IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> BEX Just a simple search on Google?, .
13x
post 24.04.2012 00:37
Post #1


Advanced Member II
****

Group: Members
Posts: 202
Joined: 9.10.2010




Please delete this thread. I clicked twice and it shouldn't have been sent. Here's the thread: http://forum.kaspersky.com/index.php?showtopic=234323.

This post has been edited by 13x: 24.04.2012 00:44
Attached File(s)
Attached File  weirdsearch.jpg ( 31,88K ) Number of downloads: 12
 
Go to the top of the page
 
+Quote Post
13x
post 24.04.2012 00:43
Post #2


Advanced Member II
****

Group: Members
Posts: 202
Joined: 9.10.2010




Hi!

Today my Windows Live Messenger app crashed twice, and the event name was APPCRASH on one of them and BEX on the other (accordingly to Windows Problems and Solutions Reports). I wanted to know what was this BEX about, so I searched for BEX on Google - I just searched, I didn't click in any link at all! I can swear you I seriously didn't click any link, I just hit "Search". However, I got a warning telling me a Trojan invaded my computer (check attachement).

I did it twice actually, just to be sure the search was the source for the Trojan. It happened again.

I don't understand how the hell did I download a Trojan if I didn't enter the website mentioned... it was one of the results on Google, but I didn't enter it. I just searched for the word "BEX".


It also says it was denied, and it appears in my Detected Threats screen as "Inactive".

QUOTE
swfobject.js Denied: HEUR:Trojan.Script.Iframer 23-04-2012 21:20:27


My KIS icon is green.

My GSI Report: http://www.getsysteminfo.com/read.php?file...2a5e0434f615633.

I'll full scan during the night.

Should I be worried about anything?

Greetings!
Go to the top of the page
 
+Quote Post
richbuff
post 24.04.2012 05:04
Post #3


Are You Kidding?
*****************

Group: Moderators
Posts: 1000307
Joined: 14.06.2007




My Computer > right click it > Properties > Advanced System Settings > Performance tab > Settings > Data Execution Prevention tab > Turn on DEP for all programs and services except those I select > Add > brows to Windows Live Messenger executable > Add > ok > ok.

Any better?


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
13x
post 24.04.2012 10:34
Post #4


Advanced Member II
****

Group: Members
Posts: 202
Joined: 9.10.2010




QUOTE(richbuff @ 24.04.2012 01:04) *
My Computer > right click it > Properties > Advanced System Settings > Performance tab > Settings > Data Execution Prevention tab > Turn on DEP for all programs and services except those I select > Add > brows to Windows Live Messenger executable > Add > ok > ok.

Any better?


Yes, thanks Richbuff. bf.gif

However, what about the Trojan? I full scanned and my computer is clean - I will now scan with Mbam, just to be sure.

I still think it is weird that a Trojan tried to invade my computer on a simple Google search, though - I can say it again, I did not click in any link. Can it be some sort of problem with my computer? I was using Google Chrome to browse on the Web and I searched for the word "BEX" on "www.google.pt" (Google Portugal).

Any ideas?

Have a nice day!
Go to the top of the page
 
+Quote Post
13x
post 25.04.2012 12:02
Post #5


Advanced Member II
****

Group: Members
Posts: 202
Joined: 9.10.2010




Good morning, again.

I still would like to understand how can I get a warning of an infected script with a Trojan on a Google page. I have already contacted Kaspersky Virus Lab, in order to report the issue, and the script is indeed infected - the thought I had, too.

However, I simply cannot understand how can this possibly happen on a Google page. I thought that, above every website, Google would be safe, which apparently is not true. It is weird that the script is from a website that comes along on the search result, but I did not even enter, which makes no sense at all.
Go to the top of the page
 
+Quote Post
3x0gR13N
post 25.04.2012 15:13
Post #6


Kaspersky Fan III
**********

Group: Moderators
Posts: 2315
Joined: 2.01.2007
From: Serbia




Google loads the websites listed in your search results in the background, probably because of the "Site preview" feature (you can see how the site looks like by hovering/clicking on the ">>" next to search result). This causes your browser to access scrips on said websites which will trigger HTTP scanning in KIS.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 1.10.2014 20:16