dave104

I went to a web site today that obviously tied to install some sort of spyware. The computer appeared to go to "My computer" and said that Windows (neither of which are on this computer, hence knowing that it was bogus) had found spyware infections and went through the beginnings of a bogus virus scan and also reported trojans. Firefox would not close, so I shut down the computer and restarted it, when I restarted firefox it went right back to the fake site (twice). So I disconnected my cable modem, restarted the computer, opened another Firefox window, and cleared personal information and made sure the home page was still google (it was). The only personal information I save on the computer is a password to my verizon phone account (which I immediately changed), and it seemed to be wiped out of the verizon minutes plug-in (although I checked it after clearing personal information, so I may have done that).

I'm running Ubuntu, I use Firefox, and Firestarter reports the firewall as active, so I imagine that I am pretty safe, but the fact that I turned off the computer and was directed to the fake site has rattled me a little. The site was tithed.info (which was linked via google), has any one heard of it? How can I reassure myself that I don't have spyware or some other nasty sitting on my computer. Also, since I do have Vista on the computer, could something transfer over to that system?

Thanks for any advice.

rokytnji

I have ran into this drive by malware more times then I can remember, Not just using Ubuntu either. Clearing History and browser cache is all I usually have to do. No need to shut down computer. I just kill Firefox with terminal if it won't close.

You can kill Firefox in terminal by using the top command to open up something like Task Manager and can kill Firefox from there.

On my other Distros I just make a Xkill button or entry in Menu.

Sounds Like a cookie or something like that got Firefox to take you back to the site when it opened. After you deleted

You probably erased all trace of that malware crap from your browser. For me Just Clearing History and cookies and cache is enough. I never have any problems after that. We have admin locked up with a password and no dlls so I wouldn't sweat it. At least I don't and I have seen this malware a bunch on the web. I finally installed WOT add on into Firefox to help me cut down on that crap.

It's more of a nuisance in Linux than something to really sweat over.

__________________
Free Linux Books
Linux Registered User # 475019
And I’ll keep using Linux until they pry it from my cold dead fingers.

bigvoo

HI Dave, this happend to me 3 weeks back, using ubuntu 8.4, it was a legit online edition of a newspaper website that got mine... I tend to think it is an attack on firefox, and not so much ubuntu, although this makes 2 ubuntu comps reporting it. I have a feeling this is giong to be reported alot in the next few weeks/month. looking back, I wish i would have posted the website link in the forums to have some of the gurus go have a look. I run mint 7 now, and no further incidents.

ozar

For whatever it's worth, Norton Safe Web considers it a slight risk for Windows users because of the JS.Downloader.Trojan:

Norton Safe Web, from Symantec - report for tithed.info

__________________
oz

New Members: * README *

dave104

Thanks for the advice. It popped up again later, but wasn't quite so tenacious - it allowed me to "X" out Firefox and restart without problem. I don't even know if the two instances were connected, but I'll pay attention. But I won't sweat over it. Now if I was running Windows....

Jonathan183

... looks like another one to add to /etc/hosts list as here