Thu 21-Jun-2012 19:40
As the title states, all links I click on on pretty much 90% of trusted websites result in the 'High risk website blocked' text box appearing with the following:
'Acces has been blocked to "def.jpisyncer.info/worker/init.js" as 'Mal/HTML Gen-A' has been found at this website.
I find it unusual that this is happening on a lot of sites I visit, again, ones that are highly trust worthy.
Any help would be appreciated.
Solved! Go to Solution.
Thu 21-Jun-2012 20:09
There are a few potential causes for this, One option is that your web browser has been compromised with a third party plugin. Do you get the same bheaviour with another browser? IE/Firefox/Chrome/Opera for example? Essentially is it browser specific? This would help narrow it down.
If not at the browser level then it could be at the system level For example if all of the sites you have tested share a common third party component. For example Google Analytics, http://www.google-analytics.com/ga.js. If a piece of malware on your machine was able to get your client to request: def.jpisyncer.info/worker/init.js instead of http://www.google-analytics.com/ga.js, then you'd see the behaviour you describe. There are many ways that malware could do this unfortunately.
I would first check out your hosts file to see if that's where the redirection is coming from. If you look in you host file, does it have a bunch of strange address entries, IP addresses? Maybe post the contents here if you're unsure. If so, take a backup of the hosts file and reset it as per: http://support.microsoft.com/kb/972034.
Have you recently run a full scan of your machine with up to date SAV?
Thu 21-Jun-2012 20:53
Many thanks for the quick response.
It seems to be browser specific (I use Chrome), does that make it easier to diagnose?
I reset the host but the problem still seems to be persisting. I'm just running a full scan now which might shed some more light.
Any further help would be great.
Thu 21-Jun-2012 21:09 - edited Thu 21-Jun-2012 21:24
Just to make sure. the other browser you tried is supported by Sophos? I.e. it was IE, Firefox, Safari, Opera for example?
If you're main symptom is the alert it would be wotth confirming that the other browser you tested with can alert. To do so, if you go to:
with the other browser I assume you get the same High Risk Website Blocked message?
It might be worth putting the address:
into Chrome and see what's loaded., maybe disable anything you don't recongise.
Or to disable all, go into Chrome Settings: chrome://chrome/settings// Click on "Show advanced settings" at the bottom of the page, then under "Privacy" section click on "Content settings..." then under "Plugins" section you can click block all as a test.
Thu 21-Jun-2012 21:34
Yup, the other browser was IE. Tested it with the link and the same dialogue box appears.
Tried the other suggestions and the same is still happening :/
Anywhere I can go from here? Bar throwing my laptop out the window?
Thu 21-Jun-2012 21:50
I would suggest giving Support a quick call so they can run through some options, get some logs from the machine to determine what's happening.
Applications I would use to better understand what's going on would be:
Between these it should be possible to understand the cause and fix it if you know what to look for.
Fri 22-Jun-2012 11:40
Just wanted to say thanks once for helping out. I think I may have found the problem.
I also ran chrome without plugins and extensions and it turns out that when I do, the problem goes away. I found an extension that I didn't recognise 'Codecv', and it didn't have any ligitmate logos or affiliations, et voila, when I disabled it the problem went away.
I found this description on the net of the bug;
'CodecV Hijacker is an infection which can take over and change your browser’s default home page, redirect the search results of Google, Yahoo, Bing and other search engines to some malicious page, constantly harass you system with countless pop-ups and ads, slow down you internet speed and make your system run like snails. Obviously, CodecV Hijacker degrades you PC performance seriously and makes you computer be full of system vulnerabilities, giving an easy access for the hackers. CodecV Hijacker is associated with browser hijackers and rootkit infections such as ZeroAccess rootkit, Google Results Hijacker, Google Redirect Hijacker, etc. What’s worse, CodecV Hijacker can track your web browser’s activities to collect your confidential information without consent and send them to the offenders, who aim at gaining profit from you. Besides, it is capable of escaping from the detection of anti-virus program and firewalls.'
Is it the case that Sophos can't detect this bug? I ran a full scan last night and the only anomaly it came up with was that 4 items couldnt be accessed.
Anyway, thanks again!
Fri 22-Jun-2012 12:37
Glad you found the problem. If you still have it listed and just disabled, in the plugins interface in Chrome, there is a "Details" link at the top right. This might give a location on disk of the plugin, maye a DLL file?
You could submit that file to SophosLabs: https://secure2.sophos.com/en-us/support/contact-s
with a brief description. They may classify the plugin as something to block in some form.
Fri 02-May-2014 13:21 - edited Fri 02-May-2014 13:22
I just figured out a way to have all websites and downloads unblocked by Sophos (just be careful as ALL websites and downloads are unblocked). I'm using a Macbook Air (OS X 10.8.3 if you really want to know...)
This is what I did:
1. Open Applications.
2. Find 'Sophos Anti-Virus' and open it (or just search it in the Spotlight).
3. Click on 'Sophos Anti-Virus' in the menu bar (next to the apple).
4. Scroll down and click on 'Preferences' (or ⌘ Command + ,).
5. Click on the lock on the bottom left. This requires you to type in an administrator's name and password.
6. Click on 'Web Protection' in the toolbar.
7. Click on 'General' (if not already in General).
8. Click on the top Off-On slider to 'Off' to unblock access to "malicious websites."
9. Click on the bottom Off-On slider to 'Off' to unblock access to "malicious downloads" from websites.
These are the descriptions of the sliders:
"Block access to malicious websites using realtime URL reputation checks. This feature protects your Mac from sites identified to be hosting malicious content, or representing a significant security concern."
"Block malicious downloads from websites, protecting your Mac from obfuscated, polymorphic and zero-day threats before reaching your browser."