anti-virus browser warning popup

I was googing in Images for maps and I clicked on a picture and it redirected to a site something like node.antivirus.cs.cm (not sure if that is correct) but it was something like that, I didn’t get no threat warning however it wouldn’t be the first time i’ve got a virus without a threat, althought Fake anti-viruses come through Java if i’m correct? (which didn’t pop up)

I’m scanning with Malwarebyte’s just to be sure but i’m just wondering if anyone has anything similar to this?

Edit: Just found the map on Google again which redirected me, but I won’t be clicking on it again just incase it happens again althought I have a screenshot of the link of the map it says it’s hosted on, maybe someone might know a safe way of going on it (not that i’m sure you would want to)

http://i.imgur.com/gJ1c4.jpg

This might be something of nothing but best to be safe.

The map in your image that is expanded, is that the one ?

Whilst the url for the google redirect to the image is massive and unintelligible, that in itself doesn’t look malicious.

I’m able to access the page and checked the source code and see no script or iframe tags (generally used to redirect), so for me no issues. So it may well have been something else.

Post the MBAM log when complete.

Edit: looks like that isn’t the one, but for each google search I do I get different results and order.

Yeah it was the image that was expanded, I can’t remember if it was when I clicked on it and loaded the background site or when I clicked ‘enlarge image’

MBAM has finished scanning, nothing was found. I might have got lucky?

Wish I had taken a screenshot of the last scanned page now, so I could remember what the exact url was

Looks like you did get lucky, these fake AVs generally require a degree of complicity. The pop-up a fake alert saying you are infected and immediately many lose all sense of reason and common sense and start clicking buttons, etc.

Since you are using firefox, if you don’t have the NoScript add-on already then you most certainly should as it has a high degree of safety against these driveby downloads, etc. as by default they stop all scripts until you allow them to run for specific pages.

Another add-on to consider is RequestPolicy, which blocks cross site scripting, though this can be a little more intrusive than noscript.

Ah, I never really knew anything about NoScript, I mean i’ve heard about it but didn’t actually know what it did. It’s something i’ll certainly download install for firefox.

Just a good thing I got lucky, cos at the moment I don’t see any reason to think i’m infected because I’m sure I would have seen something by now, which I haven’t.

Check out this post as it could be very relevant to what you experienced:

Thanks for that, it was very useful, looking forward to this new addon for firefox which shows malicious images in red. Definitely one i’m going to keep my eye out for.

Thanks for your help ;D

You’re welcome.

Just to add a little something here… :wink:
NoScript also blocks CSS…!!

I’m aware of that, but I guess that it isn’t so good at it; I have had nothing but trouble from the NoScript XSS function in the past, so much so that I have disabled it. Not to mention it is too complex

It messed with banking on-line shopping, etc. as to be more trouble than it was worth.

On the contrary RequestPolicy is simple in its actions, much like NoScript is in blocking all scripts unless you specifically allow them. So with RP you can selectively allow certain sites, rather than have the NoScript XSS function allow all and act on all XSS requests.

  1. Well, the complexity is exactly what I like… :wink:
  2. It did…?

Well complex isn’t what your average user wants (nor what NoScript is considered to be), generally I’m happy with having to create rules (firewall, etc.) but this was crazy.

Until I disabled it the sanitise function played merry hell with my banking and on-line shopping. I have no idea what it is like now, but I’m not going down that road anytine soon I feel that RP is what NoScript used to be relatively simple to use.

When XSS, ABE and External Filters were introduced, it started to get away from its core values of simplicity. With no in-line help function how is your average user meant to have a clue how to control these extra options.

  1. & 2. We are no average users, are we…!?? :wink:

No we aren’t but the advice isn’t for us.