If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Which Invader Is This?
In the last few days every single website that I go to suddenly
displays a 'Survey' page with the name of the website in the URL on the page. When you remove it, it just goes away, but if I close the website and then return, the same thing happens again, the damn Survey web page. Anyone know who the culprit is? |
Ads |
#2
|
|||
|
|||
Which Invader Is This?
On Fri, 09 May 2014 05:19:43 -0400, Barry Bruyea
wrote: In the last few days every single website that I go to suddenly displays a 'Survey' page with the name of the website in the URL on the page. When you remove it, it just goes away, but if I close the website and then return, the same thing happens again, the damn Survey web page. Anyone know who the culprit is? That sounds like some sort of malware.... Get Spybot (free). |
#3
|
|||
|
|||
Which Invader Is This?
Barry Bruyea wrote:
In the last few days every single website that I go to suddenly displays a 'Survey' page with the name of the website in the URL on the page. When you remove it, it just goes away, but if I close the website and then return, the same thing happens again, the damn Survey web page. Anyone know who the culprit is? For your interest, Barry .... http://c2.com/cgi/wiki?HowToAskQuestionsTheSmartWay |
#4
|
|||
|
|||
Which Invader Is This?
Barry Bruyea wrote:
In the last few days every single website that I go to suddenly displays a 'Survey' page with the name of the website in the URL on the page. When you remove it, it just goes away, but if I close the website and then return, the same thing happens again, the damn Survey web page. Anyone know who the culprit is? If you take note of the URL being used, it might provide a "name" for the culprit. http://forums.verizon.com/t5/FiOS-In...re/td-p/634437 In that example, the URL involves "mysurveyscenter". I would use my packet sniffer (Wireshark) to get that information, if the adware happened to just pop up a dialog and no URL was visible. http://en.wikipedia.org/wiki/Wireshark If you find that one impossibly complicated, you can also try TCPView. That one will show where connections are going, and is better than nothing. http://technet.microsoft.com/en-us/s...rnals/bb897437 In that Verison example, both of the browsers the poster used, are affected. That means some agent is present on the computer, or had a chance to implant a proxy or otherwise bypass the normal path to the Internet (DNS attack). If you tell your browser, to use a proxy server to reach the Internet, it provides an opportunity to meddle with each page visited. The black hats set up a server on the net, your web query goes to them, and they can add a survey to the web content. And a good infection, if you change the proxy setting back to None, the infection will just restore it when your back is turned. If I had broken my own computer this way, my first task would be developing a descriptive name. Such as "mysurveyscenter", and Googling for hints. When I Google, I might try this. Bleepingcomputer will contain a lot of threads about various pests. site:bleepingcomputer.com mysurveyscenter The only reference I can find there, is c:\program files\MySurvey Messenger\MySurveyMessenger.exe Without some distinguishing information, it's pretty hard to suggest a solution. There is at least one web site, where the author puts the name of each pest, and just lists a generic solution ("run Malwarebytes, run AdwCleaner, run HitManPro"), like it's a magic incantation. But that's putting a victim through a lot of unnecessary work, if it doesn't actually need all of those. To find a site that specifically addresses a pest, is pretty hard. But without some form of identification ("MySurvey") you might spin your wheels forever. Paul |
Thread Tools | |
Display Modes | |
|
|