Norton just stopped this while on SF

I was on SF, but not logged in, with no other sites open. I had switched the PC on but was making a few phone calls. When I had done on the phone, I switched the monitor on and there it was. The following will mean more to Ghozer than it does to me. Just thought I should let you know. If you require any other details let me know, thanks.

Category: Intrusion Prevention

Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description

17/12/2014 09:50:23,High,An intrusion attempt by localhost was blocked.,Blocked,No Action Required,System Infected: Adware Installer Activity 7,No Action Required,No Action Required,"localhost (127.0.0.1, 1034)","d2e24t2jgcnor2.webhostoid.com/secure/check?user_id=f956c27e-5137-4c3e-a169-91d8bb2fc9e9&uc=20141123&subid=20141123&source=browsersafeguard-rockettab-spigot-ytd&version=1.0.5439.1880&implementation_id=browsersafeguard-rockettab-spigot-ytd&block_host=False&reg=False&redirectms=True&ResponseCode=200&ContentType=text/html; charset=ISO-8859-1&Process=iexplore&Displaysite=http://www.sheffieldforum.co.uk/","localhost (127.0.0.1, 1205)",127.0.0.1 (127.0.0.1),"TCP, Port 1034"

Network traffic from <b>d2e24t2jgcnor2.webhostoid.com/secure/check?user_id=f956c27e-5137-4c3e-a169-91d8bb2fc9e9&uc=20141123&subid=20141123&source=browsersafeguard-rockettab-spigot-ytd&version=1.0.5439.1880&implementation_id=browsersafeguard-rockettab-spigot-ytd&block_host=False&reg=False&redirectms=True&ResponseCode=200&ContentType=text/html; charset=ISO-8859-1&Process=iexplore&Displaysite=http://www.sheffieldforum.co.uk/</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SEARCH EXTENSIONS\CLIENT.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

The bit which concerns me is:

\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\SEARCH EXTENSIONS\CLIENT.EXE

Have you got some browser toolbars installed?

Excuse my lack of knowledge with these things, I will try to answer your question(s)

I have a browser with the usual sort of toolbar, but I don`t think that is what you are asking me?

It's the usual Sheffield Forum problem of viruses being distributed via the adverts. Browser redirects and automatic downloading of files; your virus scanner has caught one of the files that was just downloaded and it's possibly already been installed before being caught.

You can see the usual suspect of 'browsersafeguard' in the log.

Run antimalwarebytes and that will remove it.

I have that antimalwarebytes. I`ll run it now and check.

Looks like something is on your machine that decided to trigger upon visiting the forum....

alchresearch had it right with that file in program files....

There's a web search bar installed that is conflicting with something on the forums...

Not SF's fault...

Looking at that first post again:

rsafeguard-rockettab-spigot-ytd

It looks like you might have Spigot toolbar installed, as well as Rockettab toolbar and the YTD toolbar.

Get rid of them all, they're horrible.

Remove via control panel - uninstall programs. If that doesn't work then use Malwarebytes.

Mod Note

Just spotted this.

I've reported this issue as no one else had done this and flagged it for Admin attention.

By all means create a thread like this but please use the report button to alert us to the problem, we can't deal with the problem if no one tells us.

Hi esme,

I was kind of kicking it around trying to decide where best to send it. I figured that if I sent it direct to admin there would be no feedback/advice from the guys that have posted above in an attempt to help, (and I thought that the admin would see it also).

As you infer though, it`s like that situation "everybody thinks somebody will do it but nobody did it" situation. Thanks for picking it up and passing on to admin. You are the somebody that did the something.

I`ll remember to do BOTH next time. Thanks for advising on that.

EDIT:

Guys, can you believe Malwarebytes had corrupted files in it, and prevented me from uninstalling it. Norton-live chat sorted me out. Also that Rockettab application (as suggested here) was causing problems so they got rid of that too. 1 & half hrs in that chat session. I need a cup of tea. Thanks anyway.

Some malware detects applications like malwarebytes and actively prevents you downloading or running them.

If you check the malwarebytes site there is a list of methods you can use to get round such blocking tactics

I think that is the kind of thing that happened at some point in time since I originally downloaded Malwarebytes.

It had been working fine for the last couple of years or so. Their site advised that there was an update available (newer version). When I DL`d the update it could not be installed because the files in the existing version of malwarebytes had got corrupted at some point previously.

I could not delete the corrupted files manually , and I no longer had use of the free uninstaller program after all this time. The Norton rep had to go in to the registry etc and it took a while to clear the corrupted malwarebytes files-it’s all gone now, so I no longer have it.

I know people knock Norton, but the live chat and help is invaluable to someone like me. Ghozer & co would no doubt do it themselves, but I don`t have the know how.

I felt malwarebytes was a good thing to have, but if it attracts the malware attacks, maybe not so good:huh:

antimalware doesnt attract attacks, it is targetted in malware you get just like anti viruses because they are used to stop the malware.

its the best antimalware software out there i reckon and ive never encountered your problem with it breaking