Previous 1 2 3 4 Next 53 Replies Latest reply: Sep 16, 2009 6:56 AM by LarsRaggio
jackbrd Level 1 Level 1 (0 points)
This downloaded (quickly) without any prompting by me while I was using Safari. I immediately updated my software and trashed the file. Anyone know what this is?

Apple MacBook Pro, Mac OS X (10.5.8)
  • David M Brewer Level 6 Level 6 (9,275 points)
    You updated your software with what? And what software did you update? If your talking about the file you mention in your title. Macs can't use .exe files. So, you couldn't have used that file to update anything.

    Why in the first place would you execute an update with scanner-c517d_2015.exe when you don't know what it is...?
  • jackbrd Level 1 Level 1 (0 points)
    David - Thanks for your response. I wasn't clear in my initial message. I updated Apple software, thinking that if this was malware, an update might stop something bad from happening. Then I trashed that file without opening it... good to know that Macs can use .exe files.

    Question remains --- how did this download automatically? It just popped up on my screen and downloaded in less than two seconds before I could react.

    I've googled the name of the file and nothing turns up...
  • jackbrd Level 1 Level 1 (0 points)
    Oops. typo. Macs can't use .exe files
  • David M Brewer Level 6 Level 6 (9,275 points)
    Do you have the URL to that web site that downloaded that file? I would like to take a look at the site.
  • TNorm Level 1 Level 1 (5 points)
    Had the same experience. Ran Apple update for 10.5.8 on 09.10.2009. Opened Safari this morning, viewed nytimes.com, and window referencing antispywarescanner07.com opened without prompt. When I closed window, Scanner-1249_2006-63.exe downloaded. File details reference file opened 09.11.2009 11:52 pm. Any other thoughts?
  • jackbrd Level 1 Level 1 (0 points)
    Just checked my history and it started downloading again when I tried to copy the URL, which is: http://best-antivirus03.com/1/?sess=%3DmQ21jDxMiZpcD05OS4xMzcuOTEuMjA2JnRpbWU9MT I1NTcwNc0MaQ%3DM

    (Have trashed the file again)

    It might very well have been the NYTimes site (as with TNorm) since it was listed just before. Earthlink site was probably up as well.

    Any suggestions on how best to query NYTimes?
  • fposte Level 1 Level 1 (0 points)
    I've registered to say I had the same redirect to that URL this morning, running Firefox 10.5--while I was reading the New York Times site. A similar report has just popped up on the malwarebytes.com as well. I was so sure it couldn't be the NYT doing an old-fashioned malware redirect that I went trying to root out the DNS Changer trojan--but it looks like it's the NYT.
  • 1803kathie Level 1 Level 1 (0 points)
    Just wanted to add my name to the problem of getting switched to Virex antivirex stuff. I was into my homepage, which is NYTimes, clicked onto movies and something about George Clooney, and up popped the Virex stuff. Got out of all of it with my son's help. Now I'm wondering about my home page, and am worried about getting back into it!

    Any suggestions?
  • jimkessler Level 1 Level 1 (80 points)
    I was also at the New York Times Movie site - oddly enough, looking at the review for Hackers (1995). I was taken to the same site, and got this file - Scanner-815416_2006.exe. I did a little searching on the web, and found out this guy has a post called Fear Mongering, and he did a screenshot that was very similar to my screen: <http://kevintom.posterous.com/>
  • EAtam Level 1 Level 1 (0 points)
    Same thing happened to me when I was browsing the NY Times, I have pop-ups completely blocked and ad-block plus so I thought it odd I was redirected, but I knew it was fishy anyway. I was using the latest version of firefox, unlike Safari though. For some reason safari runs slower on my computer, not sure why.

    I don't think anything downloaded, but it directed me to best-antivirus03.com and it gave me a windows interface and started "scanning" for viruses. I immediately shut down my computer. I did a virus scan (I have intego virusbarrier x5) and it came up null. There doesn't appear to be a saved file or downloaded file or anything.

    Should I be concerned and do I need to do something to fix it? Also, when will it be "ok" to visit NY Times again? I'm assuming it's probably up to the web site people to fix whatever happened to their site so you probably don't know, but I thought I mine as well ask.

    I'm a bit ignorant on these things so I was just making sure it wasn't a problem.

    Message was edited by: EAtam
  • LarsRaggio Level 1 Level 1 (10 points)
    Just joined the list because the same thing happened to me this AM. Woke up iMac running Snow Leopard with yesterday's patch . . . opened NY Times, clicked Gail Collins column and immediately a blank white page with a small box offering a virus scan by "http.Best.Antivirus03.com" Scared **** out of me so I hit cancel, and off it went anyway just like I had hit OK, on a new page with all sorts of activity indicators flashing. No way to stop it so I bailed out of Firefox 3.5.3 and rebooted the computer . . . repeated it and same thing happened. Dumped out and opened Safari, went to NY Times clicked same column and no problem. Went to http://www.malwareurl.com/listing-urls.php?urls=off and found'antivirus03.com listed at the top of their latest malware discoveries. Not much of a geek so I don't know what this is but 'best-antivirus03.com' and 'antivirus-online-scan03.com' were both listed new Sept 12 as "Rogue Antivirus / Personal Antivirus - FakeXPA"
    Hope this helps. Could this have done anything to my single user computer? Thanks,

    Larry
  • ztoop Level 1 Level 1 (0 points)
    I just had this happen to me on NYTimes.com as well, with firefox 3.5.3 without any other site open. I am guessing that someone has either infiltrated their site or advertising in order to redirect links to this virus hosting site. I had a similar occurance yesterday on a linux computer, but I had so many sites open I didn't know which one did it.
  • mbateman Level 1 Level 1 (0 points)
    I had this happen to me also, using Safari: nytimes redirected to best-antivirus03 nonsense. I checked my DNS and it seems clean, so I too suspect that nytimes.com has been hijacked.
  • Clem Dickey Level 1 Level 1 (105 points)
    I have also seen this - about a week ago and twice today. From NY Times website, using Safari. I can't reproduce it now, though I'm trying by opening various NYT tabs.

    If someone sees this again, the Activity Window might provide a clue as to the redirect path from the NY Times to malware sites.
Previous 1 2 3 4 Next