john_collins
2011-04-21, 04:46
Hi,
I have a laptop with Windows 7 and IE8. I also run Norton 360 Premium Edition 4.0.
When I visited this website:
http://www.serradinho.com
I was redirected to the following website, which displayed a fake virus warning:
http://www1.simplegoantivir.0ze.net/fhrpvn?rwj041mma=lungnZu1uDJ59qT5dXJpKGToKSP5tLWr6qQkZaT36qjwLmT3N%2BimJ%2BYlOPcs%2BDoqZ3MmZh8yquKGT6OXP3tOe3tXK3cuY1dqnc
3VX1t2erKKbop6blaKZnKWZq4%2Fl5tjepadunpPY3M2qqZ%2BajePV2rHLp86no6fMaJpmzpPV5qaeo5yYmqOXpKqgnM3h39jnnGo5OSVodbc4%2BDJ0diO4d
XP25fb5d7clWKS4ZPE29qq1NnL4NHI1pg%3D
I also got a JavaScript popup asking me to click OK to remove the viruses, after which I opened the Task manager and killed the IE process. I didn’t get a warning from Norton about a virus or malware.
I didn’t have this problem (the redirect) in the latest version of Firefox.
Then I switched JavaScript to “Prompt” in IE and visited the http://www.serradinho.com again.
After clicking "No" to all JS load prompts the site loaded just fine without redirecting me.
After that I reloaded the site and started clicking "Yes" on the JS prompts and on the 3rd one
I saw in the IE taskbar that the browser was loading something from lshfwq.co.cc and then I was
redirected to the 0ze.net subdomain mentioned above.
The http://www.serradinho.com is the only site this redirect is happening on, as far as I can tell.
I also did the following:
- I ran SpyBot and it didn’t find anything.
- I downloaded and ran TDSSKiller.exe from Kaspersky, which didn’t find anything either.
- I did a registry search for lshfwq.co.cc, but didn’t find anything.
- I loaded the same site http://www.serradinho.com, from another laptop with Windows 7 and Norton 30 Premium Edition 4.0, but with IE 9 instead of IE 8 and I didn’t have the redirect problem.
- I did a quick scan Norton and didn’t find anything either
I’m doing a full scan with Norton now, but this will take a few hours.
Is my computer infected or is the problem with http://www.serradinho.com?
I have a laptop with Windows 7 and IE8. I also run Norton 360 Premium Edition 4.0.
When I visited this website:
http://www.serradinho.com
I was redirected to the following website, which displayed a fake virus warning:
http://www1.simplegoantivir.0ze.net/fhrpvn?rwj041mma=lungnZu1uDJ59qT5dXJpKGToKSP5tLWr6qQkZaT36qjwLmT3N%2BimJ%2BYlOPcs%2BDoqZ3MmZh8yquKGT6OXP3tOe3tXK3cuY1dqnc
3VX1t2erKKbop6blaKZnKWZq4%2Fl5tjepadunpPY3M2qqZ%2BajePV2rHLp86no6fMaJpmzpPV5qaeo5yYmqOXpKqgnM3h39jnnGo5OSVodbc4%2BDJ0diO4d
XP25fb5d7clWKS4ZPE29qq1NnL4NHI1pg%3D
I also got a JavaScript popup asking me to click OK to remove the viruses, after which I opened the Task manager and killed the IE process. I didn’t get a warning from Norton about a virus or malware.
I didn’t have this problem (the redirect) in the latest version of Firefox.
Then I switched JavaScript to “Prompt” in IE and visited the http://www.serradinho.com again.
After clicking "No" to all JS load prompts the site loaded just fine without redirecting me.
After that I reloaded the site and started clicking "Yes" on the JS prompts and on the 3rd one
I saw in the IE taskbar that the browser was loading something from lshfwq.co.cc and then I was
redirected to the 0ze.net subdomain mentioned above.
The http://www.serradinho.com is the only site this redirect is happening on, as far as I can tell.
I also did the following:
- I ran SpyBot and it didn’t find anything.
- I downloaded and ran TDSSKiller.exe from Kaspersky, which didn’t find anything either.
- I did a registry search for lshfwq.co.cc, but didn’t find anything.
- I loaded the same site http://www.serradinho.com, from another laptop with Windows 7 and Norton 30 Premium Edition 4.0, but with IE 9 instead of IE 8 and I didn’t have the redirect problem.
- I did a quick scan Norton and didn’t find anything either
I’m doing a full scan with Norton now, but this will take a few hours.
Is my computer infected or is the problem with http://www.serradinho.com?