1 edit | New Variant Of Intrusive Online Scanner It calls itself xponlinescanner.com and I was hit twice today while visiting the NY Post newspaper wesbsite.
Its some kind of malware that tricks you to install some fake antispyware program. It appears on legitimate websites.
We saw these kind of browser highjackers last year too.
One of the old security threads that discussed the problem is this one:
»YouTube - Major League Baseball Strikes out
To test how this behaves on your system go here:
xponlinescanner.com/2008/1/freescan.php?aid=77011816
(edited) |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
1 edit | What are you recommending we test????
Or does that link show how to remove?? |
|
| No DO NOT test that link. It is link to XPAntivirus - rogue antivirus. They offer you a free scan of your system - which of course tells you that your computer is not safe and then they offer you installation of their antivirus. DO NOT INSTALL IT. |
|
| reply to Gas Guzzler
... The link opens two successive script windows telling us their product is needed and safe. Then a page opens indicating a scan was performed, finding three nasties. Then a succession of more script windows open prompting to download and run their product. The download is a 65K file full of what is no doubt a bundle of joy.
The exploit here is the user. |
|
 ahulettLife Without WallsPremium,VIP
join:2003-02-02
Bellevue, WA
kudos:2 | reply to Gas Guzzler
Re: New Variant Of Intrusive Online Scanner More information on this rogue security product:
Microsoft Malware Protection Center
Program:Win32/XPAntiVirus
»www.microsoft.com/security/porta···ntiVirus
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to tomazyk
Not to worry Toma, My intention was too highlight poorly worded advice or suggestion in a security thread. Asking people to test this is bordering on ............
I was hoping a MOD would notice but I guess this week I am clearly meant to be disappointed (my Habs lost last night and are out of the playoffs :-( )
THanks for the link ahulett.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
| Yes I thought that was your intention with both questions. With my post I only wanted to warn less experienced users from doing foolish thing.  |
|
Reimer
join:2006-08-14
Toronto, ON
1 edit | reply to Gas Guzzler
Hmm, Firefox blocks it from even loading at all. |
|
| Erm...do i have the virus? I tested out your link and NOD32 did not stop it. I exited it right away and it changed the look of my browser.
AM I SAFE?! |
|
|
|
| If you didn't run the installer then you should be safe. Check in Add/Remove programs if you have XPAntivirus listed. If so follow the link in ahulett's post for instructions on removing nastie. |
|
