1

Hello,

I just googled “Black Ocean” looking for some images of dark water and received this threat message:

URL: http://37.9.53.124/1.js
Infection: URL:Mal
Process: Chrome.exe

Really strange as this only happens with this search? (https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=black%20ocean)

Starting to get really paranoid here :o
The treat was blocked, but I’m going to do a full system scan and probably a malware bytes scan too…

Can anyone explain this?

Cheers.

2

https://sitecheck.sucuri.net/results/37.9.53.124

It is the only file on that IP.
Very likely malware.

In a side note, this may interest you:
http://news.sciencemag.org/2003/04/black-water-mystery-solved

3

Cheers for the reply Eddy

So nothing to worry about on my side then?

Also, interesting article :slight_smile:

4

I don’t see any reason to be worried.
avast just blocked that site.
But a scan never hurts :wink:

5

Well I disagree as this could be malvertising ad-injecting, that IP is blacklisted and flagged for “Welcome ! Site googleleadservices dot cn just created. Real content coming”.
I would advise you have your system checked as described here: https://forum.avast.com/index.php?topic=53253.0

Wait for a qualified removal expert to give you the clean bill or remove that persistent adware.

polonus

6

Hey Polonus,
Thanks for the reply.

I never accessed the IP or site directly. I was only on Google’s search page.
Avast went into insta-blocking whatever it was right away, so could something really have gotten through? :-\

Also, malvertising ad-injecting? I’m using an ad blocking extension so could this possibly prevent any insidious Ads from coming through?

7

100% safety doesn’t excist.
See it as human diseases.
First there is the disease and only after it has been discovered a cure can be developed. :wink:

8

anyone wanna break that link so one one clicks on it?