# Can I get infected by just visiting a site?



## Flash (Nov 2, 2009)

Hey, hopefully this is the correct forum for this thread. 

I was searching google to check what ports borderlands was using, and the first result I opened, I got a blank page with a message box saying my computer could be infected, and I don't have any antivirus, and he wants me to install one, bla bla bla, most likely you came across this.

At this time, I didn't pressed anything, I ctrl+alt+del and clossed firefox process. Now I do have Kaspersky installed, and he didn't pop up any warnings.

Could I have gotten infected thru this? If anyone who is a guru in websites, I could give you the link I pressed to check it out, if you know what your doing and don't get infected (if in fact that's the purpose of that site, to infect you with spyware/malaware).


----------



## mrhuggles (Nov 2, 2009)

yes, under certain circumstances you can.


----------



## joinmeindeath417 (Nov 2, 2009)

I'd clear internet cache and temp files just to be safe, but usually when you ctrl+alt+del it is safe if you don't let it install anything.

Like some people will press cancel and than it installs the shit. To be on the safe side, clear your temp files and cache and cookies.


----------



## Steevo (Nov 2, 2009)

redirects, drive by downloads, scripts, MITM attacks, BHO's, alternate streams, and much else.

Redirect to a infectious website is the most common currently I believe. 
Drive by downloads pushed through a trusted site (by ads uually, but also through your browsers attempts to precache) that you ahave allowed popups from, or other security risks.
Scripts that run at your user level, from a webpage that has been compromised, ads, links that your browser precaches, etc...
MITM Man In The Middle, a malicious website/person intercepts your data, and redirects it through itself/networks as your informatino travels to and from you and the host you are wanting.
Browser hijack objects, items that inject themselves as legitimate shims or helper objects into your browser, thus allowing more access and causing more security issues.
Alternate data streams, a file that downloads and uses up unmarked space on the disk or memory to download malicious content. There is still one hole left to the kernel even in win 7 on this one, but it is very unlikely to happen.

Many more things that are being discovered everyday, both by the people who report security issues, and those who exploit them.


----------



## Flash (Nov 2, 2009)

joinmeindeath417 said:


> I'd clear internet cache and temp files just to be safe, but usually when you ctrl+alt+del it is safe if you don't let it install anything.
> 
> Like some people will press cancel and than it installs the shit. To be on the safe side, clear your temp files and cache and cookies.



Ok, chace from within firefox in tools-options-advance right?
Temp files? C:/document and setting/user/local setting/temp?


----------



## Mussels (Nov 2, 2009)

those things are usually fake ads.


"you have a virus! oh noes! click this link to buy our antivirus!"


feel free to post the link - just break it up a bit. throw a few spaces in, so that no one can click it by accident



http://www   .badviruslink.com


----------



## caleb (Nov 2, 2009)

Yes you can. Clicking without brainz will 1000% get you infected.


----------



## francis511 (Nov 2, 2009)

Press the "X" button on a window like that will NEARLY always close it. If you`re using opera you can close the tab it opens in and if you`re really superstitious , close your browser with task-manager.


----------



## Benetanegia (Nov 2, 2009)

If you didn't click anything you are most probabaly safe. As they told you clean your cache and maybe run a web based anti-virus (won't hurt) if you don't want to have an anti-virus program. 

When they put a message like that, it's usually just a scam. Statistics say that, at least that's what they reported in a security publication I read some time ago. It's usually a person who wants to make some easy money, and most times than not they don't even know how to infect your PC. They will try to make you pay for the service or downloading a fake AVP and that's all. That AVP will usually give a false positive, although some few tims they do infect your PC. But that's few times, it's just easier to fool you into paying, without doing the hard work. The time they would spend making the virus (in case they do know how to) is better spent into making more fake websites, linking to them into forums/banners, etc.

EDIT: I'm talking about when you get a message like that, not in general. In general, be careful when you click.


----------



## Tatty_One (Nov 2, 2009)

There are 2 types of these "monsters" going around at the moment and most anti viruses packages dont detect them, I can speak with some authority as I have been hit by both in the last 3 days!

The first is simply as most have said, pretty harmless and does not leave anything on your PC providing you can close it by answering "no" to the download question.

The second is much nastier, it actually puts a directory and application file in your primary drives program files directory, the one I got had a folder that was called something like "WKCVGS" and the application within the folder was called the same.  Now this app takes control of your PC in as much as it wont allow you to open Antivirus or spyware apps, it wont allow you to open any third party "cleaning apps"  or even control panel or "Start - Run - msconfig" to get rid of it.

I found it in Windows explorer but it wouldnt allow me to do anything with it because it says that I didnt have permissions, even though I had and i changed permissions several times to double check.  What worked in the end for me was to rename (that was the only thing it would let me do) both the folder and the application inside it, so I renamed it "virus".

After that I rebooted and I got rid of the continous pop ups (it probably couldnt open the app because of the rename on startup), then I went to "start - run - msconfig" and found that under both the startup and services tabs there was reference to this file so I unchecked them, saved and exit and no more problems!  Once all that was done, on re-boot it allowed me to delete the folder and app from within Windows explorer.

To be on the safe side and to ensure nothing has been left on your PC, go to "start" and select the "search" tab, then search for all files/folders on your primary drive from the date the attack happened, if there is a "nasty" left behind it will show on the list for that date, it will also show a time it was installed.


----------



## twicksisted (Nov 2, 2009)

Tatty_One said:


> I can speak with some authority as I have been hit by both in the last 3 days!


Tatty you really need to cut down on the porn dude


----------



## laszlo (Nov 2, 2009)

twicksisted said:


> Tatty you really need to cut down on the porn dude




let the man.. he's not retired from all only from oc


----------



## Tatty_One (Nov 2, 2009)

twicksisted said:


> Tatty you really need to cut down on the porn dude



LMAO..... I wish!  The nasty one was whilst streaming a music video from "You Tube" !!!  I emailed them to tell them also.

Edit: The video was "Rock the casbah" by the Clash so i dont spose many will ever get it!  At least I think it was that, otherwise it must have been a gaming cheat site where I was looking for a walk through for a level of Fallout 3, cant remember the site though


----------



## mrhuggles (Nov 2, 2009)

if hes talking about what i think hes talking about its a thingy that abuses a bug in flash to load like 200 advertisements at once


----------



## Benetanegia (Nov 2, 2009)

Tatty_One said:


> LMAO..... I wish!  The nasty one was whilst streaming a music video from "You Tube" !!!  I emailed them to tell them also.
> 
> Edit: The video was "Rock the casbah" by the Clash so i dont spose many will ever get it!  At least I think it was that, otherwise it must have been a gaming cheat site where I was looking for a walk through for a level of Fallout 3, cant remember the site though



For anything Fallout, Fallout Wiki is the place to go: http://fallout.wikia.com/wiki/Fallout_Wiki

I hope it's not there where you caught the nasty one! I've been there plenty of times and I will go there when I return to playing Fallout3. I'm taking it slow with that game, I like it, but it bores me to play it too much, so now I'm playing Borderlands. I'll get bored of it soon probably and then I'll return to Fallout. In the meantime I play Warcraft 3 and CSS too. I have to retake X3:Terran Conflict some day too. Haha, thanks god there's no game that I really want on the horizon...


----------



## Flash (Nov 2, 2009)

Bah, I can't find the site anymore when I type the same thing in google as yesterday. 
I was actually thinking of reverting to an older image of my C:/ drive a couple of weeks old. What I'm most afraid, is that besides trying to make me install whatever thing about this fake antivirus, they could as well sneak other spyware. And since I do a lot of banking on internet...


----------



## joinmeindeath417 (Nov 2, 2009)

Look being you didn't isntall anything and you have no annoying pop up saying your infected or bugs crawling around your screen, you should be fine if you clear temp files/cookies and cache. 

I honestly think if your doing a lot of banking or anything invovling personal information you should have some type of security center on your pc to just be safe. If you feel better about restoring an image go for it, but remember just because your restoring an  image from the hard drive doesn't mean it will not sneak its way back into your restore.


----------



## Flash (Nov 3, 2009)

Ok, the search result appeared again when I used Virtual PC Console (Microsoft Virtual PC) and googled "Borderlands ports"
If anyone is a guru at checking out sites and would like to let me know if I should be worried I hit this website please do.

http://  www.   counselingthatworks.com/tre/index.php?a=borderlands-port-forwarding

Then I got redirected to

http://   spywareclean3.com/scan1/"blablabla" which had the pop-up saying I should install a security program. You can't close the browser at that time since the pop-up will flash (wanting you to click it). At that time I ctrl+alt+del and ended firefox process.


Now as I side note, am I completely safe when using something such as Microsoft Virtual PC? As in could I visit/download whatever files, while it wouldn't matter what viruses it had, they can't affect my main system?


----------



## Mussels (Nov 3, 2009)

testing that link now (with my antivirus on AWESOME MAXIMUM PROTECTION!)

even after removing the spaces, that link doesnt seem to work for me


edit: i googled for borderland ports, and clicking the link there did work.


what this does is just opens up ads that try and trick you into downloading their software - it doesnt install any malware on its own (its a social networking advertisement) - their PROGRAM is the virus/money maker


----------



## Flash (Nov 3, 2009)

So there is no reason to worry? the site/script is harmless?

On my virtual PC after pressing cancel (I was curious what would happen) I've seen it started scanning or whatever.


----------



## Mussels (Nov 3, 2009)

i saw that silly scanner too, its just an animation.


no harm is done from the link itself, its when you download their program (and/or pay for it to remove the non existent viruses it 'finds') that things go downhill


----------



## [Ion] (Nov 3, 2009)

Flash said:


> So there is no reason to worry? the site/script is harmless?
> 
> On my virtual PC after pressing cancel (I was curious what would happen) I've seen it started scanning or whatever.



It's not a problem, as long as you "x" out of it.  I went to it to see what would happen rolleyes, and it did the animated GIF, it's obviously fake because it's showing two hard drive in my computer as well as a DVD-RAM.  It's my laptop with 1HDD and no optical, so it's safe to assume that it's a fake.  I strongly suggest that you install WOT (Web of Trust) in Firefox, it warns you of bad sites and only loads them with your express permission


----------



## Flash (Nov 3, 2009)

Ok, cheers for the fast reply. I guess I won't have to spend time to restore my C drive and instead go play the game


----------

