Bogus Website? Warning

treeve
22nd July 2007, 23:44
After searching via Google for info on Burials in Madron Parish,
I clicked on the link that included the name I was looking for.
It also contained other items, on the Google summary.
The Google page cleared and went blank, I backed to Google to
get the Cached version – then I was taken to another advertising
website and then I was presented with three open browser windows.
Then I was getting warnings from Sygate as to hijacking threats.
I clicked off immediately, and then ran AVG …. the website
had downloaded within the webpage a downloader.
“ckrse.exe” and it had made two copies in System Restore.
I have cleared all files from Windows Internet pages, by hand,
as most of the time a hundred or more items are still left there after
clearing using the Internet Properties dialogue box.
Upon closing, the trojan horse prevented the system from
re-booting and so tried to prevent itself from being wiped.
I have cleaned it from the system and checked the registry.
Obviously Google URL is ok, but are any of the following
list bogus URLs – is there any legality in the microsoft
address, especially. It was trying to take me there, as well
as the winantivirus site. The budaphone site did not actually
contain any of the items it purported to have.

07/22/2007 21:12:49 budaphone.com [195.2.91.121]
07/22/2007 21:14:01 www.google.com [66.102.9.104]
07/22/2007 21:14:07 pisden.org [216.195.51.71]
07/22/2007 21:14:07 abloga.info [216.195.51.141]
07/22/2007 21:14:07 abloga.info [216.195.51.141]
07/22/2007 21:14:12 www.ygsondheks.info [85.255.118.19]
07/22/2007 21:14:17 www.ygsondheks.info [85.255.118.19]
07/22/2007 21:14:17 www.ygsondheks.info [85.255.118.19]
07/22/2007 21:14:33 www.google.com [66.102.9.104]
07/22/2007 21:14:38 winantivirus.com [66.244.254.63]
07/22/2007 21:14:38 winantivirus.com [66.244.254.64]
07/22/2007 21:14:38 go.winantivirus.com [204.16.204.56]
07/22/2007 21:14:38 speedsearcher.net [216.195.51.49]
07/22/2007 21:14:54 winantivirus.com [66.244.254.64]
07/22/2007 21:14:54 winantivirus.com [66.244.254.64]
07/22/2007 21:14:54 winantivirus.com [66.244.254.64]
07/22/2007 21:14:59 winantivirus.com [66.244.254.64]
07/22/2007 21:14:59 activex.microsoft.com [207.46.197.16]

I want to know how many of these I should add to my blocked lists.


Best Wishes, Raymond

Gavin Gait
22nd July 2007, 23:53
I've tried to check the IP origin's Raymond and only the Google one looks to be valid all of the rest seem to point to other hosts than Microsoft or the Host cannot be identified. Personally i'd block everything except Google just now.

Davie(Thumb)

treeve
23rd July 2007, 00:33
Thanks Davie, I thought as much, but just wanted to be sure.
I have thousands of names on the blocked lists, so what's
a few more!! The moral is, you can't even trust websites
found on a Google search. Just how devious can anyone be.
Why can't these people direct their talents towards something useful?
Best Wishes, Raymond

benjidog
23rd July 2007, 09:02
Raymond,

We all get caught like this from time to time and often these redirects take you to porn sites quite apart from depositing nasty software on your machine. You have done all the right things.

Brian