Did I get Infected?

I am using NIS 2009, I was searching for a img hosting site thru google and I clicked on a site called "pixa.us" and my Norton Safeweb toolbar said there is a Threat. I quickly got the hell out of there.

 

I did a full system scan and came up with nothing and I have not received any Norton alerts about being infected with anything. I went over to Norton Safeweb website to look up what type of threat that website contained (http://safeweb.norton.com/report/show?url=pixa.us&x=0&y=0), it reports that there is a Trojan and its in a .gif file (how can a .gif infect me anyway? wouldn't it need to somehow download itself to me or have me run something first?) I am trying to figure out if I was infected or not.... Did Norton block this .gif for me when I got to the page?

 

I am running Firefox with No Script + Adblock Plus addons which should have blocked any possible scripts that it would try and run or maybe it even blocked the .gif because it could have been flagged as an ad in Adblock, didnt stick around long enough to see what if anything my addons blocked, just speculating.

 

Is anyone able to tell me if I am currently safe or anything else I should do? Maybe if there is someone here that inspects these type of sites they could go over there and see what/how exactly this site infects you and does NIS auto block it or what.

 

Hope someone can give me an answer, thank you.

 

 

Edit: I remember that Norton used to post icons with a green check mark or a red X besides websites in google search results, for the longest time now they have been missing, what happened? That feature would have deff saved me headaches knowing that the site was unsafe. Why is it gone?

Hi majorfail,

 

The Norton Safe Web site evaluations show what was found when a site was visited and analyzed.  It looks like one image file at the site was malicious at the time Norton checked.  If the file is still there and you had accessed it you might have become infected, but just quickly visiting the site in this case is not likely to cause you harm, especially since you are using NoScript.  Had you been unfortunate enough to stumble across the threat Norton's Auto-Protect would have blocked it from infecting you.  The site rating icons in Google are still a part of Safe Web so you should be seeing them.  Make sure the "Enhance Search Engine Results" is enabled in Norton's  Web Settings.  Also NoScript can block the icons unless you have whitelisted google.com in the NoScript site options.

Alright so what you are saying is even tho at one time Norton found and flagged that website as having a Threat it doesnt necessarily mean that the threat is still present? Does Norton not routinely do any sort of updates on the flagged Threat sites to check if the website has been possibly fixed up or once its flagged it remains that way forever? Which doesnt really seem plausible.

 

Also what exactly did you mean by "but just quickly visiting the site in this case is not likely to cause you harm". How does visitng the site for 1 second or staying there for 10mins make a difference? If a file is set to infect you it would do it the second you enter the malicious website wouldnt it?

 

Malwarebytes full system scan is complete and No Malicious items are detected, also did a Spybot Search & Destory scan and that found nothing as well. So I guess I am safe.... I hope lol.

 

I figured out the problem with the SafeWeb google icons, NoScript did have google.com on the list BUT I mostly use google.ca and that wasnt on the list, stupid me.

 

As far as NIS 2010 goes I am aware that I can upgrade to it for free and I do know how and where to do it but I am not interested at the moment.

 

btw thanks for all the great help guys

 

I am using NIS 2009, I was searching for a img hosting site thru google and I clicked on a site called "pixa.us" and my Norton Safeweb toolbar said there is a Threat. I quickly got the hell out of there.

 

I did a full system scan and came up with nothing and I have not received any Norton alerts about being infected with anything. I went over to Norton Safeweb website to look up what type of threat that website contained (http://safeweb.norton.com/report/show?url=pixa.us&x=0&y=0), it reports that there is a Trojan and its in a .gif file (how can a .gif infect me anyway? wouldn't it need to somehow download itself to me or have me run something first?) I am trying to figure out if I was infected or not.... Did Norton block this .gif for me when I got to the page?

 

I am running Firefox with No Script + Adblock Plus addons which should have blocked any possible scripts that it would try and run or maybe it even blocked the .gif because it could have been flagged as an ad in Adblock, didnt stick around long enough to see what if anything my addons blocked, just speculating.

 

Is anyone able to tell me if I am currently safe or anything else I should do? Maybe if there is someone here that inspects these type of sites they could go over there and see what/how exactly this site infects you and does NIS auto block it or what.

 

Hope someone can give me an answer, thank you.

 

 

Edit: I remember that Norton used to post icons with a green check mark or a red X besides websites in google search results, for the longest time now they have been missing, what happened? That feature would have deff saved me headaches knowing that the site was unsafe. Why is it gone?

Hi majorfail,

 

Allow me to welcome you to the Norton Community. I would like to address on question in particular which you posted.

 


Alright so what you are saying is even tho at one time Norton found and flagged that website as having a Threat it doesnt necessarily mean that the threat is still present? Does Norton not routinely do any sort of updates on the flagged Threat sites to check if the website has been possibly fixed up or once its flagged it remains that way forever? Which doesnt really seem plausible


The safe web ratings are a guide only. Basically if a site is rated with a yellow exclamation point or red X, it definitely means that the site is dangerous and should be avoided.

 

However, a green checkmark should also be used with caution. This rating applies at the time the site was tested and that site can become infected at any time thereafter.

 

There is no way that Symantec or any company can routinely test sites repeatedly. You need to remember that there are literally tens if not hundreds of millions of websites and it is simply not possible to review them all on a recurring basis. .And even if this were done, you could be 5 minutes or even 5 seconds after the latest test and that site could now be infected.

 

Safe web ratings should be used as a guide but please don't ever view it as any sort of guarantee that the website is safe.

 

This is where safe surfing practices and the protection offered by NIS comes into play. Combining the two of these with the latest updates to NIS offers you the best protection you can get, but unfortunately nothing is 100%.

 

NIS 2010 is free with a current subscription so you really should reconsider your decision not to do the update. NIS 2010 includes the latest engine and is lighter on resources. Older engines such as NIS 2009 may not be able to detect some of the threats that the newer engines can detect.

 

Update anti-virus definitions are a very important piece of this protection but it is not the only one. It is also very important to always have the latest anti-virus engine available to give you the best protection.

 

In the end it is your choice but is there a reason not to take a free update?

 

Hope this helps.

 

Thanks

Allen

Hi majorfail,

 

Since all sites change constantly, I would think that Norton probably would eventually revisit all websites that it samples, although I have no idea how frequently any given site might be retested.  The point I was making is that these site ratings should be used as a general guide to the safety of a site and not as an up-to-the-minute realtime inventory of what actually lurks there at any given moment.  Any site can be hacked or cleaned up at any time, so these types of ratings need to be considered accordingly.  In your case, this is a picture sharing site, which may occasionally have malware uploaded to it, intentionally or not, or may have malicious ads appearing from time to time.  But the site itself is probably not in the business of distributing malware or seeking to intentionally infect visitors.  Those sorts of sites have hundreds of threats detected, not just one (McAfee SiteAdvisor, by the way, did not detect any problems at the site when they tested it).

 

You are correct that, given the proper conditions you could have been infected simply by visiting the site. A drive-by download or malicious JavaScript will do its damage immediately.  With a little bad luck you might have come across the malicious .gif that had been found at the site.   However, Norton and NoScript both offer excellent protection against the type of attack that would have been required to infect your PC with the Trojan.  I am merely pointing out that, while a potential threat had been identified at the site and that is never a good thing, your risk of actual infection, while not zero, was reduced by the security software you are using and the uncertainty that you would have actually encountered the malicious file.   Still, when in doubt, you did the right thing - you can never be too safe.  Just don't lose any sleep over it now that your scans have come back clean.

I also don't doubt that Norton would eventually revisit sampled websites but I think the qualifying word is eventually. As we know it could never be sampled frequently enough to even come close to guaranteeing safety. As good as Safe Web ratings are, the only concern I ever have is that it can lull some into a false sense of security.

 

You bring up a good point about no scripting. Unfortunately many websites won't work properly without it but I agree that no scripting should be used when possible. Setting such sites in the trusted zone is a good way to achieve this.

 

It is everything combined together that forms a good defense to include safe surfing practices, secure browser settings, keeping up to date on Windows updates, for sure never clicking on any link without a green checkmark and being cautious even when it is green, and also up to date anti-virus software.

 

Allen

Those are all good points, the content on a website can most definitely change in seconds so I guess it is impossible to really know for sure.

 

Malwarebytes seems like a good extra program to keep in the arsenal so kudos for that recommendation.

 

The reason I don't install NIS 2010 is just my routine with every new version released, unfortunately as much as I love this program in my experience there are issues after the release and for a while there after. I always lurk around here checking the topics for any problems and keeping an eye on when everything is cleared up.

 

For 2010 first it was the SafeWeb bar missing in the browser, then it was the program icon disappearing or crashing from the Taskbar and now its the ws.Reputation.1 headaches.

 

I even bought the 2010 disc since my subscription ran out recently and it was on sale, but I ended up using the serial to renew '09 instead. Hopefully 2010 will be solid soon.

 

Thanx again guys, cheers.

The actual 2010 product is honestly solid - the WS.1 problem was more a definition/cloud problem that has (to my knowledge) been resolved - these kinds of problems will happen occasionally though, whether or not the program is stable, because it's not really a problem with the program if you know what I'm trying to say? :-) more a problem with what the program is being told to do :-)

 

But it is, in any event, your choice :-) Personally I have (Honestly) not had one problem with 2010, and I installed it the moment it was released :-)

 

Matt