 11 January 2015 - 09:45 AM.


#10 buddy215

buddy215

  • BC Advisor
  • 13,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:15 AM

Posted 10 January 2015 - 08:56 PM

A user.js file is an alternative method of modifying preferences, recommended for advanced users only. Unless you need a user.js file for a specific purpose you should use about:config instead. The user.js file does not exist by default.

 

Yes....unless you are responsible for it being there.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Erando

Erando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 January 2015 - 09:06 PM

A user.js file is an alternative method of modifying preferences, recommended for advanced users only. Unless you need a user.js file for a specific purpose you should use about:config instead. The user.js file does not exist by default.

 

Yes....unless you are responsible for it being there.

 

 

Everytime I install Firefox I change some settings like:

uncheck: "remember password for sites",

change the default homepage,

and some small changes.

but all this done throught the menu "Tools - Options".

Also there are installed the "Kaspersky Extensions."

Do all this changes create a new user.js file? Or maybe Kaspersky while enabling the Anti-Banner option which is not by default modifies the user.js file?

 

I logged in to my email some minutes ago using Firefox do you thing I should change my password?

 

What other step can I do right now?

 

Thank you in advance.


Edited by Erando, 10 January 2015 - 09:09 PM.


#12 Erando

Erando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 January 2015 - 09:14 PM

I found this on kasperksy forum:

So, here is what KIS does: after installation it creates user.js file in your Firefox profile and writes a couple of preferences there that activate Kaspersky plugins. As the result, even if you disable the plugins in FF settings, they will be enabled after restart.

All you need to do is to delete user.js in your FF profile folder (or rename it to _user.js)! It doesn't contain any data except for KIS settings (unless you created this file yourself and wrote something to it) , you can open it with Notepad and see for yourself.

Source: Kaspersky  Post #12


Edited by Erando, 10 January 2015 - 09:14 PM.


#13 buddy215

buddy215

  • BC Advisor
  • 13,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:15 AM

Posted 10 January 2015 - 09:21 PM

NoScript and Adblock Plus are much better protection than Kaspersky's plugin. Up to you if you want to keep the Kaspersky or not.

Yeah, .js preferences will override changes using the Firefox registry/ about:config.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 Erando

Erando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 10 January 2015 - 09:25 PM

So do you think the file was created by Kaspersky, and I am not infected?



#15 buddy215

buddy215

  • BC Advisor
  • 13,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:15 AM

Posted 10 January 2015 - 09:36 PM

Yes, from your research...it is Kaspersky. You can forgo the Eset Scan if you like. If you do run it, it will take 

more than an hour...sometimes several based on computer resources, your using the comp during scanning and volume of data/ files.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users