pageoneresults - 3:00 pm on Jan 17, 2010 (gmt 0)

How are you defining a "malicious IP"?

I'm not, the software I'm utilizing is. I'll get a warning that a Malicious IP has been detected and then the link to that is no longer available for me to click.

P1R you should still rebuild your system from scratch. Never ever take chances with rootkits.

I'm pretty confident that my system is cleansed. I am considering a clean install but I've only had to do that once in the past 15 years. I have a bit of a challenge at hand when it comes to the various software programs I'm using.

There's no guarantee that the link you check today and passes muster won't be harboring a trojan tomorrow.

If you're diligent in maintaining trusted link partnerships, you'll have done everything you can to minimize that from happening. Which means that sites with an excess of outbound links are going to have a security challenge on their hands.

Where does your responsibility end and that of the visitor / other webmaster start? What if you delete a valuable link today and the linked site cleans up their hack tomorrow?

If the link is that valuable, I'm guessing it is a trusted link and that the typical malicious environment is not present. If I delete that link today, and they clean up tomorrow? Too bad. If it was that important, then I'll probably reinstate it. But, I seriously doubt that will happen on any regular basis.

What was your previous security software and what is it now?

Previous Security

Norton
TrojanHunter
Windows
Firewalled Router

Ever try to remove Norton? What a test of research skills that was!

Current Security

ESET
Malwarebytes
TrojanHunter
Windows
Firewalled Router

How did it get past my previous defenses? I know what those reading are going to say, Norton! You know, if you can't trust a company like Norton, who can you trust? Rhetoric question.

I did a search on Google for property in Dubai while participating in another WebmasterWorld topic. I clicked on one of the top results. Firefox froze for a few seconds and then the maliciousness began. There were so many popups that I couldn't figure out who was who. There were three Windows Security Alerts and they all looked similar. There were other alerts blended in that looked like Windows Security. At that point, it was too late. My audio had been modified, all sorts of weird stuff had taken place and I shut down and disconnected from the Internet. That's when all the crap started.

Note: iexplore.exe was the little bugger that was creating havoc. After I removed that from the system, I was able to start cleaning up. I sat there and watched via a system monitor and it was phoning home every 15 seconds, or trying to anyway. First thing I did was disable my connection to the Internet, at least I knew that much. What a learning experience this was too. I became extremely intimate with my system. :)

Confession: I was a bit overwhelmed with what to do when it started. I did know to reach over and disconnect the modem from communicating and, I knew I had to get into Safe Mode. From that point forward, it was search and research - then search and destroy.