Author Topic: Tiberian Sun executable... Browser Hijack (Read 573 times)

Chalenge · « **on:** April 19, 2010, 06:27:01 PM »

I was visiting a link I got off the forums here and either there or on a follow-up link I paused and when I came back found a popup that looked like a Windows system message 'Tiberian something executable has stopped responding...' which turned out to be a browser hijack. I immediately reset my browser and scanned for viruses (didnt find any) and it appears to have been stopped.

Ever heard of this? Anything else I should do?

Edit: modified subject to be more precise

MutleyBR · « **Reply #1 on:** April 22, 2010, 12:12:01 PM »

Never heard of that one.

I use here WinPatrol free, which helps in protecting browser and some System areas.

Maybe you should use this to prevent future surprises like that one.

http://www.winpatrol.com/

Mutley

bustr · « **Reply #2 on:** April 22, 2010, 08:10:46 PM »

At least it wasent a wild Ransom Ware posing as an antivirus scan that wouldn't let you have access to the OS. That was fun........

Chalenge · « **Reply #3 on:** April 22, 2010, 11:12:48 PM »

ESET NOD32 took care of the problem (browser hijack attempt and keylogger). I was fortunate in that I recognized that the program it was masking itself as I dont use (Tiberian Sun is a Command & Conquer game I hear) and the idiot(s) that wrote the bug decided to advertise Sun Chips (I guess he invests). Okay... its possible the purpose of the popups is to get you to visit sites that cause additional infections. I reset the browser and ran Spybot Search & Destroy and then scanned with NOD32. After verifying I was infected I nuked the drive and restored using a True Image backup. Problem solved.

68Hawk · « **Reply #4 on:** April 23, 2010, 12:32:24 PM »

Don't click popups...

Chalenge · « **Reply #5 on:** April 23, 2010, 01:32:54 PM »

I have popups defeated.

The problem is that I clicked on a link someone posted here on the forums (I believe) and then clicked on a link on whatever page that loaded (I have not tried to find it and it could have not been a link here at all). Just by loading the page you get infected but worse it generates another iexplore.exe that does allow popups and every page that loads generates more infections. At that point any attempt to log into any site is logged and potentially passed on to whatever mastermind created this little gem.

This is just one example. There are potentially millions of computers in the wild that are infected with keyloggers and the owners have no idea they are infected. Probably even some small percentage of the AH players have the same problem and dont even know it.

bustr · « **Reply #6 on:** April 23, 2010, 05:16:08 PM »

I use NOD32 also and it was a link someone posted here.

I followed it to the page destination and it turned into an ativirus scan with a message to register the scanner for $29.99. I lost access to my operating system but was able to open the recycling bin and via it open a limited explorer session to delete the executable and reboot. Upon the reboot I received a NOD32 update which had a ransom ware solution in it for the previous hijack. I've run into similare hijacks of URL's to other sites that are populare with the gaming community, free movies like Hulu and japanamaition sites. I ran RegCure afterwards and it cleaned out all the reminants of the hijack.

Aces High Bulletin Board

Author Topic: Tiberian Sun executable... Browser Hijack (Read 573 times)

Chalenge

Tiberian Sun executable... Browser Hijack

MutleyBR

Re: Tiberian Sun executable... Browser Hijack

bustr

Re: Tiberian Sun executable... Browser Hijack

Chalenge

Re: Tiberian Sun executable... Browser Hijack

68Hawk

Re: Tiberian Sun executable... Browser Hijack

Chalenge

Re: Tiberian Sun executable... Browser Hijack

bustr

Re: Tiberian Sun executable... Browser Hijack