Rules
Terms of Use

Topic Options
#1017908 - Mon Oct 28 2013 01:12 PM Legit or nasty?
agony Online   content

Administrator

Registered: Sat Mar 29 2003
Posts: 13175
Loc: Western Canada
A blog I often visit has started giving me a popup every time I go there, telling me I need to update Java. OK, I thought, and clicked on "Continue". Up jumps my virus protector, telling me it's just prevented something invasive.

So, I went over to Java, and updated from there, thinking that if it's legit and I really do need to update, this will take care of it.

Trouble is, I'm still getting this popup, and now it's so insistent I can't access the blog at all.

What are the chances that this is real, and I should just follow the prompts on that popup - that the virus protector hitting something just then was a coincidence? If they do have something nasty on the blog, is there a way I can read it?

Top
#1017953 - Mon Oct 28 2013 04:38 PM Re: Legit or nasty? [Re: agony]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 873
Loc: Minnesota USA
The latest version of Java is Version 7 Update 45. If you have that installed (which I assume you do since you said you updated) then there may be a couple different reasons for the popup. It could be malware/spyware. You could have more than once instance of Java installed on your system and the blog you are visiting is confused on which one to use, so assumes you are not up to date because you have more than one. I'd say those are the two most likely scenarios.

Check in your add/remove programs and see if there is a Java Version 6 installed in there, or Java FX. If there is, remove them. If you don't know if you need them or not, you don't need them.

Just out of my own curiosity, what is the site you are visiting? (if you don't wish to share in an open forum, PM is fine. if you don't wish to share period, that's fine too, just wondering)


Edited by pyonir (Mon Oct 28 2013 04:53 PM)

Top
#1017974 - Mon Oct 28 2013 06:13 PM Re: Legit or nasty? [Re: agony]
agony Online   content

Administrator

Registered: Sat Mar 29 2003
Posts: 13175
Loc: Western Canada
It's Joemygod - if you aren't a social liberal you won't like it much. Strong focus on LGBT issues.

I ran a spywear search, and cleared my cache, and that gave me access to the blog but not to the comments. I'll try clearing out any other Java I have, and see what that does.

Top
#1017976 - Mon Oct 28 2013 06:26 PM Re: Legit or nasty? [Re: agony]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 873
Loc: Minnesota USA
Wow, that site has a ton of data on it. It pulls scripts from at least 17 different sources. I'm not surprised that issues would arise. I didn't get a Java error, but I use a browser add-on called "NoScript" that blocks individual scripts unless I allow them. So it may be coming from one of the 17+ places he pulls info from. It's kinda hard to narrow that down further...it could be coming from an ad on one of the ad sites he uses (also something I block).

What browser are you using?

I usually use Firefox, but tried the site in Internet Explorer and didn't get a Java notice. But I was not able to view any of the comments either. I'd say it's a bit beyond my expertise to assess what's going on further.

Top
#1017980 - Mon Oct 28 2013 07:02 PM Re: Legit or nasty? [Re: agony]
agony Online   content

Administrator

Registered: Sat Mar 29 2003
Posts: 13175
Loc: Western Canada
It was giving me trouble with both Firebox and IE earlier, but now that it's not so bad maybe IE will work. I don't like it though and prefer not to use it.

I'll try blocking the ads - can't hurt.

Top
#1017984 - Mon Oct 28 2013 07:21 PM Re: Legit or nasty? [Re: agony]
agony Online   content

Administrator

Registered: Sat Mar 29 2003
Posts: 13175
Loc: Western Canada
Well, taking the advice of my daughter's very nice boyfriend, I cleared my offline web content and it seems to have taken care of it. I owe the boy some brownies. He agreed with you that it was spyware, and gave me some advice on keeping things a little cleaner - I tend to ignore all maintenance until trouble appears.

Thanks so much for your help.

Top
#1018012 - Mon Oct 28 2013 10:36 PM Re: Legit or nasty? [Re: agony]
MiraJane Offline
Prolific

Registered: Tue Apr 30 2013
Posts: 1186
Loc: New York USA
You might want to send a note to the person that runs the blog about this issue. He may be able to stop it from happening to other people. Plus, others might not be as cautious as you and actually install the whatever it is you were being asked to install.

Top
#1018106 - Tue Oct 29 2013 10:43 AM Re: Legit or nasty? [Re: agony]
agony Online   content

Administrator

Registered: Sat Mar 29 2003
Posts: 13175
Loc: Western Canada
Good idea - I did that just now, and he's sent me a message asking for a screen shot.

Top
#1018199 - Wed Oct 30 2013 01:37 AM Re: Legit or nasty? [Re: agony]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5386
Loc: South of England
I've only just read this thread but I'm pleased to know that all is well Agony. A good job the AV program protected against installing something that would probably have caused problems. The decision to bail out at that point and go to the Java download site was certainly a good one. It seems that whatever was trying to install could have been using Java as a way of infecting the computer.

I've been to the mentioned blog site and no message popped up for me but then I don't have Java installed at all and haven't done for more than a couple of years. Not many sites use Java applets these days and so Java is hardly ever needed anyway. In view of the fact it seems to suffer from one vulnerability after another, perhaps try following Pyonir's advice. Uninstall Java and see how you get along without it. If you don't want to do that, at least disable the Java plugin in your browser.

Hello Pyonir. I may have mentioned Sandboxie before as being a good alternative to NoScript but perhaps still worth a mention from time to time. It means all scripts run but are contained within a sandbox. No decisions have to be made about which scripts are needed for correct page display and those that should be blocked because they might be unsafe.

Another general advantage being that the sandbox protects against malware that an AV program may not know about and therefore lets into the system without an alert.


Edited by tellywellies (Wed Oct 30 2013 01:39 AM)
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1018214 - Wed Oct 30 2013 04:04 AM Re: Legit or nasty? [Re: agony]
WesleyCrusher Offline

Administrator

Registered: Thu Sep 04 2008
Posts: 4663
Loc: Germany
I'm personally a big fan of NoScript, it not only prevents malware, but also blocks a lot of ads and other things I may or may not want.
_________________________
FunTrivia Editor (Hobbies and Sci/Tech) and Administrator
Guardian of the Tower

Top
#1018258 - Wed Oct 30 2013 05:05 AM Re: Legit or nasty? [Re: agony]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 873
Loc: Minnesota USA
Thanks telly, I do know of Sandboxie, but haven't found the need to use it yet. I'm pretty deliberate in what I allow through and don't and have had zero issues doing this way. I use NoScript, but also Adblock Plus and Flashblock; but also rarely (if ever) visit sites I might have an issue on. Ad servers are a huge liability and I've even seen users infected from ads on legit computer help forums, even. The malware can slip in anywhere.

Anyway, I may go with Sandboxie in the future...I just haven't taken the plunge because what I have been doing has worked for me so far. I say that and of course now I'll get something and then start using it. :p

As for the Java issue...I agree with telly. If you don't visit sites that use it (and there aren't many) just remove it. I frequent a game site that requires it, so have it installed. That's the only site that uses it that I go to though.

Top

Moderator:  flopsymopsy, ladymacb29