Malicious Web Site Blocked: widdit.com

Hi  all

 

I've exhausted every option I can think of to try and fix this problem but I'm still having issues.

 

I keep getting a Malicious Web Site Blocked page pop up just about every time I click on anything.

 

Then Norton takes me to this page when I click on detailed report:

 

Page

 

but doesn't explain to me what I can do to resolve this problem. It's very annoying. I can't do anything without this popping up. I'm not all that computer savy anymore. I've run computer scans etc etc but nothing gets rid of whatever the hell this is. I don't even know what Widdit is?

 

Any help would be much appreciated!

Hi,
welcome to Norton Community.

What internet Browser you use to browse the web?

“I’ve exhausted every option I can think of to try and fix this problem but I’m still having issues.”
What Troubleshooting you have followed?

Do you have any other Browser?

Hi Kandy-Sugar

 

Welcome to norton Community Forum.

It sounds like you have a nasty Drive-by Downloads bug from the site

widdit.com. or a link from a unknown source.

you could try and run Norton Power Eraser which is the last resort scan

from Symantec Norton download from this link-

 

http://security.symantec.com/nbrt/overview.aspx

 

Install and run Power Eraser and see how you go.

 

If you have already run NIS and Power Eraser scans with no success, you could

try Malware Bytes as a last resort and run a full scan with this program.

I have seen it mentioned in alot in Norton forum posts when users have nasty malware

that they cannot get rid of.

 

 

Website Link-

 

http://www.malwarebytes.org/products/malwarebytes_free

 

Download and install the free version you do not need to try the 30 day trial.

 

Just run the full scan it may take a while so sit back and have a coffee or cuppa

tea and see whaat Malware Bytes finds. Running a different Malware program

might just find what Norton cannot find. It might be  worth a try, and when finished just

uninsatll malware Bytes from your computer.

 

I would only use Malware Bytes as a last resort effort if myself or the other Forum Members

and Symantec Employees cannot help resolve this issue for you.

 

And hopefully that can help with your issue.

 

Let us know how you go .

 

Cheers:smileywink:

 

Hello Kandy-Sugar

 

I would use Norton Power Eraser as a last resort tool as it is a powerful tool and an advanced one also.

 

I would suggest a full scan with the free version of Malwarebytes and it is a program that you should keep on your computer. It is a good on demand second opinion scanner to complement your Norton product.  I would keep it on your computer and you can even run it every so often as a scanner that might catch something that Norton missed since they each have different so called specialties. Thanks.

It has been a while since i used Power Eraser and looking at the steps

involved with that compared to Malware Bytes i would have to agree with

you flopot. Malware Bytes is the easier of the 2 to install and run.:smileywink:

 

I was trying to exhaust all Norton methods of resolving the issue, but as

kandy-Sugar did mention-

 

. I'm not all that computer savy anymore.

 

( i missed that ) so there might be some issues or difficulties with using

Nortons Power Eraser.

 

Good catch floplot it is good to have the Gurus around to assist the Forum

Members.

 

Cheers:smileyhappy:

Hi all and thank you for the welcomes. =)

 

I am running Firefox at the moment and have used it for the last five years or so now to answer the first reply.

 

I had only run a full computer scan through Norton and tried to scan through my browser history to see if I had been anywhere different to the norm, so that was as far as I got when I said I had exhausted every option I could think of. I honestly couldn't think of anything more than to come here and ask for help. >.< Nothing I seemed to do on my own was helping the issue.

 

I have ran scans using Malware Bytes and Norton Power Eraser as suggested, but both times they have said that they can not detect any risks.

 

I'm not sure what it is, but for the moment I have not had any sites/links blocked with the message I was getting before. I hope whatever it is has been resolved even though both scans detected and resolved nothing. It's only this week that it's been happening and I've not gone anywhere I don't usually go and I haven't downloaded anything that I can think of. =/


I will keep an eye out to see if this keeps happening and come back to this thread if I need more assistance.

Thank you for all your help!

 

EDIT: I spoke too soon. Just as I was clicking through this site after posting this post the same message popped up twice again!!! I have no idea why this is still happening!

Hi Kandy-Sugar

 

Out of curiosity what version of FF are you using??

Is it the recent release being 8.0??

 

And do you get the pop ups when you use Internet Explorer Browser??

 

Cheers

Hi there

 

I've had a look and it's version 3.6.24.

 

I never use the Internet Explorer browser but my partner does when he's on.

He said he hasn't gotten any pop ups so far though.

 

Could it be that my version of Firefox is just outdated that's causing me problems?

According to the Safe Web, there is a HTTP MSIE TLI App ActiveX Code Exec at   hxxp  ://predict.widdit.com/service/?R0VUJHY2OTk0MzIzNDE4MjE4MzEzJCQzNDIyNDYzMjY4MjgxMSQxOTI2OSQkaHR0cDovL3NlcnZpY2Uud2lkZGl0LmNvbS9MT0NBTFNVR0dFU1RJT05TLz9xPXRsaSZzaT0xOTI2OSZjcz03MDAwLTI4NiZzaWQ9MTMyMTM3ODIxMzE1NyZ1YT1FeHBsb3JlciUyMDkmdj00LjE0JmdiPTEmb3NhPTImcmE9bGVmdCZzdD0yJnB0PTAmd2NjPSZ3bXNjYz1VUyZzcz0xJnNzdD0wJnN0cz0xJnNxbj0xJmF0cj0xJm9iaT0wJnVsPWVuLWdiJmxzPWJvb2JzJm1pZD0xJmRiPTEmY2M9R0ImY3A9MSZidz0zMDAmYW1iPTAmYW1pPTAmYmk9NzMyNTkyNyZ1aWQ9MCZnaWQ9MzQyMjQ2MzI2ODI4MTEmc3I9JmJsPTImc3JjPTEmcnNwPWRvZ2dpbmcmZGlyPWx0ciZvcHR6PQ** 

 

About the detection:

 

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

DescriptionThis signature detects an attempt to exploit a vulnerability in Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control which could result in remote code execution.
Additional InformationThe Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability.
The vulnerability has been identified in the Microsoft Visual Basic 6 TypeLib Information Library (TLI) 'tblinf32.dll' ActiveX control with the following CLSIDs: {8B217746-717D-11CE-AB5B-D41203C10000} {8B217752-717D-11CE-AB5B-D41203C10000} {8B21775E-717D-11CE-AB5B-D41203C10000}
The affected ActiveX control can also be found under the name of 'vstlbinf.dll'.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Affected
  • Microsoft Internet Explorer 6.0 SP2
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 5.0.1 SP4
  • Microsoft Internet Explorer 5.0.1 SP3
  • Microsoft Internet Explorer 5.0.1 SP2
  • Microsoft Internet Explorer 5.0.1 SP1
  • Microsoft Internet Explorer 7.0 beta3
  • Microsoft Internet Explorer 7.0 beta2
  • Microsoft Internet Explorer 7.0 beta1
  • Microsoft Internet Explorer 7.0
ResponseDownload and install vendor patches related to this vulnerability.
 
Edit: Woah!  When I posted there was only 5 replies.  After I posted the thread is full of replies :smileytongue:.

Hi

I am not to sure but i have noticed that Mozilla will be adding a major

update  December 20  for 3.6 to 8 if the users wish to upgrade.

 

Perhaps the issue is the version of FF as that is a very old version considering

version 9 will be released December 20.

Maybe there are some bugs in the version  FF you are using  or a compatibility

issue with Norton Addons not functioning properly.

 

You could try upgrading to a newer version to see if it fixes the issue. But you

should back up your bookmarks before doing a upgrade to be safe.

 

Click on this link for a safe site to download earlier versions of FF from you might

like to try 5 or 6 which should still be  compatible with most addons.

 

http://www.softpedia.com/progDownload/Mozilla-Firefox-Final-Download-5787.html

 

Might be worth a try.??

 

Cheers

 

Keep us posted.:smileyhappy:

And remember you will not be able to install the same version 3.6.4  again the website

only provides 3.6.22 as the oldest version closest to what you have installed now.

 

 

 

 

Firefox 3.6.24, while old, is still fully supported by Mozilla and it being old should not be the reason for your problems. You might still want to update your Firefox to the latest version, though, since support will be ending.


Bombastus wrote:

Firefox 3.6.24, while old, is still fully supported by Mozilla and it being old should not be the reason for your problems. You might still want to update your Firefox to the latest version, though, since support will be ending.


Did you see my reply at http://community.norton.com/t5/Norton-Internet-Security-Norton/Malicious-Web-Site-Blocked-widdit-com/m-p/591270/highlight/true#M183751?  The site itself have a vulnerability, whether intended or not.  That is the reason for Norton blocking the site (not Firefox).

Hi mikedov

 

I am confused in your post it says that affects Internet Explorer.

Kandy-Sugar says that IE works ok.

am i getting this right or am i missing something.?

It is just FF that seems to be affected from the posts.

Could you assist me with those queries.

 

Cheers

 

 


mikedov wrote:

Bombastus wrote:

Firefox 3.6.24, while old, is still fully supported by Mozilla and it being old should not be the reason for your problems. You might still want to update your Firefox to the latest version, though, since support will be ending.


Did you see my reply at http://community.norton.com/t5/Norton-Internet-Security-Norton/Malicious-Web-Site-Blocked-widdit-com/m-p/591270/highlight/true#M183751?  The site itself have a vulnerability, whether intended or not.  That is the reason for Norton blocking the site (not Firefox).


Nope, I didn't. :smileyhappy: Seems like half a dozen replies or something appeared while I was typing.

It could be that the page has a vulnerability that affects IE (or so Symantec detects), so Norton Safe Web marked the page as malicious blocked the page.   The same would happen if using IE and there is a vulnerability that affects Firefox.  NSW would block the page nevertheless.

 

Or so I think.

I think that I would be tempted to clear the cache (history and cookies) in the browser and reset the router to clear that and then then check to see if something more needs to be done. 

Kandy,

        Can you tell us, do you have any toolbars installed in your Firefox?

        And also the Add-ons installed in it?

Hello

 

If you do a Google search of widdit.com, each part of the site has a red x on it. The site is unsafe. Google is listing it as unsafe. I just did the Google search using IE 8. It should not even be listed here.

 

http://www.google.com/search?q=widdit.com&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1

 

kandy

 

Since you are having this problem with other sites that you go to, I would suggest stopping at one of the malware removal sites and ask them if your computer is infected or not. If it is infected, the site can help you clean it up. If it is infected, it has gotten past your Norton product and Malwarebytes and the power eraser. These free sites can tell you what scans to run and can help you clean it up on a 1 to  1 manner which this site can't do.

 

 

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

 

 

Please pick one of them and have them tell you is you are infected or not. Thanks.