Reply
Visitor
ea210
Posts: 4
Registered: ‎Thu 21-Jun-2012
0
Accepted Solution

Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

Hi All,

 

As the title states, all links I click on on pretty much 90% of trusted websites result in the 'High risk website blocked' text box appearing with the following:

 

'Acces has been blocked to "def.jpisyncer.info/worker/init.js" as 'Mal/HTML Gen-A' has been found at this website.

 

I find it unusual that this is happening on a lot of sites I visit, again, ones that are highly trust worthy. 

 

Any help would be appreciated.

 

Thanks.

Executive VIP
jak
Posts: 1,738
Registered: ‎Sat 19-Dec-2009
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

HI,

 

There are a few potential causes for this,  One option is that your web browser has been compromised with a third party plugin.  Do you get the same bheaviour with another browser?  IE/Firefox/Chrome/Opera for example?  Essentially is it browser specific?  This would help narrow it down.

 

If not at the browser level then it could be at the system level  For example if all of the sites you have tested share a common third party component.  For example Google Analytics, http://www.google-analytics.com/ga.js.  If a piece of malware on your machine was able to get your client to request: def.jpisyncer.info/worker/init.js instead of http://www.google-analytics.com/ga.js, then you'd see the behaviour you describe.  There are many ways that malware could do this unfortunately.

 

I would first check out your hosts file to see if that's where the redirection is coming from.   If you look in you host file, does it have a bunch of strange address entries, IP addresses?  Maybe post the contents here if you're unsure.  If so, take a backup of the hosts file and reset it as per: http://support.microsoft.com/kb/972034.

 

Have you recently run a full scan of your machine with up to date SAV?

 

Regards,

Jak

Visitor
ea210
Posts: 4
Registered: ‎Thu 21-Jun-2012
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

 

Hey,

 

Many thanks for the quick response.

 

It seems to be browser specific (I use Chrome), does that make it easier to diagnose?

 

I reset the host but the problem still seems to be persisting. I'm just running a full scan now which might shed some more light.

 

Any further help would be great.

Executive VIP
jak
Posts: 1,738
Registered: ‎Sat 19-Dec-2009
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

[ Edited ]

HI,

 

Just to make sure. the other browser you tried is supported by Sophos?  I.e. it was IE, Firefox, Safari, Opera for example?  

 

If you're main symptom is the alert it would be wotth confirming that the other browser you tested with can alert.  To do so, if you go to:

 

http://sophostest.com/malware/index.html



with the other browser I assume you get the same High Risk Website Blocked message?

 

It might be worth putting the address: 

 

chrome://plugins/

 

into Chrome and see what's loaded., maybe disable anything you don't recongise.  

 

Or to disable all, go into Chrome Settings: chrome://chrome/settings//  Click on "Show advanced settings" at the bottom of the page, then under "Privacy" section click on "Content settings..." then under "Plugins" section you can click block all as a test.

 

Regards,

Jak

Visitor
ea210
Posts: 4
Registered: ‎Thu 21-Jun-2012
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

Yup, the other browser was IE. Tested it with the link and the same dialogue box appears.

 

Tried the other suggestions and the same is still happening :/

 

Anywhere I can go from here? Bar throwing my laptop out the window?

 

Executive VIP
jak
Posts: 1,738
Registered: ‎Sat 19-Dec-2009
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

HI,

 

I would suggest giving Support a quick call so they can run through some options, get some logs from the machine to determine what's happening.

 

Applications I would use to better understand what's going on would be:

 

Between these it should be possible to understand the cause and fix it if you know what to look for.

 

Regards,

Jak

Visitor
ea210
Posts: 4
Registered: ‎Thu 21-Jun-2012
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

Just wanted to say thanks once for helping out. I think I may have found the problem.

 

I also ran chrome without plugins and extensions and it turns out that when I do, the problem goes away. I found an extension that I didn't recognise 'Codecv', and it didn't have any ligitmate logos or affiliations, et voila, when I disabled it the problem went away. 

 

I found this description on the net of the bug;

 

'CodecV Hijacker is an infection which can take over and change your browser’s default home page, redirect the search results of Google, Yahoo, Bing and other search engines to some malicious page, constantly harass you system with countless pop-ups and ads, slow down you internet speed and make your system run like snails. Obviously, CodecV Hijacker degrades you PC performance seriously and makes you computer be full of system vulnerabilities, giving an easy access for the hackers. CodecV Hijacker is associated with browser hijackers and rootkit infections such as ZeroAccess rootkit, Google Results Hijacker, Google Redirect Hijacker, etc. What’s worse, CodecV Hijacker can track your web browser’s activities to collect your confidential information without consent and send them to the offenders, who aim at gaining profit from you. Besides, it is capable of escaping from the detection of anti-virus program and firewalls.'

 

Is it the case that Sophos can't detect this bug? I ran a full scan last night and the only anomaly it came up with was that 4 items couldnt be accessed.

 

Anyway, thanks again!

Executive VIP
jak
Posts: 1,738
Registered: ‎Sat 19-Dec-2009
0

Re: Almost all links I click on (even sites like IMDB) result in 'Mal/HTML Gen-A'

Hi,

 

Glad you found the problem.  If you still have it listed and just disabled, in the plugins interface in Chrome, there is a "Details" link at the top right.  This might give a location on disk of the plugin, maye a DLL file?

 

You could submit that file to SophosLabs: https://secure2.sophos.com/en-us/support/contact-support/sample-submission.aspx

with a brief description.  They may classify the plugin as something to block in some form.

 

Regards,

Jak