Firefox 3.5.2 redirecting to malicious website - using google DNS on Slackware64 13.
Hey guys,
Sorry to have my first post be a 'help wanted' rather than an 'help offered'. I'm a newbie to Slackware64 13 (been on ubuntu for a couple of years) and I recently followed alien Bob's + slackbook instructions to set up my network (ethernet). I have Windows 7 on dual boot that doesn't see this problem. I'm using DHCP and Google DNSs (8.8.8.8 and 8.8.4.4 both entered into /etc/resolv.conf) through ethernet (eth0). Now I don't know which website I clicked (mostly been looking at Slack related help forums etc) but on two different occasions I was redirected to some page, which popped up 'Your windows computer has virus, scan now.' Pop makes you click okay and then a simulated windows folder with a scan bar shows up. There were three URLs that were in the history. I'm sorry I did not record all of them, but one of them (the final one I think) is here: DO NOT CLICK ON THIS LINK BELOW, IT IS MALICIOUS. Quote:
Questions: 1. I have mounted the windows drives that are accessible through Home > Filesystem > Windows Drive. Is this going to be affected. 2. Can there be any malware stored somewhere in the Linux directories? I was running as root because I was configuring my wifi card at the time. 3. What can I do to get rid of this problem? I looked at clamav but it looks remedial action rather than preventative. I downloaded my Slackware Iso from the http mirror : slackware.cs.utah.edu. I did NOT check the md5hash though. Kindly help or direct me towards existing solutions to this as I searched around and I'm slowly getting frustrated that this is happening in slackware! Thanks a lot. EDIT: The nameserver seems to have been overwritten by the router to the default gateway after the last reboot, haven't clicked on many links since then, but this redirect hasn't happened yet this time. Here's the whois on that domain name, registered yesterday: http://whois.domaintools.com/firesavez7.com Quote:
I'm guessing this has to do with the websites I visited and nothing to do with my computer. |
This has nothing to do with your computer. It's just another invasive, annoying, and WRONG form of advertisement.
|
The reason why I'm alarmed is that I haven't seen such a website show up in a long time, both on Windows 7 or Ubuntu. In fact despite shifting to Chrome from Firefox I stopped using Ad Block altogether and still didn't have any such sites pop up.
Right now I'm worried about it having infected my windows partition or laying dormant in some Linux directory somewhere. |
Moved: This thread is more suitable in <Linux-Security> and has been moved accordingly to help your thread/question get the exposure it deserves.
|
Thanks for moving the thread.
It just happened again when I clicked on this link. http://www.basicconfig.com/install_a...lackware_linux. And now that I click on it the second time or more, the page seems to load up just fine. I don't think this is something to do with the websites anymore. My browser seems to have been hijacked somehow. Can some one please help me fix this? |
Quote:
|
I tried the link in Epiphany and Chromium and was redirected to the rogue/fake AV ad. Then I tried it in Firefox and the link worked fine.
|
There is nothing wrong with your browser and your computer is not infected with any of the virus or malware mentioned. Just like brucehinrichs said -It's just another invasive, annoying, and WRONG form of advertisement.
I've contacted the webmaster of basicconfig.com and mentioned about the problem. The webmaster confirmed that the website was infected by the eval(base64_decode) which attacked godaddy server recently and the problem was fixed. |
Clicking http://www.basicconfig.com/install_a...lackware_linux goes to a nice page about just what it says.
So whatever the problem was seems to be fixed. |
All times are GMT -5. The time now is 04:35 AM. |