Malware?

[Gustavus]

I am fairly certain I am encountering a strange malware. I am protected by ESET System security which updates several times a day, WinPatrol which detects attempts to change settings, SuperAntiSpyware etc. So, unless I do something stupid am well protected

When browsing I get a page saying "Warning Comcast Cable Customer you have serious security problem which may compromise -- etc." It disables the icon to close the page so it is impossible to go back to the previous page or to close that one. I go to Windows Task Manager and close from there.

The address is //process-alert.com/system/warning/alert.html?isp= followed by my address

Anyone know what this is? It is clearly trying to get me to click on the button they provide -- but I am way to suspicious to do that. Have always closed from Task Manager as the only way short of closing down the computer to get rid of it.

Any information would be appreciated. Incidentally scans with several malware packages give my computer a clean bill of health so I don't think it has done more than try to get me to click through.

 

[corkyg]

Sounds suspicious to me. I assume you are a Comcast cable subscriber. I am also, but have never seen such a message. I would call Comcast and ask them if it is theirs. Trust but verify. To me it sounds phony.

 

[John Connor]

Comcast can inject data into packets. Could be real, could be fake. This is the site that generates the alert. http://www.processalert.com/

Looks bogus to me. Could be someone trying to get malware into your computer. Are you using WIFI and is is secured? You may even have malware on your computer. Run Adwcleaner once. Herdprotect too, but that takes forever. Or Freefixer which you can see if there is something there that shouldn't be.

Idiots also like to show you a pop up saying Flash is out of date when it's not. Click the pop up and you now have malware on your computer.

I see nothing in Google saying Comcast uses process alert.

 

[Elixer]

It is fake.
I have seen two versions of this, one is generated & infected by damn flash malware, and the other is a pop-up that does the same.
You said while you were browsing... browsing what exactly? Does it happen on ALL sites, or only certain ones, if certain ones, which ones?
What browser are you using?

Comcast doesn't show anything like that, they will send you a letter (actual letter) in the mail about your issues, and also call you if it is really bad. Heck, they might even wall you off, and force you to call them depending on the situation.

If you are infected (via the damn flash 0 day crap), if you can, reinstall the OS. If that isn't an option, run a battery of spybot search & destroy, Malwarebytes anti-malware, and see if those can find the crap.
Don't forget to immunize your hosts file as well (it is an option in S&D).

Good luck.

BTW, that site is hosted on a russian server.

 

[Gustavus]

Thanks for the replies. I was pretty sure it was an attempt to get me to click and let some malware in. I have scanned with Anti-Malware and SuperAntiSpyware Pro -- plus virus scans etc. Nothing found so probably OK. ESET Smart Security has not reacted and it goes ape when it encounters anything -- sometimes when it has encounterednothing.

I am still using Internet Explorer in Windows XP which may well be the way in. My machine is connected to the router with an ethernet cable.

And yes, the suspect screen only appears on a Russian site -- 2baksa.net

 

[MongGrel]

https://noscript.net/

http://bluetack.co.uk/forums/index.php

That and I hate IE in general I guess.

At least put Firefox on there IMHO.

That's a lot of lurking right there

Sounds like you might know better than I, but thought I'd throw a few others out there, what I have running here and there at any rate.

 

[Gustavus]

MonGrel
Everyone hates IE -- including Microsoft apparently since they abandoned it in Windows 10. I am running an experiment. Installed Hide My IP 6.0.307 and will hide mine before going to 2baksa.net to see if that makes any difference. Use to use TOR back when there was a good reason to appear your IP was in Poland but not sure if it is still around. Not really my game.

Thanks for the help

 

[John Connor]

You can change IP addresses all you want, but if the pop up is JS based it will still render in the browser.

Pale Moon + NoScript + Sandboxie.

You have to think and know how the hackers and malware creators do their deeds.

Tor is still used and I wrote about its flaws in my blog. But unfortunately I can't post my blog link in this forum apparently.

Two word synopsis: Isn't private.

 

[Gustavus]

John Conner

The trial version of Hide My IP did no good, so I uninstalled it.

 

[Ketchup]

The best way to tell for sure would be to download an alternate browser and see if it gives you the same alerts IMO.

 

[LPCTech]

This is a popup trying to get you to install malware, its not from comcast. I have gotten it too, only on certain sites. Those sites are infected with it. Either unwittingly or knowingly. As long as you just close it and dont click on it, you are fine. Its just on that site not your pc. Unless you click on it and DL something.

 

[Gustavus]

It may be related -- although I think not. WinPatrol keeps stopping the installation of a startup no-name program

Anyone ever heard of this. Naturally I reject the change

Searching on the number turns up nothing

 

[Fardringle]

Click on the Open Folder link in that window to see where the mystery program is hiding.

 

[Gustavus]

Fardringle

Well, it is certainly well concealed and persistent. I clicked on open folder and explored every item to the lowest level. Nothing suspicious -- so far as I could see. I told WinPatrol to disable it and promptly got back the following screen

 

[Fordineem]

try downloading an alternative browser

 

[MongGrel]

TOR even is hacked these days, yeah.

That NSA thing, even though I haven't used in a long time.

Might try Pale Moon again sometime, I stopped a year or so ago, just was giving me problems here.

 

[Iron Woode]

you should install Malwarebytes Anti-Exploit to protect your browser(s).

it may help your situation.

 

[Gustavus]

Iron Woode

Thanks.

I have Malwarebytes SuperAntiSpyware installed. Do you think Anti-Exploit would do more?

Your net name has a connection you may not know, The Seri indians along the Baja in Mexico make incredible animal sculptures from ironwood -- which incidentally is so dense it doesn't float in water.

 

[fortworthtechs]

The majority of new malware is delivered via the web through a process known as a drive-by download attack. Malwarebytes Anti-Exploit is a best solution for malware problem.

 

[Elixer]

The majority of new malware is delivered via the web through a process known as a drive-by download attack. Malwarebytes Anti-Exploit is a best solution for malware problem.

That isn't the best solution, the best solution is to disable flash, so they can't exploit it in the first place.

 

[Gustavus]

I installed Malwarebytes Anti-Exploit and lost the ability to print on my network printer. All computers access the printer through a Networking printer server. The other computers could still print, but the one I installed Malwarebytes Anti-Exploit on could not. The printer was still shown as the default printer and print jobs were being queued, but nothing printed. Uninstalled Malwarebytes Anti-Exploit using Your Uninstaller and was able to print again. Looked in the various tabs on Malwarebytes Anti-Exploit and found no place where a printer might be blocked.

One other oddity. I am writing a paper in Word Perfect which I publish to PDF for a colleague. Each time I publish to PDF Malwarebytes Anti-Exploit pops up to say Adobe Reader is being protected by Malwarebytes Anti-Exploit. Real PITA

I have installed and uninstalled it twice and will leave it off my machine now.

 

[John Connor]

I would scan the computer with ADwcleaner and maybe Herdprotect which takes a long time and has to be done twice.

Run autorns and upload your ARN file to Dropbox or Box and share the link here. https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx