Journal #6846

Posted 14 years ago2010-10-24 19:55:55 UTC
I got some sort of virus or trojan this week. I don't know where I got it from, since I always visit the same 10-12 sites which were always safe. Now I was getting continuous popup windows in sites that never had them before and it was annoying the shit out of me. After googling without success (filtered?) I found a forum where someone suggested to run Spybot Search & Destroy. OK, fair enough I think, could give it a try.

But the S&D page didn't load. This couldn't be casual. So I started to think of possible reasons why that particular page wouldn't load, and figured it might have messed up my network settings somehow. It turns out it had changed the DNS server and all my requests were being proxied through some obscure IP. I can only suppose it got many of my passwords too, which I suppose I'll have to change.

I changed it back and I just finished downloading that S&D software. I hope it helps. At least I'm not getting those annoying popups anymore.

5 Comments

Commented 14 years ago2010-10-24 20:34:30 UTC Comment #62058
hmm.. i never understood proxies and dns servers...
Which browser are you using?
And spybot has never served me wrong. i would recommend it.
Commented 14 years ago2010-10-24 21:58:29 UTC Comment #62059
I had a similar bug a short time back, pop ups and stuff. And google searches would get redirected and what not, I tried forever to fix it, finding all the sources and stuff, but it just never fixed it. Ended up reformatting...
Commented 14 years ago2010-10-24 23:01:00 UTC Comment #62061
A proxy is a server your traffic goes through. You can use a proxy as a workaround to restrictive corporate servers. Or, like in this case, monitor unsuspecting internet users to spam their computers in some way. I don't know much more than that, though.

DNS = Domain Name Server. It's a server that holds the IP addresses for domains, i.e translates "google.com" to its corresponding IP address. In this case, all my web requests were being directed through some ukranian server that was adding annoying popups to every page sent back to me.

I still don't know how did they manage to change all this shit, probably some sort of backdoor, security exploit or a trojan that passed under the radar.

It's apparently fixed now, Spybot S&D detected those malicious network settings (I already had, though) and fixed them. Also detected a shitload of tracking cookies, which aren't actually harmful themselves so that was the least of my concerns.

I'm using Firefox, btw.

I do wonder if this could be related to the screwed up HDD driver I posted about a few days ago.
Commented 14 years ago2010-10-25 05:46:49 UTC Comment #62060
the 10 to 12 continuous sites? lol let me c, twhl, porn, porn, porn...
Commented 14 years ago2010-10-25 14:42:02 UTC Comment #62062
Thanks, I had already forgotten what they were about.

You must log in to post a comment. You can login or register a new account.