• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Chrome Hijacked build 22.6

I was just Hijacked using updated and current build 22.6 - live update in last 4 hours, scan in last 9 hours, cleanup in last10 hours.

I was browsing a search that was (graphic warning) about post surgical scar healing as I am 7 weeks post surgery and wish to research. (Post Vats Surgery Incision scar healing)

Im attaching my browser history. I clicked on images in succession by arrows forward on right side when a window opened in Russian "HACKED BY ANONYMOUS"....it only shows in browser history. 

I closed the window the browser, and checked my Norton history- security history and well all of it.

(attached.) should I run a fulll scan? am I OK?

did opening a picture possibly download or install a virus or malware? or other issues?

Replies

Kudos0

Re: Chrome Hijacked build 22.6

The "access blocked" items are Norton Product Tamper Protection events and are almost certainly related to some legitimate program on your PC that Norton prevented from accessing a Norton process.  These are normal and not an indication that your PC is infected with malware.  "Hacked by Anonymous" is likely just a calling card left by the individuals who successfully hacked into a website that had hosted the image you tried to view.  The thing that was compromised was the website, not your computer.  If Norton did not alert to anything when you opened the image, there is likely no damage done, but you can certainly run a full scan to make sure the website did not download anything malicious.

Kudos1 Stats

Re: Chrome Hijacked build 22.6

Kudos0

Re: Chrome Hijacked build 22.6

The issue reported by Securi is defacement of the website.  I don't see any reports of exploit kits or other kinds of attacks against visitors, which Securi would have also listed if any were detected.  I would certainly run a full scan, but I would not be overly concerned at this point.

Kudos0

Re: Chrome Hijacked build 22.6

Thank you for your timely response, explaining  most likely only the website was hacked, and not my computer in any way from a quick visit.

I still havent found confirmed info on vulnerabilities (if any)_following a visit to a hacked website. 

btw: Norton History "access Blocked" were hours before the incident.

I was surprised I couldnt find anything in any parts of history beyond last "live update" which was one half hour prior to clicking into hijacked website.

Following my posts here, I also updated windows weekly Malicious SW updates with todays date, then shut down.

I see someone else has bravely visited the same site (below) and posted the "calling card"  you described.

When it opened in my Chrome it was strobe like flashing. After a couple seconds I left.

.Once again (as I've done for decades), Im placing my faith, trust and safety of an old workhorse puter in the hands of Norton Symantec.

It never hurts to run a full system scan - I'll start it now, hoping  to be complete by days end.

Kudos0

Re: Chrome Hijacked build 22.6

Thankyou for your timely response and looking into it.

This is the first resource I've seen on any visitor vulnerabilities  after landing on a hijacked

site. As I'm end user, not in your industry, this is the first I've heard of "Sucuri"?? (with "u"?).

Your right, full system scan is always a good idea.

I hope this post may help others have peace of mind, many of us havent landed on hijacked sites before. Im on line with any one of  my browsers (Firefox, Chrome, Opera, Tor) +/-18 hours/day.  I've been lucky. I've also been with Norton/Symantec since 1997.

Kudos2 Stats

Re: Chrome Hijacked build 22.6

Hi, india.       Sucuri Site Check. A good place to confirm { or otherwise ! } a site's safety.

https://sitecheck.sucuri.net//

Windows 10 Home X 64
Kudos0

Re: Chrome Hijacked build 22.6

So I completed full scan which found 1 high risk that wasnt found at last scan earlier same day.

results are attached as txt. Note # not scanned.

first thing i noticed was home pages of browser changed.

I found small articles about compromised sites, auto frames and exploit its are discovered 1 out of 46 instances in AVs.

should i continue with power eraser ?

Thanks again 

PS im mid pacific so time diff may be 6 hrs earlier therefore Ill check in tomorrow.

Accepted Solution
Kudos1 Stats

Re: Chrome Hijacked build 22.6

....do you have (knowing/unknowing) PC Mechanic installed...?
PC Mechanic may be bundled with third party applications. 

Kudos0

Re: Chrome Hijacked build 22.6

Hi, india.       Sucuri Site Check. A good place to confirm { or otherwise ! } a site's safety.

https://sitecheck.sucuri.net//


F 4 E;

Yes indeedie! A wealth of knowledge which taught me quite a bit as I noodled through the blogs and Knowledge base. Thanks to you both for the tip.

Kudos0

Re: Chrome Hijacked build 22.6

Thankyou bjm

It appears that snuck in somewhere and was at least in part a culprit.

(see scan results, resolved threat history attached)

Im careful not to download from third parties (CNET Etc) for programs I only go to developer direct.

PCMechanic caused trouble last year - widely -May I politely inquire why regular "quick scans" didnt catch it, or alert me to an unresolved threat?  I check my Norton every day for the green check mark, often reviewing history,

Beyond that I've been searching for any remnants or clues how it got in with continual Norton coverage, no lapses, and regular scans.

I ran advanced search everywhere including hidden files, system files,...etc.

Searching both as PCMechanic and PC Mechanic. 

I then sorted through the results one by one. Deleted 12 (seemingly unopened) emails without examining them just for returning in the searches. I picked through files only to see the query had picked out either 'pc" or "mechanic" in some MSOffice OneNote files.

Do you recommend other search method to insure all remnants are gone?  

 I'll hope to mark this as resolved tonight but right now I need to switch over to the CF-31 (my work laptop) make sure its up to date and get some work done.

Kudos0

Re: Chrome Hijacked build 22.6

A quick note of Thanks to those who chimed in to assist.

After decades of devoted Norton/Symantec use, Im actually happy to say I think Im running smoothly on all machines.

So Thanks to SendOfJive; F 4 E, and most of all a huge thanks to bjm_ who's acuity pinpointed the issue(s). He also visited/shared the hijackers Calling Card posted (above) for those of us unfamiliar with hacker M.O.'s.

Great spring weekend wishes to all.

Appreciative customer.

Hualani

Kudos0

Re: Chrome Hijacked build 22.6

im searching for safe way to locate ip address for site without ping so I can add it to blocked.
Kudos1 Stats

Re: Chrome Hijacked build 22.6

india: im searching for safe way to locate ip address for site without ping so I can add it to blocked.

you may try Sucuri and look at Website Details....although, the IP may not resolve.
https://sitecheck.sucuri.net/results/macsforcancer.com


https://www.raymond.cc/blog/urlvoid-scans-websites-for-viruses-with-multiple-scanning-engines/


Or, for example > http://macsforcancer.com.ipaddress.com/ > Search at > http://ipaddress.com/

Kudos0

Re: Chrome Hijacked build 22.6

thanks I'll give it a go
Kudos1 Stats

Re: Chrome Hijacked build 22.6

Kudos0

Re: Chrome Hijacked build 22.6

Once again you rock bjm_! Raymond blog was excellent turn on, I do like TechRepublic too. I added firewall rules as I trust Symantec more than MS. I'll noodle around suggestions for clearweb searches. I originally started medical stuff on TOR because chrome was infuriating me(albeit NAV toolbar's a goody)-days of suggested big pharma ads on the side, etc.Host files looks easier than the TOR/virtual/reboots regime. I realized no privacy exists anymore anyway- electronic medical record companies (Epic) are a laugh. Im so appreciative of your time: trying to stay safe, "mahalo".

This thread is closed from further comment. Please visit the forum to start a new thread.