Janus   28 #1 Posted December 17, 2014 I was on SF, but not logged in, with no other sites open. I had switched the PC on but was making a few phone calls. When I had done on the phone, I switched the monitor on and there it was. The following will mean more to Ghozer than it does to me. Just thought I should let you know. If you require any other details let me know, thanks.  Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 17/12/2014 09:50:23,High,An intrusion attempt by localhost was blocked.,Blocked,No Action Required,System Infected: Adware Installer Activity 7,No Action Required,No Action Required,"localhost (127.0.0.1, 1034)","d2e24t2jgcnor2.webhostoid.com/secure/check?user_id=f956c27e-5137-4c3e-a169-91d8bb2fc9e9&uc=20141123&subid=20141123&source=browsersafeguard-rockettab-spigot-ytd&version=1.0.5439.1880&implementation_id=browsersafeguard-rockettab-spigot-ytd&block_host=False®=False&redirectms=True&ResponseCode=200&ContentType=text/html; charset=ISO-8859-1&Process=iexplore&Displaysite=http://www.sheffieldforum.co.uk/","localhost (127.0.0.1, 1205)",127.0.0.1 (127.0.0.1),"TCP, Port 1034" Network traffic from <b>d2e24t2jgcnor2.webhostoid.com/secure/check?user_id=f956c27e-5137-4c3e-a169-91d8bb2fc9e9&uc=20141123&subid=20141123&source=browsersafeguard-rockettab-spigot-ytd&version=1.0.5439.1880&implementation_id=browsersafeguard-rockettab-spigot-ytd&block_host=False®=False&redirectms=True&ResponseCode=200&ContentType=text/html; charset=ISO-8859-1&Process=iexplore&Displaysite=http://www.sheffieldforum.co.uk/</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SEARCH EXTENSIONS\CLIENT.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. Share this post Link to post Share on other sites Share this content via...
alchresearch   215 #2 Posted December 17, 2014 The bit which concerns me is:  \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SEARCH EXTENSIONS\CLIENT.EXE  Have you got some browser toolbars installed? Share this post Link to post Share on other sites Share this content via...
Janus   28 #3 Posted December 17, 2014 Excuse my lack of knowledge with these things, I will try to answer your question(s)  I have a browser with the usual sort of toolbar, but I don`t think that is what you are asking me? Share this post Link to post Share on other sites Share this content via...
the_bloke   17 #4 Posted December 17, 2014 It's the usual Sheffield Forum problem of viruses being distributed via the adverts. Browser redirects and automatic downloading of files; your virus scanner has caught one of the files that was just downloaded and it's possibly already been installed before being caught.  You can see the usual suspect of 'browsersafeguard' in the log.  Run antimalwarebytes and that will remove it. Share this post Link to post Share on other sites Share this content via...
Janus   28 #5 Posted December 17, 2014 I have that antimalwarebytes. I`ll run it now and check. Share this post Link to post Share on other sites Share this content via...
Ghozer   112 #6 Posted December 17, 2014 (edited) Looks like something is on your machine that decided to trigger upon visiting the forum....  alchresearch had it right with that file in program files....  There's a web search bar installed that is conflicting with something on the forums...  Not SF's fault... Edited December 17, 2014 by Ghozer Share this post Link to post Share on other sites Share this content via...
alchresearch   215 #7 Posted December 17, 2014 Looking at that first post again:  rsafeguard-rockettab-spigot-ytd  It looks like you might have Spigot toolbar installed, as well as Rockettab toolbar and the YTD toolbar.  Get rid of them all, they're horrible.  Remove via control panel - uninstall programs. If that doesn't work then use Malwarebytes. Share this post Link to post Share on other sites Share this content via...
esme   10 #8 Posted December 17, 2014 Mod Note  Just spotted this.  I've reported this issue as no one else had done this and flagged it for Admin attention.  By all means create a thread like this but please use the report button to alert us to the problem, we can't deal with the problem if no one tells us. Share this post Link to post Share on other sites Share this content via...
Janus   28 #9 Posted December 17, 2014 (edited) Hi esme,  I was kind of kicking it around trying to decide where best to send it. I figured that if I sent it direct to admin there would be no feedback/advice from the guys that have posted above in an attempt to help, (and I thought that the admin would see it also).  As you infer though, it`s like that situation "everybody thinks somebody will do it but nobody did it" situation. Thanks for picking it up and passing on to admin. You are the somebody that did the something.  I`ll remember to do BOTH next time. Thanks for advising on that.  EDIT: Guys, can you believe Malwarebytes had corrupted files in it, and prevented me from uninstalling it. Norton-live chat sorted me out. Also that Rockettab application (as suggested here) was causing problems so they got rid of that too. 1 & half hrs in that chat session. I need a cup of tea. Thanks anyway. Edited December 17, 2014 by Janus Share this post Link to post Share on other sites Share this content via...
esme   10 #10 Posted December 17, 2014 Some malware detects applications like malwarebytes and actively prevents you downloading or running them.  If you check the malwarebytes site there is a list of methods you can use to get round such blocking tactics Share this post Link to post Share on other sites Share this content via...
Janus   28 #11 Posted December 17, 2014 (edited) I think that is the kind of thing that happened at some point in time since I originally downloaded Malwarebytes.  It had been working fine for the last couple of years or so. Their site advised that there was an update available (newer version). When I DL`d the update it could not be installed because the files in the existing version of malwarebytes had got corrupted at some point previously.  I could not delete the corrupted files manually , and I no longer had use of the free uninstaller program after all this time. The Norton rep had to go in to the registry etc and it took a while to clear the corrupted malwarebytes files-it’s all gone now, so I no longer have it.  I know people knock Norton, but the live chat and help is invaluable to someone like me. Ghozer & co would no doubt do it themselves, but I don`t have the know how.  I felt malwarebytes was a good thing to have, but if it attracts the malware attacks, maybe not so good:huh: Edited December 17, 2014 by Janus Share this post Link to post Share on other sites Share this content via...
melthebell   863 #12 Posted December 17, 2014 antimalware doesnt attract attacks, it is targetted in malware you get just like anti viruses because they are used to stop the malware. its the best antimalware software out there i reckon and ive never encountered your problem with it breaking Share this post Link to post Share on other sites Share this content via...