windows-scannercenter.xxxcom/?

Toggle sidebar Toggle sidebar
techs

techs

Lifer
Sep 26, 2000
28,559
4
0
DO NOT CLICK THE LINK !!!!!!!!!!!!!!!
http://windows-scannercenter.xxxxxcom/?id=93087288166

I intententionally broke the link with the xxxx before the com.

Ok, customer was copying an pasting some text from a word document into an email and the link was the only thing that got pasted.
Then, lo and behold, all the text in the original word 2007 document is gone!
The link takes you to the FakeAlert Antivirus that uses a security center type shield and is usually called something like Antivirus 2009.

I have never seen this do anything to the clipboard. I would like to try and get the data back. Yet, my anti-virus only classifies it as FakeAlert.
Does anyone know how I can get more info on this?
Thank
 
A

Atheus

Diamond Member
Jun 7, 2005
7,313
2
0
The word doc is actually deleted and word is closed? You can't just Ctrl-Z to get the document back?

'Antivirus 2009' etc is a bitch. I've tried to remove a version of that and failed. Had to reformat.
 
A

Atheus

Diamond Member
Jun 7, 2005
7,313
2
0
this may be the offending code

<script>window.google={kEI:"A6YkSZ7zM4W20QTHl7W4BA",kEXPI:"17259,18783,18994",kHL:"
en"};
google.y={};google.x=function(e,g){google.y[e.id]=[e,g];return false};function sf(){document.f.q.focus()}
window.gbar={};(function(){var b=window.gbar,f,h;b.qs=function(a){var c=window.encodeURIComponent&&(document.forms[0].q||"").value;if(c)a.hr
ef=a.href.replace(/([?&])q=[^&]*|$/,function(i,g){return(g||"&")+"q="+encodeURIComponent(c)})};function j(a,c){a.visibility=h?"hidden":"visi
ble";a.left=c+"px"}b.tg=function(a){a=a||window.event;var c=0,i,g=window.navExtra,d=document.getElementById("gbi"),e=a.target||a.srcElement;
a.cancelBubble=true;if(!f){f=document.createElement(Array.every||window.createPopup?"iframe":"div");f.frameBorder="0";f.src="#";d.parentNode
.appendChild(f).id="gbs";if(g)for(i in g)d.insertBefore(g,d.firstChild).className="gb2";document.onclick=b.close}if(e.className!="gb3")e=
e.parentNode;do c+=e.offsetLeft;while(e=e.offsetParent);j(d.style,c);f.style.width=d.offsetWidth+"px";f.style.height=d.offsetHeight+"px";j(f
.style,c);h=!h};b.close=function(a){h&&b.tg(a)}})();</script>
Click to expand...
 
M

MadAmos

Senior member
Sep 13, 2006
818
0
76
This seems to be a common way that the B*****ds are getting windows antivirus 2009 on so many systems. Do a search with your favorite search engine for clickjacking.


 
bruceb

bruceb

Diamond Member
Aug 20, 2004
8,874
111
106
I have also seen links from Google search lead to pages that tried to install that Antivirus XP ... very bad and something needs to be done to stop this from happening. If you do get to a page like that, do not click on anything. Best bet is Ctrl+Alt+Del and shut down the computer .. then reboot and see if you are still clean. Note also the MalwareBytes is very good at cleaning this pest off an infected system, but it will leave you with missing tabs on Display Properties. These can be restored with a link at Kellys Korner XP Fixes
 
boomerang

boomerang

Lifer
Jun 19, 2000
18,883
641
126
IMO, this needs to be dealt with at a federal level or failing that at a state level by the attorney general of each state. I'm far from being well versed in the law so I hope what I just said makes sense.

These people are in the same league as spammers. This has got to be affecting our economy on the scale it's taking place. I see several systems a week that are infected with this and I'm a very small fish in the big pond.
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
This is clipboard hijacking. Cross-browser, cross-OS. Nasty.

1) run Adobe's Flash Player Uninstaller. direct link to it

2) install the current version of Flash Player for IE, and if they use Mozilla/FireFox/Opera, also install the current version of Flash Player for those browsers as well.



Secunia's vulnerability scanners are also recommended here. The online one is free for any use, as far as I know, but requires Sun Java to be installed in order to run. The installable "Personal Desktop" version is only for home users.
 
techs

techs

Lifer
Sep 26, 2000
28,559
4
0
Originally posted by: mechBgon
This is clipboard hijacking. Cross-browser, cross-OS. Nasty.

1) run Adobe's Flash Player Uninstaller. direct link to it

2) install the current version of Flash Player for IE, and if they use Mozilla/FireFox/Opera, also install the current version of Flash Player for those browsers as well.



Secunia's vulnerability scanners are also recommended here. The online one is free for any use, as far as I know, but requires Sun Java to be installed in order to run. The installable "Personal Desktop" version is only for home users.
Click to expand...
Thanks everyone, and mechBgon thats a great tool. It's going in my toolbox.

 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom