Which Invader Is This?

In the last few days every single website that I go to suddenly
displays a 'Survey' page with the name of the website in the URL on
the page. When you remove it, it just goes away, but if I close the
website and then return, the same thing happens again, the damn Survey
web page. Anyone know who the culprit is?

On Fri, 09 May 2014 05:19:43 -0400, Barry Bruyea
wrote:

In the last few days every single website that I go to suddenly
displays a 'Survey' page with the name of the website in the URL on
the page. When you remove it, it just goes away, but if I close the
website and then return, the same thing happens again, the damn Survey
web page. Anyone know who the culprit is?

That sounds like some sort of malware....
Get Spybot (free).

Barry Bruyea wrote:
In the last few days every single website that I go to suddenly
displays a 'Survey' page with the name of the website in the URL on
the page. When you remove it, it just goes away, but if I close the
website and then return, the same thing happens again, the damn Survey
web page. Anyone know who the culprit is?

For your interest, Barry ....

http://c2.com/cgi/wiki?HowToAskQuestionsTheSmartWay

Barry Bruyea wrote:
In the last few days every single website that I go to suddenly
displays a 'Survey' page with the name of the website in the URL on
the page. When you remove it, it just goes away, but if I close the
website and then return, the same thing happens again, the damn Survey
web page. Anyone know who the culprit is?

If you take note of the URL being used, it might provide
a "name" for the culprit.

http://forums.verizon.com/t5/FiOS-In...re/td-p/634437

In that example, the URL involves "mysurveyscenter". I would
use my packet sniffer (Wireshark) to get that information,
if the adware happened to just pop up a dialog and no URL
was visible.

http://en.wikipedia.org/wiki/Wireshark

If you find that one impossibly complicated, you can also try TCPView.
That one will show where connections are going, and is better
than nothing.

http://technet.microsoft.com/en-us/s...rnals/bb897437

In that Verison example, both of the browsers the poster used, are affected.
That means some agent is present on the computer, or had a chance
to implant a proxy or otherwise bypass the normal path to the
Internet (DNS attack). If you tell your browser, to use a proxy server
to reach the Internet, it provides an opportunity to meddle with each
page visited. The black hats set up a server on the net, your
web query goes to them, and they can add a survey to the web
content.

And a good infection, if you change the proxy setting back to None,
the infection will just restore it when your back is turned.

If I had broken my own computer this way, my first task would
be developing a descriptive name. Such as "mysurveyscenter",
and Googling for hints.

When I Google, I might try this. Bleepingcomputer will contain
a lot of threads about various pests.

site:bleepingcomputer.com mysurveyscenter

The only reference I can find there, is

c:\program files\MySurvey Messenger\MySurveyMessenger.exe

Without some distinguishing information, it's pretty hard
to suggest a solution.

There is at least one web site, where the author puts the name
of each pest, and just lists a generic solution ("run Malwarebytes,
run AdwCleaner, run HitManPro"), like it's a magic incantation.
But that's putting a victim through a lot of unnecessary work,
if it doesn't actually need all of those.

To find a site that specifically addresses a pest, is pretty hard.
But without some form of identification ("MySurvey") you might
spin your wheels forever.

Paul

On Fri, 09 May 2014 05:30:28 -0400, wrote:

On Fri, 09 May 2014 05:19:43 -0400, Barry Bruyea
wrote:

In the last few days every single website that I go to suddenly
displays a 'Survey' page with the name of the website in the URL on
the page. When you remove it, it just goes away, but if I close the
website and then return, the same thing happens again, the damn Survey
web page. Anyone know who the culprit is?

That sounds like some sort of malware....
Get Spybot (free).

Got it. Ran it. Zip.


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com