suspicious scipts

Talk about internet security, computer security, personal security, your social security number...
Post Reply
cobrakel67
Posts: 1
Joined: Tue Aug 26, 2014 11:11 pm

suspicious scipts

Post by cobrakel67 » Wed Aug 27, 2014 12:30 am

Hi guys ..I just wanted to stop buy and offer some help ,i would like to help any one with a excellent software product that actually works and has saved my buttt..and noscipt is one of them GREAT WORK ...

im going to start with things you probably already know but maybe some you dont..by sending scripts of cross injection attempts. if this is ok then let me know ..and what else i can do ..thanx cobrakel

this is one from liutilities.com they deal with UNIBLUE products such as registry cleaners,malware..

also i see doubleclick.net as well these guys are apain in the butt..are they associated with google?

and of course conduit ...i really hate these guys they have caused nothing but problems for me and a ton of others
I would love to get them blaclisted permanantly.....is there a way ? apparently they have teamed up with bing and trovi
the program is search protect by conduit and they even have the nerve to say at uninstall that if you uninstall this product
you will not be notified of any harmful changes to your home page.LOL

TROVI is a search page that imbeds itself in your system and all your browsers ,this is very bad because they eventually change other things in your computer..UNBELIEVABLE that they can get away with this...example
1. MY SYS INI WERE ALTERED
2. MY DESKTOP ICONS WERE ALTERED
3.MY REGISTRY WAS ALTERED
4.MY TASKS WERE ALTERED AND MY SERVICES
5, SOME SERVICES WERE SHUT DOWN ..
6. MY FOLDERS AND INDEXING WERE ALTERED
7. FOLDERS WERE CREATED TO FOOL ME THAT LOOKED ITEDENTICAL ...
8. MY SYSTEM SLOWED TO A CRAWL
9. THE PROGRAM RESIDES IN YOUR RECYCLE BIN
10. KEYBOARD AND MOUSE FUNCTION ALTERED.
11. ETC ETC. ETC.

things to look for ..
1. YOUR FOLDERS HAVE CHANGED POSITIONS OR A NEW FOLDER ADDED YOU DID NOT CREATE
2. YOUR NOTEPAD AND OTHER ITEMS DISSAPEAR OFF YOUR RIGHT CLICK MOUSE ON DESKTOP
3. YOUR DESKTOP ICONS ARE COMPLETELY ARANNGED DIFFERENTLY THAN LAST TIME YOU WERE ON IT.
4.IF YOU VIEW ALL SYSTEM FILES AND UNCHECK EVERY HIDDEN ITEM ,YOU WILL DEFINATLY NOTICE SOMETHINGS WRONG
5. A BLUE AND YELLOW SHEILD IS ON CERTAIN DESKTOP ITEMS
6.THE FOLDER ICONS IN YOUR COMPUTER ARE PLAIN
7.IN C:/USERS FOLDER THE NAME IS CHANGED OR MORE THAN THE DEFAULT FOLDERS ARE SHOWN.
8.THE NAME IN YOUR USERS FOLDER HAS BEEN COMPROMISED BY S-1-15- USERS
9.SHARED FOLDERS ARE TURNED ON ALMOST EVERYTHING
10.CERTAIN SERVICES ARE CHANGED IN TASK MANAGER
11.IN FOLDER OR FILE PROPERTYS A ODD NAME HAS BEEN ADDED
12. WINDOWS SEARCH IS RUNNING CONTINOUSLY WITH INDEXING
13.CERTAIN SERVICES CANT BE ADJUSTED OR SET OR BLANKED OUT..
14,YOUR HOME PAGE CHANGES ON ALL BROWSERS YOUR INTERNET IS SUDDENLY SLOWER .
15. CHECK YOUR FILE S CLEANER PROGRAM FOR WHAT IS BEING CLEANED
16.PROGRAMS ARE DELETED BUT THE EMPTY FOLDER NAME IS STILL THERE
17.ACCESSING A PROGRAM SUDDENLY TAKES TOO LONG
18.CHECK YOUR SHIELDED ICON AND COMPARE IT WITH THE ORIGINAL ICON IN YOUR C:/PROGRAMS DIRECTORY ITS COMEPLETLY DIFFERENT IN PROPERTYS (DESCIPTION)
19. YOU LOOK FOR FOLDER PROPERTYS AND IT TAKES YOU TO THE PERSONALIZATION SCREEN OR A LIBRARY FOLDER THAT SAYS RUN ADMINISTRTAER OR SPACE CHECK BOXES, IT TAKES YOU TO THE SYSTEM CERTIFICATION SCREEN
20.YOUR NOTEPAD ,RICH TEXT AND OTHER ITEMS ARE MISSING FROM RIGHT CLICKING NEW.
21. ITS BECAUSE THE PERSONALIZATION SCREEN IT TAKES YOU TO THEY CAN CHANGE MOUSE SETTINGS VIDEO SETTINGS DESTOP ITEM ICONS OR ANY ICON FOR THAT MATTER .AND ESPECIALLY YOUR RECYCLE BIN ICON THIS IS WHERE THEY HIDE ..YOU WILL NOTICE A FOLDER THAT SAYS $RECYCLEBIN$ INSIDE THIS FOLDER IS 2 OTHER RECYCLE BINS,ONE HAS THE S-1-5 USER ON IT. VERY HARD TO GET RID OF..
22 SYSTEM INI IS CHANGED TO A S-1-5- USER FOR INDEXING PURPOSES .ON DESKTOP, PROGRAMS .IN YOUR LIBRARY ETC .THIS CAUSES ICONS YELLOW BLUE SHEILD SINCE THEY WANT CONTROL OF THINGS STEALTHLY
23. THE TASK MANAGER PROCESS (SYSTEM) IN PROPERTYS DESCRIPTION THE ORIGINAL FILE NAME IS CHANGED AND THE SYSTEM RESOURCE IS RUNNING STEADY 99 % THE TASK MANGER LIST IS BOUNCING UP AND DOWN AND HARD TO CLICK A SERVICE .




[NoScript InjectionChecker] JavaScript Injection in ///if?enc=________zz_1KFyPwvXIP9Ei2_l-aug_9Shcj8L1yD8AAAAAAADQP3K49CbZ5n50ElWw-hau5W7vDf1TAAAAAJYZIQBNBwAAngMAAAIAAADUnfYAeVgFAAAAAQBVU0QAVVNEAKAAWAIuTAAA2MEAAgUAAQIAAIYAXSx78QAAAAA.&cnd=!XiBs3Aj70vwBENS72gcYACD5sBUwADgAQABIngdQlrOEAVgAYMIGaABwAHgAgAEAiAEAkAEBmAEBoAEBqAEDsAEAuQEAAAAAAADQP8EBAAAAAAAA0D_JAZlib5I0MfM_2QEAAAAAAADwP-AB6KwH6gEA9QEAAAAA&ccd=!SQfRRgj70vwBENS72gcY-bAVIAA.&udj=uf('a', 307571, 1409093103);uf('c', 4139387, 1409093103);uf('r', 16162260, 1409093103);&vpid=755&apid=156602&referrer=http://www.liutilities.com/adsense5.html&ct=0&rsrc=2&dlo=1
(function anonymous() {
uf('a', 307571, 1409093103);uf('c', 4139387, 1409093103) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious request. Original URL [http://lax1.ib.adnxs.com/if?enc=________zz_1KFyPwvXIP9Ei2_l-aug_9Shcj8L1yD8AAAAAAADQP3K49CbZ5n50ElWw-hau5W7vDf1TAAAAAJYZIQBNBwAAngMAAAIAAADUnfYAeVgFAAAAAQBVU0QAVVNEAKAAWAIuTAAA2MEAAgUAAQIAAIYAXSx78QAAAAA.&cnd=%21XiBs3Aj70vwBENS72gcYACD5sBUwADgAQABIngdQlrOEAVgAYMIGaABwAHgAgAEAiAEAkAEBmAEBoAEBqAEDsAEAuQEAAAAAAADQP8EBAAAAAAAA0D_JAZlib5I0MfM_2QEAAAAAAADwP-AB6KwH6gEA9QEAAAAA&ccd=%21SQfRRgj70vwBENS72gcY-bAVIAA.&udj=uf%28%27a%27%2C+307571%2C+1409093103%29%3Buf%28%27c%27%2C+4139387%2C+1409093103%29%3Buf%28%27r%27%2C+16162260%2C+1409093103%29%3B&vpid=755&apid=156602&referrer=http%3A%2F%2Fwww.liutilities.com%2Fadsense5.html&ct=0&rsrc=2&dlo=1] requested from [http://www.liutilities.com/adsense5.html]. Sanitized URL: [http://lax1.ib.adnxs.com/if?enc=________zz_1KFyPwvXIP9Ei2_l-aug_9Shcj8L1yD8AAAAAAADQP3K49CbZ5n50ElWw-hau5W7vDf1TAAAAAJYZIQBNBwAAngMAAAIAAADUnfYAeVgFAAAAAQBVU0QAVVNEAKAAWAIuTAAA2MEAAgUAAQIAAIYAXSx78Q20AAA.&cnd=!XiBs3Aj70vwBENS72gcYACD5sBUwADgAQ20IngdQlrOEAVgAYMIGaABwAHgAgAEAiAEAkAEBmAEBoAEBqAEDsAEAuQ20AAAAAADQP8EBAAAAAAAA0D_JAZlib5I0MfM_2Q20AAAAAADwP-AB6KwH6gEA9Q20AAAA&ccd=%21SQfRRgj70vwBENS72gcY-bAVIAA.&udj=uf%20%20a%20%2C+307571%2C+1409093103%20%3Buf%20%20c%20%2C+4139387%2C+1409093103%20%3Buf%20%20r%20%2C+16162260%2C+1409093103%20%3B&vpid=755&apid=156602&referrer=http%3A%2F%2Fwww.liutilities.com%2Fadsense5.html&ct=0&rsrc=2&dlo=1#7202742558010817667].
Warning: attempting to write 4257 bytes to preference sites. This is bad for general performance and memory usage. Such an amount of data should rather be written to an external file.
Warning: attempting to write 4506 bytes to preference sites. This is bad for general performance and memory usage. Such an amount of data should rather be written to an external file.
us-u.openx.net : server does not support RFC 5746, see CVE-2009-3555
Warning: attempting to write 5124 bytes to preference sites. This is bad for general performance and memory usage. Such an amount of data should rather be written to an external file.
[NoScript InjectionChecker] JavaScript Injection in ///if?enc=MzMzMzMzwz8zMzMzMzPDP-Olm8QgsAZAAAAAAAAA8D8AAAAAAADwP-cfXYbTpTx7ElWw-hau5W7GEv1TAAAAANSIHwC1AAAAnAIAAAIAAABgXxwB0WMAAAAAAQBVU0QAVVNEACwB-gB9wQAAUMUBAgUAAQIAAIoA9B8TbgAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa=l&ai=C42CKxhL9U9T5KJH7-QPjwoLYDoj_j8oF8I_I73jAjbcBEAEgAFCAx-HEBGD9sPSAzAOCARdjYS1wdWItMTk1MDEzNzk5MjYyMzA2OKAB-MK51wPIAQmoAwGYBACqBIEBT9BfsBBYm3dyEtI1hREkOm2sjXMyfqyFqbV0i4bnDXC3xAnHBXRxb5_wUM2-oq3Fx_PgSa0V3_tywhv-h-GDXDVvrWuc0O8-4BTJd8bvL8qobxuMhxO6uZSamTQ9cT4dn5Skkah2QtizmRZE9vbcvIidl2PGcU6vhc5THr38BnpngAaE0_rXqpuCpfwBoAYh&num=1&sig=AOD64_3-iqfTgV_cxE4J7RmmZEkRmbNXaQ&client=ca-pub-1950137992623068&adurl=&tt_code=answers.com&cnd=!7yD8ZAjdna8CEOC-8QgYACDRxwEwATgAQABInAVQ1JF-WABgwgZoAHAAeACAAQCIAQCQAQGYAQGgAQKoAQOwAQC5AQAAAAAAAPA_wQEAAAAAAADwP8kBcaOy35bD8T_ZAQAAAAAAAPA_4AHE_Ab1AQAAAAA.&ccd=!rAb2Pgjdna8CEOC-8QgY0ccBIAA.&udj=uf('a', 287750, 1409094342);uf('c', 4968157, 1409094342);uf('g', 1283668, 1409094342);uf('r', 18636640, 1409094342);ppv(166226, '8880154893178707943', 1409094342, 1411686342, 4968157, 25553, 0, 0, 2592000);ppv(166236, '8880154893178707943', 1409094342, 1411686342, 4968157, 25553, 0, 0, 2592000);ppv(166226, '8880154893178707943', 1409094342, 1411686342, 4968157, 25553, 0, 0, 2592000);ppv(166236, '8880154893178707943', 1409094342, 1411686342, 4968157, 25553, 0, 0, 2592000);&vpid=880&apid=102&referrer=http://www.answers.com/topic/wikipedia&custom_macro=CP_ID^4968157^ADV_ID^287750&media_subtypes=1&ct=9&rsrc=3&dlo=1
(function anonymous() {
uf('a', 287750, 1409094342);uf('c', 4968157, 1409094342) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious request. Original URL [http://lax1.ib.adnxs.com/if?enc=MzMzMzMzwz8zMzMzMzPDP-Olm8QgsAZAAAAAAAAA8D8AAAAAAADwP-cfXYbTpTx7ElWw-hau5W7GEv1TAAAAANSIHwC1AAAAnAIAAAIAAABgXxwB0WMAAAAAAQBVU0QAVVNEACwB-gB9wQAAUMUBAgUAAQIAAIoA9B8TbgAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DC42CKxhL9U9T5KJH7-QPjwoLYDoj_j8oF8I_I73jAjbcBEAEgAFCAx-HEBGD9sPSAzAOCARdjYS1wdWItMTk1MDEzNzk5MjYyMzA2OKAB-MK51wPIAQmoAwGYBACqBIEBT9BfsBBYm3dyEtI1hREkOm2sjXMyfqyFqbV0i4bnDXC3xAnHBXRxb5_wUM2-oq3Fx_PgSa0V3_tywhv-h-GDXDVvrWuc0O8-4BTJd8bvL8qobxuMhxO6uZSamTQ9cT4dn5Skkah2QtizmRZE9vbcvIidl2PGcU6vhc5THr38BnpngAaE0_rXqpuCpfwBoAYh%26num%3D1%26sig%3DAOD64_3-iqfTgV_cxE4J7RmmZEkRmbNXaQ%26client%3Dca-pub-1950137992623068%26adurl%3D&tt_code=answers.com&cnd=%217yD8ZAjdna8CEOC-8QgYACDRxwEwATgAQABInAVQ1JF-WABgwgZoAHAAeACAAQCIAQCQAQGYAQGgAQKoAQOwAQC5AQAAAAAAAPA_wQEAAAAAAADwP8kBcaOy35bD8T_ZAQAAAAAAAPA_4AHE_Ab1AQAAAAA.&ccd=%21rAb2Pgjdna8CEOC-8QgY0ccBIAA.&udj=uf%28%27a%27%2C+287750%2C+1409094342%29%3Buf%28%27c%27%2C+4968157%2C+1409094342%29%3Buf%28%27g%27%2C+1283668%2C+1409094342%29%3Buf%28%27r%27%2C+18636640%2C+1409094342%29%3Bppv%28166226%2C+%278880154893178707943%27%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%29%3Bppv%28166236%2C+%278880154893178707943%27%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%29%3Bppv%28166226%2C+%278880154893178707943%27%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%29%3Bppv%28166236%2C+%278880154893178707943%27%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%29%3B&vpid=880&apid=102&referrer=http%3A%2F%2Fwww.answers.com%2Ftopic%2Fwikipedia&custom_macro=CP_ID%5E4968157%5EADV_ID%5E287750&media_subtypes=1&ct=9&rsrc=3&dlo=1] requested from [http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1950137992623068&output=html&h=250&slotname=8734772518&adk=4114715827&w=300&ea=0&flash=14.0.0&url=http%3A%2F%2Fwww.answers.com%2Ftopic%2Fwikipedia%23Positive_reinforcement&dt=1409094380783&bpp=31&bdt=M&shv=r20140821&cbv=r20140417&saldr=sa&correlator=2282777693979&frm=23&ga_vid=576753550.1409094381&ga_sid=1409094381&ga_hid=1721564746&ga_fc=0&u_tz=-420&u_his=14&u_java=0&u_h=720&u_w=1280&u_ah=720&u_aw=1280&u_cd=24&u_nplug=5&u_nmime=51&dff=serif&dfs=16&adx=928&ady=1558&biw=1039&bih=229&isw=300&ish=250&ifk=2283104636&eid=317150304&oid=3&rx=0&eae=2&fc=8&vis=1&abl=CS&ppjl=u&fu=4&ifi=1&dtd=581]. Sanitized URL: [http://lax1.ib.adnxs.com/if?enc=MzMzMzMzwz8zMzMzMzPDP-Olm8QgsAZAAAAAAAAA8D8AAAAAAADwP-cfXYbTpTx7ElWw-hau5W7GEv1TAAAAANSIHwC1AAAAnAIAAAIAAABgXxwB0WMAAAAAAQBVU0QAVVNEACwB-gB9wQ20UMUBAgUAAQIAAIoA9B8TbgAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DC42CKxhL9U9T5KJH7-QPjwoLYDoj_j8oF8I_I73jAjbcBEAEgAFCAx-HEBGD9sPSAzAOCARdjYS1wdWItMTk1MDEzNzk5MjYyMzA2OKAB-MK51wPIAQmoAwGYBACqBIEBT9BfsBBYm3dyEtI1hREkOm2sjXMyfqyFqbV0i4bnDXC3xAnHBXRxb5_wUM2-oq3Fx_PgSa0V3_tywhv-h-GDXDVvrWuc0O8-4BTJd8bvL8qobxuMhxO6uZSamTQ9cT4dn5Skkah2QtizmRZE9vbcvIidl2PGcU6vhc5THr38BnpngAaE0_rXqpuCpfwBoAYh%26num%3D1%26sig%3DAOD64_3-iqfTgV_cxE4J7RmmZEkRmbNXaQ%26client%3Dca-pub-1950137992623068%26adurl%3D&tt_code=answers.com&cnd=!7yD8ZAjdna8CEOC-8QgYACDRxwEwATgAQ20InAVQ1JF-WABgwgZoAHAAeACAAQCIAQCQAQGYAQGgAQKoAQOwAQ20AQ20AAAAAPA_wQ20AAAAAADwP8kBcaOy35bD8T_ZAQ20AAAAAPA_4AHE_Ab1AQ20AAA.&ccd=%21rAb2Pgjdna8CEOC-8QgY0ccBIAA.&udj=uf%20%20a%20%2C+287750%2C+1409094342%20%3Buf%20%20c%20%2C+4968157%2C+1409094342%20%3Buf%20%20g%20%2C+1283668%2C+1409094342%20%3Buf%20%20r%20%2C+18636640%2C+1409094342%20%3Bppv%20166226%2C+%208880154893178707943%20%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%20%3Bppv%20166236%2C+%208880154893178707943%20%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%20%3Bppv%20166226%2C+%208880154893178707943%20%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%20%3Bppv%20166236%2C+%208880154893178707943%20%2C+1409094342%2C+1411686342%2C+4968157%2C+25553%2C+0%2C+0%2C+2592000%20%3B&vpid=880&apid=102&referrer=http%3A%2F%2Fwww.answers.com%2Ftopic%2Fwikipedia&custom_macro=CP_ID%5E4968157%5EADV_ID%5E287750&media_subtypes=1&ct=9&rsrc=3&dlo=1#5817519043731816302].
[NoScript InjectionChecker] JavaScript Injection in ///N7454/adi/Conduit.Bing;sz=300x250;src=69;IR=true;kw=W3sidCI6MTQwOTEwMzYwMDAwMCwiZiI6MSwiayI6IndoYXQgaXMgbnRrcm5sbXAuZXhlIn0seyJ0IjoxNDA5MTAxNjIwMDAwLCJmIjoxLCJrIjoibnRrIn0seyJ0IjoxNDA5MDk5OTQwMDAwLCJmIjoxLCJrIjoibnRvc2tybmwuZXhlIFN5c3RlbSJ9XQ$;spid=Bing;acid=CT3318522;test_group=;ord=3346768178121303
(function anonymous() {
src=69;IR=true;kw=W3sidCI6MTQwOTEwMzYwMDAwMCwiZiI6MSwiayI6IndoYXQgaXMgbnRrcm5sbXAuZXhlIn0seyJ0IjoxNDA5MTAxNjIwMDAwLCJmIjoxLCJrIjoibnRrIn0seyJ0IjoxNDA5MDk5OTQwMDAwLCJmIjoxLCJrIjoibnRvc2tybmwuZXhlIFN5c3RlbSJ9XQ$ /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

barbaz
Senior Member
Posts: 9319
Joined: Sat Aug 03, 2013 5:45 pm

Re: suspicious scipts

Post by barbaz » Wed Aug 27, 2014 2:34 am

cobrakel67 wrote:Hi guys ..I just wanted to stop buy and offer some help ,i would like to help any one with a excellent software product that actually works and has saved my buttt..and noscipt is one of them

If you see any topic on these forums that you're reasonably sure you know the answer to, feel free to post.
Also, if you have any custom (non-default) surrogate scripts that are helpful, you could post them in the surrogates forum.

cobrakel67 wrote:also i see doubleclick.net as well these guys are apain in the butt..are they associated with google?

They are owned by Google.

cobrakel67 wrote:and of course conduit ...i really hate these guys they have caused nothing but problems for me and a ton of others
I would love to get them blaclisted permanantly.....is there a way ?

In NoScript? If you have a complete list of all conduit related domains, go to NoScript Options -> Advanced -> ABE -> USER, then at the top of that ruleset, add something like

Code: Select all

Site .CONDUIT_2ND_LEVEL_DOMAIN_1 .CONDUIT_2ND_LEVEL_DOMAIN_2
Deny

replacing CONDUIT_2ND_LEVEL_DOMAIN... with actual conduit 2nd-level domains

Outside of NoScript, you could block their domains by pointing them all to 0.0.0.0 in your HOSTS file or using a custom DNS server that returns NXDOMAIN for all conduit related domains. Kinda hackish solutions, but they'll work.

cobrakel67 wrote:16.PROGRAMS ARE DELETED BUT THE EMPTY FOLDER NAME IS STILL THERE

That could be normal. I've seen that repeatedly on Windows systems that I'm sure aren't infected.
Unless you mean without user interaction to remove the programs?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 SeaMonkey/2.28

Post Reply