Possible to check website for spyware/malware/etc. by going there?

Topic

New Reply

Is there some way to check a site to see if there were any “baddies” on it that you’d end up with from just going to that site? I was trying to go to a certain site, and couldn’t remember the address, and ended up typing in the wrong address, and that web address I typed redirected to a webpage with a credit card offer. I hit the back button in my browser and a Firefox pop-up box came up asking me if I really wanted to leave the website (with yes or no buttons) and I clicked yes (though I guess I should have just closed Firefox) and it did go back to the previous page I was on. Then I closed Firefox and reopened (which clears my cache/cookies/etc.) and went to the correct site and went about my business.

Is there some way to find out if this web address (which redirects somewhere else) has anything I need to worry about having gotten on my computer just from visiting it by accident? Or from clicking “yes” when it asked if I really wanted to leave the page? Is it even possible that it could have done something bad in the first place?

I was using Firefox 15, and I have Microsoft Security Essentials running, and Windows updates are up to date as of last month (waiting for Woody’s “all clear” for this month still). (But I don’t want to install more programs to run scans, etc. I’d just rather find out if that site’s got anything bad on it, if possible.) I tried entering it into this site-check here: http://safeweb.norton.com — but it says that it hasn’t been scanned/checked by them.

Thanks and sorry to bug you folks!

PS. Did MSE full scan and Spybot scan and nothing turned up on my computer, fyi.

PPS. For some reason, I am now getting a weird buzz turning on and off from the laptop, but I’m guessing that’s I coincidence? (I have an HP 2000 Notebook, so I’m researching the sound now…)

Reply | Quote

Replies

Web of Trustis one such app. This installs as an add-on to the browser. Also MalwareBytes Prodoes check sites and automatically block them if they are suspicious.

Reply | Quote

Thanks for the reply. I’d like to avoid installing anything. Is there another legit/safe website that checks sites like the Norton one I listed? And/or is anyone willing to check the address for me if they’re set-up to do such a thing safely?

Is it even possible that what I described could have done something bad in the first place?

Update: I used this site–> http://onlinelinkscan.com and it came up all clear (though I’m not sure how it tests for redirected websites). So I guess the bigger question is the one in italics above. Thanks!

Reply | Quote

Any thoughts?

Thanks!

Reply | Quote

It’s possible but unlikely.

Bruce

Reply | Quote

Here’s another site you might try using to find out if a site might be infected (have no experience with them):

http://sucuri.net/

Reply | Quote

I have these all bookmarked for easy access….
http://www.virustotal.com (hit the “scan a URL” link, paste the url and hit “Scan It!”
http://www.unmaskparasites.com
http://www.urlvoid.com
http://www.mywot.com
http://www.surbl.org
http://www.hosts-file.net
All use different techniques and therefore can give different answers. For example, SURBL compares a given URL against lists of URLs pulled out of spam emails. (However, their recent addition of a captcha makes it a little more painful to use.)

I also find that with the firefox built in “Tools->Options->Security->Block reported attack sites” check box it occasionally intercepts browsing to sites and offers up an “are you sure?” screen.

When I researched this some time ago I found this list:
http://forum.sysinternals.com/free-Online-security-scans-for-suspicious-url-link_topic22045.html
The list above are my favourites from it.

Brino

Reply | Quote

As previously stated by Medico, Web of Trust is excellent BUT not if you input the address manually.
The safest method is to get registered with OpenDNS and use it,

Reply | Quote

Vipre Internet Security Suite automatically warns you about a website before letting you go to that website if you try to go to a bad one.

Vipre is far superior to Spybot.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Thanks for all the replies and suggestions! I’ve bookmarked a number of them and tested the mistake url on them and it seemed to check out. 🙂

Reply | Quote

No. Some sites can actually send out (dump) code just by mousing over the page. Just because some org’s say some sites are good or bad means very little these days since it seems any page can be glommed at any time after the white lister’s check them…. Malwarebytes and other watchers, and even SeaMonkey, Firefox et al may give warnings, but they are not definitive either. Always use your Back button to quit sites rather than any and all site pop-ups as they can also be keys to dump code as well. There is really only one safe way to browse and that is a virtual machine or sandbox, otherwise you are at always at risk. Can you tell if something was dumped? Yes, and no. Depends on how familiar you are with your own machine and its structure…. It is a very good idea to background a Registry gate package to prevent or at least alert you to registry change attempts as well, and can you read assembly, C++, Java, etc. from .tmp files, and others?

Reply | Quote

Or from clicking “yes” when it asked if I really wanted to leave the page? Is it even possible that it could have done something bad in the first place?

You thought you were clicking YES as a response to leaving the site.
You could have been clicking INSTALL as a command to your operating system to fix you with malware.

If I have any doubts about the site I never click anything on the page,
I prefer to click the ‘X’ on the right corner of the Tab above the page,
unless I know it is a bad site (e.g. a scare-ware pop-up pretends I have malware and offers to clean it)
then I do not panic but I abandon the mouse and use the keyboard for Ctrl-Alt-Del to summon Windows Task manager,
and then I close my Palemoon (Firefox but better) Application and switch to Processes to ensure that Palemoon and Plugin-container Processes are closed.
Then I feel I once more own my computer.

Reply | Quote

Some of these pop ups have been reprogrammed so that the Red X activates the malware rather than closing the pop up. Closing the browser, or using Task Manager to close the pop up is a safer way to close these pop ups.

Reply | Quote

I think you have done enough to be reasonably sure this incident has done no harm. If you want to do one more scan, consider SuperAntispyware. It is available as a portable scanner (although getting the SAS.COM download is a bit tricky as the links at the site are a bit messed up. Use the little link at the bottom of the page which says it’s for existing Technician users. It works just fine.). The Portable Scanner can be put onto a Flash Drive and run in Windows Safe Mode. This would be the maximum assurance nothing bad has happened.

That said, by far most page redirects are perfectly harmless and do not download anything nasty. A lot of websites, including banking sites, use redirects.

-- rc primak

Reply | Quote

I think you have done enough to be reasonably sure this incident has done no harm. If you want to do one more scan, consider SuperAntispyware. It is available as a portable scanner (although getting the SAS.COM download is a bit tricky as the links at the site are a bit messed up. Use the little link at the bottom of the page which says it’s for existing Technician users. It works just fine.). The Portable Scanner can be put onto a Flash Drive and run in Windows Safe Mode. This would be the maximum assurance nothing bad has happened.

Can you tell me step-by-step how to do this (re: running it from a thumb drive in safe-mode), by any chance? Also. why does it end with .COM instead of .EXE? And I want the .COM one, right? How does that work? Thanks!

Reply | Quote

I agree with alan.b and Medico, once you accidentally get to a questionable site you should suspect that everything on the page, and any pop-ups are malicious. Use task manager, or even better SysInternals Process Explorer (from here: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) and kill the browser instance. Process Explorer can be set as a replacement for task manager to open with ctrl-alt-del, and has many other improvements.

However, mpioso’s suggestion is even more secure; run your browser instance in a sandbox. Everytime I use SandboxIEit impresses me more and more. It can sandbox anything(not just IE, I use it with Firefox), and any other program your not 100% comfortable with. I’m not saying I’d run and warez and keygen crap, but it’s another level of protection. It’s amazing to see the registry and system changes an installer that runs inside a sandbox tries to make but cannot, all the changes are safely captured “within the box”.

I have no financial interest in them, just a very happy customer. The lifetime license(all future versions, all PCs you own) was absolutely worth the money!

Stay Safe!
Brino

Reply | Quote

Using OpenDNS is a good place to start. If you were using Internet Explorer I would recommend running SpywareBlaster. It’s less effective on FireFox, only blocking tracking cookies. Still, even though I use FireFox, I run it.

Reply | Quote

Well, before I felt good but now I’m completely paranoid. All the suggestions about how to run browser more securely, etc. is way beyond me. I generally don’t go to sites I don’t know — this was one mistake. And now I’m scared that clicking on the “yes” button when it asked me if I wanted to really leave the page (when I pressed the back button in Firefox at first) did something bad. I haven’t noticed anything weird on my laptop though.

Can I PM the website link to anybody willing to take a look themselves to see if going there and what I did actually has anything bad involved? Is there a safe way someone could test this?

Thanks!

Reply | Quote

I’m guessing I’m probably okay too… but the wrong address I typed in I think used to be for some kind of download site or something (I was just trying to go to an information site, but typed in the address my friend rattled off without thinking), and that actual site that used to be at the address is gone (I looked up that wrong web address after and saw a message board post that it was shut down or something — believe me, this is not where I intended to go!) — and what happened when I stupidly typed in the address is that it redirected to some other address (I really wish I had Firefox’s redirect warning option turned on at the time!) and what came up was a full page credit card offer for Mastercard or something. I hit the back button on the Firefox browser and the dialogue box came up asking me if I “really want to leave the page” and my friend told me the click yes (which I realize I shouldn’t have done — I should have just closed the browser). It did take me back to my previous page — and I then closed the browser. So, it’s a semi-suspicious scenario… but I know it doesn’t mean something bad happened or was there. (However, clicking the “do you really want to leave the page” is the part that really has me paranoid now after reading this last batch of posts here.)

So if anyone has a sandbox set-up mentioned here that they could go recreate this scenario and safely see if there’s something bad (in the web page code or something? I don’t know…), that would be very cool, helpful, and appreciated. Thanks again for the help and replies… but not the worries! 🙂

Reply | Quote

You mentioned Firefox, MSE, and Windows Updates, but you forgot to mention the important ones: if you have Flash or Java on your system. If you have one or both installed, and they are NOT up-to-date (Flash is currently 11.4.402.278, Java is either 6r35 or 7r7), I would uninstall them, remove any vestiges of them (especially look for Adobe, Macromed, Sun, or Oracle in the AppData or Application Data folders), and then reinstall them if you need them.

Reply | Quote

Odds are you are ok. If you are concerned, download and run Malwarebytes using a full scan.

jerry

Reply | Quote

Odds are you are ok. If you are concerned, download and run Malwarebytes using a full scan.

Do they have a portable scanner that you don’t have to install? If not, how “clean” does it install and uninstall? I thought I had seen mixed reviews (?). Thanks!

Reply | Quote

Malwarebytes doesn’t have a portable scanner as far as I can tell. If you don’t accept the free trial, it won’t run unless you invoke it. I have not heard of any uninstall issues. If you have any concerns, uninstall it with Revo Uninstaller. I have had great results with this software and heartily recommend it.

Jerry

Reply | Quote

Malwarebytes doesn’t have a portable scanner as far as I can tell.

A portable version is available by following bobprimak’s instructions above. I’ve just downloaded and run it.

Bruce

Reply | Quote

Bob Primak’s instructions were for Super Anti Spyware not Malwarebytes. Its a useful program to run as well though.

Jerry

Reply | Quote

Bob Primak’s instructions were for Super Anti Spyware not Malwarebytes. Its a useful program to run as well though.

Jerry

Sorry, I got confused by the mixed up product discussions.

Bruce

Reply | Quote

No problem. I seem to get mixed up more my self as I age not so gracefully.

Jerry

Reply | Quote

Whenever that happens, as a precaution, restore a restore point in System Restore that predates the event. If it predates the event, the Registry and the files that are installed can’t be infected. Also make sure that you do a full scan with MSE that checks every file.

You could also do a rootkit scan with Sophos Anti-Rootkit –

http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

Reply | Quote