Authentication Scam Pop-Up

Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the above
paragraph, and then click on the "Lowe's Official Site", I get the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up, and I
can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to (yet),
just in case this is a problem with the Google link. I'd hate to have to
clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a quick
scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA

On Tue, 7 Feb 2017 20:11:47 -0000 (UTC)
Boris wrote:

Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers,
when I use Google as a search engine, and only when I Google "lowes"
in the URL box, and then select the first result, "Lowes Official
Site". It doesn't happen with any other search, for instance Best
Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the
above paragraph, and then click on the "Lowe's Official Site", I get
the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up,
and I can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to
(yet), just in case this is a problem with the Google link. I'd hate
to have to clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a
quick scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA


That is a result of the NSA cloning your hard drive.

In article 8,
lid says...

Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the above
paragraph, and then click on the "Lowe's Official Site", I get the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up, and I
can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to (yet),
just in case this is a problem with the Google link. I'd hate to have to
clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a quick
scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA

I've had that happen. Same as you, used Task manager to kill it.
Difference is haven't had it happen again so forgot about it seeing as
was pretty sure it was some pop-up advert type of page caused it. That
was months ago now.

On Tue, 7 Feb 2017 15:43:30 -0500, Wolf K
wrote:

On 2017-02-07 15:11, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

I think somebody is masquerading as Lowes.

In Firefox: Menubar View Toolbars check Status Bar. The Status Bar
open at the bottom of the main FF window.

Next time you hover over "Lowes Official Site", you should see the URL
link on the status bar. If you see the bogus URL, you know it's not
on/in your system.

I'm running Firefox 51.0.1. It does not have the option "Toolbars" on
the View Menu. So I can't Check Status Bar.

DC

On Tue, 07 Feb 2017 15:07:26 -0600, wrote:

On Tue, 7 Feb 2017 15:43:30 -0500, Wolf K
wrote:

On 2017-02-07 15:11, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

I think somebody is masquerading as Lowes.

In Firefox: Menubar View Toolbars check Status Bar. The Status Bar
open at the bottom of the main FF window.

Next time you hover over "Lowes Official Site", you should see the URL
link on the status bar. If you see the bogus URL, you know it's not
on/in your system.

I'm running Firefox 51.0.1. It does not have the option "Toolbars" on
the View Menu. So I can't Check Status Bar.


Yes you can. You don't have to turn the status bar on. It
automatically appears when there's something to see there. See
https://support.mozilla.org/en-US/kb...ned-status-bar

wrote:

Wolf K wrote:

Boris wrote:

Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

I think somebody is masquerading as Lowes.

In Firefox: Menubar View Toolbars check Status Bar. The Status
Bar open at the bottom of the main FF window.

Next time you hover over "Lowes Official Site", you should see the
URL link on the status bar. If you see the bogus URL, you know it's
not on/in your system.

I'm running Firefox 51.0.1. It does not have the option "Toolbars" on
the View Menu. So I can't Check Status Bar.

Hover the mouse cursor over a hyperlink. A pseudo-statusbar popup will
appear at the bottom of the window showing the effective URL. This is
NOT the same as the actual URL (see my reply to Boris and below) and why
it cannot be trusted to show you to where you actually go when clicking
on a hyperlink.

Hovering the mouse cursor over a Google search hit on "lowes" will show
"www.lowes.com" in the popup pseudo-status bar. That's not the actual
hyperlink. Right-click on the hyperlink and select Inspect Element to
see the hyperlink was actually:

a
href="/url?sa=t&rct=j&q=&esrc=s&source=we b&cd=1&cad=rja&uact=8&ved=0ahUKEwj Biq7__P7RAhUE4SYKHQlIDgIQFggcMAA&url=https%3A% 2F%2Fwww.lowes.com%2F&usg=AFQjCNHgZZjs6eFBd4pY SY3gQfVS5ZiPyA"
onmousedown="return
rwt(this,'','','','1','AFQjCNHgZZjs6eFBd4pYSY3gQfV S5ZiPyA','','0ahUKEwjBiq7__P7RAhUE4SYKHQlIDgIQFggc MAA','','',event)"Lowe's
Home Improvement: Appliances, Tools, Hardware, Paint .../a

www.lowes.com is in there but as an argument. The actual (first)
destination is a Google tracker URL. If you right-click on the
hyperlink and select "Copy location" and paste elsewhere (e.g.,
Notepad), you'll see the variables/args got replaced so the actual
destination is:

https://www.google.com/url?sa=t&rct=...SY3gQfVS5ZiPyA

Google wants to track logistics on its search engine. It has you go to
their URL to record on what you clicked and then redirects you to the
target site you intended to visit. Yes, this can be used for tracking
but also get used to improve their search engine, especially regarding
relevancy order of the search results.

Because some users don't like their web visits to get tracked for any
purpose, they use alternative search engines (e.g., DuckDuckGo or
Ixquick/StartPage).

Boris wrote:

Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the above
paragraph, and then click on the "Lowe's Official Site", I get the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

Disable any ad blocker add-ons a retest. Or start the web browser in
its safe mode which disables all add-ons during that session, including
those that you did install.

Inspect your 'hosts' file. Should only have the "127.0.0.1 localhost"
equivalence unless you've added more or are using someone else's
pre-compiled 'hosts' lists as an ad/content blocker.


The screen is locked up, so I use Task Manager to kill the pop-up, and I
can get back to work.

Sure looks like malware. Could be an add-on you did not intend to
install, something iffy you did install and decided to eventually
trigger, or something running outside of the web browser. The URL you
get is probably trying to get more malware on your computer.

I haven't tried this on my XP or Win10 machines, and don't want to (yet),
just in case this is a problem with the Google link. I'd hate to have to
clean up Win10.

I did a Google search on "lowes". The first hit is a sponsored link and
it did take me to lowes.com. In the Google search results and when the
mouse is hovered over the hyperlink to Lowes, www.lowes.com shows up in
the status bar (Firefox). That's not really the URL for that hyperlink.
It's what the script wants you to see in the status bar. The actual URL
is:

https://www.google.com/url?sa=t&someArgs&url=https%3A%2F%2Fwww.lowes.co m%2F&moreArgs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
https://www.lowes.com/ --------------------------------------'
where
%3A = : (colon) ---.--- entity codes
%2F = / (forward slash) ---' (avoid parsing error on special chars)

All the rest of the URL is for Google tracking (to record logistics on
their search engine).

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a quick
scan with Miscrosoft Security Essentials, with no results.

That runs as a separate process. Does not stop you from using your
computer but obviously anything that runs can impact responsiveness of
the computer.

You already have malware on your computer. Do you really want to
postpone its detected and eradication to do other work which may be in
jeopardy?

There is also the possibly of DNS poisoning. Flush your own DNS cache
by running in a command shell:

ipconfig /flushdns

You cannot control DNS poisoning up on the DNS server that you use.
There is malware that changes which DNS server to which you connect so
check your DNS settings. Rather than have mine dynamically assigned by
the upstream DHCP server (which results in me using my ISP's DNS server
which fails about 2-4 times per year), I use alternative DNS servers
that are statically defined by me, like OpenDNS and GoogleDNS in that
preference order.

On 2/7/2017 12:11 PM, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the above
paragraph, and then click on the "Lowe's Official Site", I get the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up, and I
can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to (yet),
just in case this is a problem with the Google link. I'd hate to have to
clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a quick
scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA


AVG AntVirus Free blocked the Web page as a malware site.

When I disabled AVG's LinkScanner Surf-Shield, Mozilla's Safe Browsing
capability -- as implemented in SeaMonkey -- failed to block the site.
That capability uses a database obtained from Google, which is why I am
not surprised that the capability failed to block the site.

--
David E. Ross
http://www.rossde.com/

Paraphrasing Mark Twain, who was quoting someone else:
There are three kinds of lies: lies, damned lies, and
alternative truths.

On Tue, 7 Feb 2017 20:11:47 -0000 (UTC), Boris wrote:
This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site".


Doesn't your browser show you the URL when you hover the mouse
pointer over a link? If it doesn't, junk it and get one that does.
(Same advice for your email program.)

NEVER click on a link without knowing where it will take you. I'll
bet you anything "Lowes Official Site" isn't lowes.com -- the real
site doesn't have to call itself "official".

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

This is what I see.

Lowes.com - Official Website
Ad www.lowes.com/‎ ‎+91 99112 44209

Now, that number off to the side, is a long
distance number to "Pedro Teh Scammer". (The
phone number is likely in Uttar Pradesh, India.)

That's your hint something is wrong with the link. When the
advertisement was sold, there was probably some domain
check, that the phone number was "local" to the website
location.

Another "ad" link near the top, lists a phone
number of (416) 689-3570, which is a Lowes in Toronto.

This does not authenticate the link - it's just
a visual hint that something "unusual" is going on.
I might notice that out of the corner of my eye, and
move down the page out of harms way.

*******

Firefox is doing this, and Seamonkey is not.

*******

One suggestion was to use "encrypted.google.com" for your
search instead. That's if you don't understand the hack
involved, and want to move on.

Paul

On 2/7/2017 2:27 PM, David E. Ross wrote:
On 2/7/2017 12:11 PM, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers, when I
use Google as a search engine, and only when I Google "lowes" in the URL
box, and then select the first result, "Lowes Official Site". It doesn't
happen with any other search, for instance Best Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the above
paragraph, and then click on the "Lowe's Official Site", I get the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up, and I
can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to (yet),
just in case this is a problem with the Google link. I'd hate to have to
clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a quick
scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA


AVG AntVirus Free blocked the Web page as a malware site.

When I disabled AVG's LinkScanner Surf-Shield, Mozilla's Safe Browsing
capability -- as implemented in SeaMonkey -- failed to block the site.
That capability uses a database obtained from Google, which is why I am
not surprised that the capability failed to block the site.


Regarding the failure of the Mozilla capability for Safe Browsing to
detect the site as a phishing site, I submitted bug #1337549. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1337549.

--
David E. Ross
http://www.rossde.com/

Paraphrasing Mark Twain, who was quoting someone else:
There are three kinds of lies: lies, damned lies, and
alternative truths.

"David E. Ross" wrote in
news
On 2/7/2017 2:27 PM, David E. Ross wrote:
On 2/7/2017 12:11 PM, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers,
when I use Google as a search engine, and only when I Google "lowes"
in the URL box, and then select the first result, "Lowes Official
Site". It doesn't happen with any other search, for instance Best
Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the
above paragraph, and then click on the "Lowe's Official Site", I get
the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with
an official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up,
and I can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to
(yet), just in case this is a problem with the Google link. I'd
hate to have to clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a
quick scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA


AVG AntVirus Free blocked the Web page as a malware site.

When I disabled AVG's LinkScanner Surf-Shield, Mozilla's Safe
Browsing capability -- as implemented in SeaMonkey -- failed to block
the site. That capability uses a database obtained from Google, which
is why I am not surprised that the capability failed to block the
site.


Regarding the failure of the Mozilla capability for Safe Browsing to
detect the site as a phishing site, I submitted bug #1337549. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1337549.


After reading your first post, that AVG Free detected and blocked the site,
I thought I'd install AVG Free, and see what happens.

After installing AVG Free,I tried Firefox again, and this time, a Google
search didn't bring up "Lowe's - Official Site", it brought up "Lowe's Home
Improvement: Appliances, Tools, Hardware, Paint ...", as the first link.
When I hovered over this link, the status bar showed "www.lowes.com, and
nota google redirect. Hmmm...something has changed for the better.

I tried IE, with the same (good) results.

I read your bug report. Thanks.

So, it looks like I didn't have any malware installed on my machine, only
phising attempts. Shame on you Google. Never cared for google, don't do
Chrome, and have no google account, let alone gmail.

VanguardLH wrote in :

Boris wrote:

Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers,
when I use Google as a search engine, and only when I Google "lowes"
in the URL box, and then select the first result, "Lowes Official
Site". It doesn't happen with any other search, for instance Best
Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the
above paragraph, and then click on the "Lowe's Official Site", I get
the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with an
official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

Disable any ad blocker add-ons a retest. Or start the web browser in
its safe mode which disables all add-ons during that session,
including those that you did install.

No luck.

Inspect your 'hosts' file. Should only have the "127.0.0.1 localhost"
equivalence unless you've added more or are using someone else's
pre-compiled 'hosts' lists as an ad/content blocker.
My Windows hosts is all REM'd out, including the line with 127.0.0.1.
I've never altered the hosts file. An ipconfig/all shows the only DNS
server with an IP of my router, which is connected to a comcast modem.


The screen is locked up, so I use Task Manager to kill the pop-up,
and I can get back to work.

Sure looks like malware. Could be an add-on you did not intend to
install, something iffy you did install and decided to eventually
trigger, or something running outside of the web browser. The URL you
get is probably trying to get more malware on your computer.

I haven't tried this on my XP or Win10 machines, and don't want to
(yet), just in case this is a problem with the Google link. I'd hate
to have to clean up Win10.

I did a Google search on "lowes". The first hit is a sponsored link
and it did take me to lowes.com. In the Google search results and
when the mouse is hovered over the hyperlink to Lowes, www.lowes.com
shows up in the status bar (Firefox). That's not really the URL for
that hyperlink. It's what the script wants you to see in the status
bar. The actual URL is:

https://www.google.com/url?sa=t&someArgs&url=https%3A%2F%
2Fwww.lowes.
com%2F&moreArgs

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
https://www.lowes.com/ --------------------------------------'
where
%3A = : (colon) ---.--- entity codes
%2F = / (forward slash) ---' (avoid parsing error on special
chars)

All the rest of the URL is for Google tracking (to record logistics on
their search engine)

Thanks, I didn't know why the URL results in google searches were so
long, and didn't point to the search term..

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a
quick scan with Miscrosoft Security Essentials, with no results.

That runs as a separate process. Does not stop you from using your
computer but obviously anything that runs can impact responsiveness of
the computer.

You already have malware on your computer. Do you really want to
postpone its detected and eradication to do other work which may be in
jeopardy?

There is also the possibly of DNS poisoning. Flush your own DNS cache
by running in a command shell:

ipconfig /flushdns

You cannot control DNS poisoning up on the DNS server that you use.
There is malware that changes which DNS server to which you connect so
check your DNS settings. Rather than have mine dynamically assigned
by the upstream DHCP server (which results in me using my ISP's DNS
server which fails about 2-4 times per year), I use alternative DNS
servers that are statically defined by me, like OpenDNS and GoogleDNS
in that preference order.

On 2/7/2017 7:46 PM, Boris wrote:
"David E. Ross" wrote in
news
On 2/7/2017 2:27 PM, David E. Ross wrote:
On 2/7/2017 12:11 PM, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers,
when I use Google as a search engine, and only when I Google "lowes"
in the URL box, and then select the first result, "Lowes Official
Site". It doesn't happen with any other search, for instance Best
Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in the
above paragraph, and then click on the "Lowe's Official Site", I get
the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with
an official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up,
and I can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to
(yet), just in case this is a problem with the Google link. I'd
hate to have to clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do a
quick scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA


AVG AntVirus Free blocked the Web page as a malware site.

When I disabled AVG's LinkScanner Surf-Shield, Mozilla's Safe
Browsing capability -- as implemented in SeaMonkey -- failed to block
the site. That capability uses a database obtained from Google, which
is why I am not surprised that the capability failed to block the
site.


Regarding the failure of the Mozilla capability for Safe Browsing to
detect the site as a phishing site, I submitted bug #1337549. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1337549.


After reading your first post, that AVG Free detected and blocked the site,
I thought I'd install AVG Free, and see what happens.

After installing AVG Free,I tried Firefox again, and this time, a Google
search didn't bring up "Lowe's - Official Site", it brought up "Lowe's Home
Improvement: Appliances, Tools, Hardware, Paint ...", as the first link.
When I hovered over this link, the status bar showed "www.lowes.com, and
nota google redirect. Hmmm...something has changed for the better.

I tried IE, with the same (good) results.

I read your bug report. Thanks.

So, it looks like I didn't have any malware installed on my machine, only
phising attempts. Shame on you Google. Never cared for google, don't do
Chrome, and have no google account, let alone gmail.


I sent feedback to Google about the ad and how it was for a phishing Web
site. Apparently, they killed the ad. The problem is that they did not
do any due diligence on the ad in the first place. Instead, they waited
for a complaint.

--
David E. Ross
http://www.rossde.com/

Paraphrasing Mark Twain, who was quoting someone else:
There are three kinds of lies: lies, damned lies, and
alternative truths.

"David E. Ross" wrote in
news
On 2/7/2017 7:46 PM, Boris wrote:
"David E. Ross" wrote in
news
On 2/7/2017 2:27 PM, David E. Ross wrote:
On 2/7/2017 12:11 PM, Boris wrote:
Win7, 64-bit

This is happening in both Firefox and Internet Explorer browsers,
when I use Google as a search engine, and only when I Google
"lowes" in the URL box, and then select the first result, "Lowes
Official Site". It doesn't happen with any other search, for
instance Best Buy or Home Depot.

If I enter "www.lowes.com" all is fine.,but if I do as I say in
the above paragraph, and then click on the "Lowe's Official Site",
I get the pop-up:

Authentication Required
http://fixed786.xyx is requesting your User Name and Password.
0x80070424 warning:
Activation Kay Damages!!!
Call Help Desl +1 844 891 1032 TOLL FREE

A window appears with fields to enter user name and password, with
an official Microsoft lookin web page in the background, with
"fixed786.xyz/main' in the URL box.

The screen is locked up, so I use Task Manager to kill the pop-up,
and I can get back to work.

I haven't tried this on my XP or Win10 machines, and don't want to
(yet), just in case this is a problem with the Google link. I'd
hate to have to clean up Win10.

I have not installed any add-on or programs in days.

I haven't run Malwarebytes yet, as I need to use this machine and
Malwarebytes takes a long time to scan the entire disk. I did do
a quick scan with Miscrosoft Security Essentials, with no results.

Any ideas?

TIA


AVG AntVirus Free blocked the Web page as a malware site.

When I disabled AVG's LinkScanner Surf-Shield, Mozilla's Safe
Browsing capability -- as implemented in SeaMonkey -- failed to
block the site. That capability uses a database obtained from
Google, which is why I am not surprised that the capability failed
to block the site.


Regarding the failure of the Mozilla capability for Safe Browsing to
detect the site as a phishing site, I submitted bug #1337549. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1337549.


After reading your first post, that AVG Free detected and blocked the
site, I thought I'd install AVG Free, and see what happens.

After installing AVG Free,I tried Firefox again, and this time, a
Google search didn't bring up "Lowe's - Official Site", it brought up
"Lowe's Home Improvement: Appliances, Tools, Hardware, Paint ...", as
the first link. When I hovered over this link, the status bar showed
"www.lowes.com, and nota google redirect. Hmmm...something has
changed for the better.

I tried IE, with the same (good) results.

I read your bug report. Thanks.

So, it looks like I didn't have any malware installed on my machine,
only phising attempts. Shame on you Google. Never cared for google,
don't do Chrome, and have no google account, let alone gmail.


I sent feedback to Google about the ad and how it was for a phishing
Web site. Apparently, they killed the ad. The problem is that they
did not do any due diligence on the ad in the first place. Instead,
they waited for a complaint.


With most products these days, It seems that the customer/end user is
the QA person.

Thanks again.