Results 1 to 4 of 4

Thread: Did ZAIS 8 remove browsing protection? Getting Hijack attemps since upgrade.

  1. #1
    razmear Guest

    Default Did ZAIS 8 remove browsing protection? Getting Hijack attemps since upgrade.

    I never had this issue with ZAIS 7.x but now I've had it twice in a week.
    We just adopted a new dog, so I've been googling assorted pet info and when hitting a result link I'll get one of those fake antivirus scanning sites that I have to ALT-F4 rapidly to close the windows and kill off firefox to escape.
    These results are turning up in the top 5 results in Google searches, so they need to do some cleanup too.
    If you want to see the one I just hit, you can search: free spay vouchers greenville sc
    and hit the link for "CLICK HERE! MORE INFORMATION!spay usa billboard" which was the 4th in the results.

    DO NOT CLICK ON ANY OF THESE LINKS BELOW! THESE ARE EXAMPLES OF THE SITES THAT ARE GETTING THRU ZAIS 8 AND MAY HARM YOUR COMPUTER. Sorry for the caps, but really don't hit these unless you are in a test environment and are using the data to improve this product.

    The google result brings you to:
    http://www.google.com/url?sa=U&start...GhdT2KSEgVK-DA
    Which then redirects you to (pulled from history):
    http://online-antivirus.net/xv/?ie=u...ient=firefox-a
    Which launches go.php here:
    http://212.95.51.45/tds/go.php?sid=1...ient=firefox-a

    I have used the Firewall / Zones feature to block these domains, and the last batch from a few days ago also, but you would think that ZoneAlarm would be preventing this from happening at all.
    This makes me wonder if all the ads I keep getting for their Internet Shield add on means that they have removed some protection that was in ZAIS 7 so they could sell it as a separate product.
    IMHO Internet Security means I should be secure from these hijack and redirector attempts.

    Also, after the first incident I did a full av/spyware scan, ZA came up clean. I then ran the free version of AdAware and it located and removed a Browser Hijack Attempt.

    My subscription for ZA runs out in a couple of weeks and I'm considering going back to Trend because of this issue alone.

    eb

    XP SP2
    ZA 8.xx.59

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,284

    Default Re: Did ZAIS 8 remove browsing protection? Getting Hijack attemps since upgrade.

    Hi!
    this is a variant of Antivirus 2009, they get this fake antivirus updated to avoid virus detection.
    NO antivirus solution can protect 100% from all malware out there, btw also Trend does not detect it so far

    Adware is just removing an harmless left over.

    Send the file in a password protected zip to newvirus at kaspersky dot com. Subject: malware. Include password in the e-mail.
    This way it will be added to the virus database.

    You can use MBAM to remove it, in case you are infected.
    http://www.malwarebytes.org/mbam.php

    Finally never trust any antivirus warning your from the web that your are infected.
    You have already an antivirus.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    razmear Guest

    Default Re: Did ZAIS 8 remove browsing protection? Getting Hijack attemps since upgrade.

    I did not install the 'recommended' product from these sites, as I've seen them before on other people's unprotected PCs (and I'm not a complete *****).
    However these sites were able to lock my browser by repeatedly opening popups and when they are closed they pop up faster then you can make it to the close window button. In order to exit the windows and the browser I had to rapidly hit ALT-F4 which of course closed down my browser with all open tabs and is a PITA cuz I had other stuff in the other tabs that I lost track of.
    The sites I blocked last time were:
    ad-antivir-check.com
    antivir-for-check.com
    I was redirected to these sites from a link to a Georgia Shih Tzu rescue page that turned up in a Google search.
    It looks like these are hijacked WordPress blogs that are doing the redirects.
    I just ran the ZA Antispyware scan and it came back clean. I'm running AdAware right now and will post what it found when it's search completes. It's showing 1 infection but I can't see what it was til it finishes up.

    eb

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Did ZAIS 8 remove browsing protection? Getting Hijack attemps since upgrade.

    See http://www.robtex.com/dns/*.antivir-for-check.com.html

    more details on the urls and the IPs involved.
    I would suggest to block these specific IPs in the Firewall of the ZA.

    Usually in the past spyware/malware installed through activeX and vbs.
    Then progressed into java and javascripts. Then the MIME.

    But more often the iframes are getting used sneaking malicious payloads into the browser. Iframes can be disabled in the browser, or blocked in customized .css files or blocked with the AdBlock for the Firefox.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •