Thu 21-Jun-2012 19:40
As the title states, all links I click on on pretty much 90% of trusted websites result in the 'High risk website blocked' text box appearing with the following:
'Acces has been blocked to "def.jpisyncer.info/worker/init.js" as 'Mal/HTML Gen-A' has been found at this website.
I find it unusual that this is happening on a lot of sites I visit, again, ones that are highly trust worthy.
Any help would be appreciated.
Solved! Go to Solution.
Thu 21-Jun-2012 20:09
There are a few potential causes for this, One option is that your web browser has been compromised with a third party plugin. Do you get the same bheaviour with another browser? IE/Firefox/Chrome/Opera for example? Essentially is it browser specific? This would help narrow it down.
If not at the browser level then it could be at the system level For example if all of the sites you have tested share a common third party component. For example Google Analytics, http://www.google-analytics.com/ga.js. If a piece of malware on your machine was able to get your client to request: def.jpisyncer.info/worker/init.js instead of http://www.google-analytics.com/ga.js, then you'd see the behaviour you describe. There are many ways that malware could do this unfortunately.
I would first check out your hosts file to see if that's where the redirection is coming from. If you look in you host file, does it have a bunch of strange address entries, IP addresses? Maybe post the contents here if you're unsure. If so, take a backup of the hosts file and reset it as per: http://support.microsoft.com/kb/972034.
Have you recently run a full scan of your machine with up to date SAV?
Thu 21-Jun-2012 20:53
Many thanks for the quick response.
It seems to be browser specific (I use Chrome), does that make it easier to diagnose?
I reset the host but the problem still seems to be persisting. I'm just running a full scan now which might shed some more light.
Any further help would be great.
Thu 21-Jun-2012 21:09 - edited Thu 21-Jun-2012 21:24
Just to make sure. the other browser you tried is supported by Sophos? I.e. it was IE, Firefox, Safari, Opera for example?
If you're main symptom is the alert it would be wotth confirming that the other browser you tested with can alert. To do so, if you go to:
with the other browser I assume you get the same High Risk Website Blocked message?
It might be worth putting the address:
into Chrome and see what's loaded., maybe disable anything you don't recongise.
Or to disable all, go into Chrome Settings: chrome://chrome/settings// Click on "Show advanced settings" at the bottom of the page, then under "Privacy" section click on "Content settings..." then under "Plugins" section you can click block all as a test.
Thu 21-Jun-2012 21:34
Yup, the other browser was IE. Tested it with the link and the same dialogue box appears.
Tried the other suggestions and the same is still happening :/
Anywhere I can go from here? Bar throwing my laptop out the window?
Thu 21-Jun-2012 21:50
I would suggest giving Support a quick call so they can run through some options, get some logs from the machine to determine what's happening.
Applications I would use to better understand what's going on would be:
- Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb
- Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb
- Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb
Between these it should be possible to understand the cause and fix it if you know what to look for.
Fri 22-Jun-2012 11:40
Just wanted to say thanks once for helping out. I think I may have found the problem.
I also ran chrome without plugins and extensions and it turns out that when I do, the problem goes away. I found an extension that I didn't recognise 'Codecv', and it didn't have any ligitmate logos or affiliations, et voila, when I disabled it the problem went away.
I found this description on the net of the bug;
'CodecV Hijacker is an infection which can take over and change your browser’s default home page, redirect the search results of Google, Yahoo, Bing and other search engines to some malicious page, constantly harass you system with countless pop-ups and ads, slow down you internet speed and make your system run like snails. Obviously, CodecV Hijacker degrades you PC performance seriously and makes you computer be full of system vulnerabilities, giving an easy access for the hackers. CodecV Hijacker is associated with browser hijackers and rootkit infections such as ZeroAccess rootkit, Google Results Hijacker, Google Redirect Hijacker, etc. What’s worse, CodecV Hijacker can track your web browser’s activities to collect your confidential information without consent and send them to the offenders, who aim at gaining profit from you. Besides, it is capable of escaping from the detection of anti-virus program and firewalls.'
Is it the case that Sophos can't detect this bug? I ran a full scan last night and the only anomaly it came up with was that 4 items couldnt be accessed.
Anyway, thanks again!
Fri 22-Jun-2012 12:37
Glad you found the problem. If you still have it listed and just disabled, in the plugins interface in Chrome, there is a "Details" link at the top right. This might give a location on disk of the plugin, maye a DLL file?
You could submit that file to SophosLabs: https://secure2.sophos.com/en-us/support/contact-s
with a brief description. They may classify the plugin as something to block in some form.