|
Something wants to install a trojanI keep getting this:
and I'm 99.99% certain that it's something not good.
Any idea on how to get permanently rid of it?
TIA
|
|
1 recommendation |
Do you have Java installed ? Java has an auto update feature. I can't tell you where to look for current versions since I removed Java from all of my computers. You could try a Google search for and compare that list with what you have installed.
Most web sites use Java Script, but Java is not used by many. Notice the names !! |
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2014-Dec-19 9:44 am
I suppose that is not a real Java update - note the slightly "off" grammar in the message box (that whole use of "would" instead of "will") -although it's probably still within reach of what many programmers consider correct English. |
|
|
dave |
to aurgathor
What is 'masmor.info' ? |
|
|
good question.... |
|
|
to aurgathor
Do you have Java installed ? It's in Control Panel. |
|
GuruGuy Premium Member join:2002-12-16 Atlanta, GA |
to aurgathor
It's the website that you're visiting... |
|
|
to dave
|
|
|
to Ken1943
Yes, I do have Java installed, but the Java control panel looks a bit (?!) different, plus I don't need an upgrade. |
|
|
to aurgathor
What I would do, is uninstall with Revo Uninstaller. The free version is fine. Then check the registry for leftovers. Wait a few days, or reboot a few time to check if it comes back, and if you really need to have java, reinstall. I would NOT just reinstall from a web site, the web site could be suspect, but get a known list of versions and download the latest. Go here » java.com/en/download/manual.jsp and get the off line version. I can't see the messed up words others are seeing. |
|
scelli (banned)Four More Years! join:1999-08-07 FLOT/FEBA
1 recommendation |
scelli (banned) to dave
Member
2014-Dec-19 10:31 am
to dave
said by dave:I suppose that is not a real Java update - note the slightly "off" grammar in the message box (that whole use of "would" instead of "will") -although it's probably still within reach of what many programmers consider correct English. Perhaps the use of "would" instead of "will" is acceptable in this case, but the use of "lasted" certainly isn't. |
|
|
to aurgathor
OK, now I see "lasted". Just ignore that message. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to aurgathor
|
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to StuartMW
said by StuartMW:Seems to be in Germany. Or not: Tracing route to www.masmor.info [104.28.30.105]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms koyomi.aosake.net [192.168.102.1]
2 24 ms 22 ms 21 ms 173-228-7-1.dsl.static.fusionbroadband.com [173.228.7.1]
3 20 ms 21 ms 21 ms gig1-4.cr1.lsatca11.sonic.net [70.36.243.13]
4 37 ms 33 ms 31 ms ae2.cr2.lsatca11.sonic.net [50.0.79.178]
5 21 ms 21 ms 20 ms 50.ae4.gw.pao1.sonic.net [142.254.58.158]
6 21 ms 21 ms 20 ms ae2.0.gw.equinix-sj.sonic.net [50.0.2.14]
7 22 ms 21 ms 21 ms xe-0/1/0.edge01.sjc01.as13335.net [206.223.116.237]
8 21 ms 21 ms 21 ms 104.28.30.105
Trace complete.
No way a German site is only 21 ms away from San José, California. |
|
dave Premium Member join:2000-05-04 not in ohio |
dave to scelli
Premium Member
2014-Dec-19 12:04 pm
to scelli
Apparently I autocorrected that. |
|
1 edit |
to aurgathor
my advice would be to go to a forum where people get help with removing malware from their computers, like the "bleepingcomputer" forum, the "malwarebytes" forum, the "geekstogo" forum, and get help, there, with removing the malware that is on your computer.. i am assuming that something malicious is on your computer since you are constantly being prompted to install a fake update for "java".. regarding "java", if you don't need it, it is better to not have it installed.. the GUI that your firefox browser has looks unusual.. it doesn't have the usual "hamburger" menu-icon.. using the "noscript" addon, with "firefox", will make the firefox browser more secure against driveby malware-infections.. using the "adblock plus" addon, with "firefox", will block a lot of ads on webpages, which makes things better, when surfing the internet.. some of the ads could be malicious, too, so blocking them helps to make your computer more secure.. also, you could use the "winhelp2002" HOSTS file.. here is the "winhelp2002" webpage: » winhelp2002.mvps.org/hosts.htmp.s. "norton safe web" is flagging "masmor.info" as being malicious: » safeweb.norton.com/repor ··· mor.info |
|
TheMG Premium Member join:2007-09-04 Canada MikroTik RB450G Cisco DPC3008 Cisco SPA112
|
to aurgathor
That's a fake window on that website.
Note that the update window has the Aero theme while the OP is obviously running Windows XP (look at browser window's XP theme).
When do you get that popup? Only when browsing to specific websites? More info on when you get this popup would help determine where its coming from and the appropriate course of action. |
|
|
Lemme answer a few things in one.
a) while I have a couple of suspects, I'm not able to positively identify any website that may be opening these windows -- what I know that it must be doing a pop-under because I would easily notice it otherwise. Is there any way to disable automatically opening new instances? b) I need Java, and I'm not planning on uninstalling it c) I highly doubt that the copy of Java I have is compromised d) I'm still trying to figure out when I get that window -- I think I closed 4 - 5 instances, and the one I posted was the last one
in any case, I just installed noscript -- we'll see what happens after the restart |
|
|
you should go to a forum where people get help with removing malware from their computers, like i said, before.. you could scan your computer with various programs to see if anything is flagged.. here are links for some programs that you could use to scan with: malwarebytes: » www.malwarebytes.org/products/adwcleaner: » toolslib.net/downloads/v ··· cleaner/junkware removal tool: » thisisudax.org/p.s. having "noscript" installed won't prevent malware that is already installed on your computer from generating popups, trying to get you to install more malware on your computer.. |
|
19579823 (banned)An Awesome Dude join:2003-08-04 |
to aurgathor
Nope it isnt..... I just went to your link and got the same thing.....
Its good you didnt accept it!!
It tries to DL "java-setup.exe" |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned) to dave
Member
2014-Dec-19 3:12 pm
to dave
Re: Something wants to install a trojanHell just look at the website in the BG it a attempted drive by download. |
|
Nanaki |
to aurgathor
While i hate and despise with passion norton as a av i find their other stuff such as this to be pretty damn good and accurate » safeweb.norton.com/repor ··· mor.infomasmor.info Web Site Location United States of America icoWarning WARNING Site Owner? Click here Norton Rating Safeweb Share Norton Safe Web has analyzed masmor.info for safety and security problems. Below is a sample of the threats that were found. Summary Computer Threats: 6 Identity Threats: 0 Annoyance factors: 0 Total threats on this site: 6 The Norton rating is a result of Symantec's automated analysis system. Learn more. The opinions of our users are reflected separately in the community rating on the right. the source of the popup is masmore.info |
|
Nanaki |
to scelli
lasted is likely a auto corrected typo got to love auto correct heh |
|
vaxvmsferroequine fan Premium Member join:2005-03-01 Polar Park |
to aurgathor
Upgrade and Save buttons. No Cancel button. hmmm |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2014-Dec-19 3:50 pm
And you can bet both do the same thing ... infect |
|
|
I did some scanning myself -- found and hopefully removed a copy of "Search Protect" That may very well explain the pop-unders I've seen, but of course there's no way to be 100% certain. I'll probably disable noscript because it's a royal pain, plus not having it for a while might help to figure out the root cause. |
|
BKayrac Premium Member join:2001-09-29 |
to aurgathor
Man, you guys are missing the important stuff to actual understand what's happening :P
First off, does this happen 'randomly'? Like this popup just pops up occasionally? Or does it happen when you are visiting websites?
You give absolutely no information, but the easiest, and most probably correct answer is, you have a program on your computer causing the popups, what it's trying to download is a trojan. |
|
TheJoker MVM join:2001-04-26 Charlottesville, VA
2 recommendations |
to aurgathor
|
|
vaxvmsferroequine fan Premium Member join:2005-03-01 Polar Park |
to aurgathor
While cleaning up check the list of search engines/sites in your browsers and get rid of all you don't recognize |
|
chip89 Premium Member join:2012-07-05 Columbia Station, OH |
to Ken1943
Java pops up in a little message when it's ready to install. |
|