Solved

Paranoia reigns


Userlevel 4
Hi Webrooters.....
 
Okay, so i opened an email that had an odd subject out of curiosity (something I should avoid....curiosity) and discovering it was a goofy and obvious phishing email, I did NOT click on the internal link, deleted the email, emptied my trash (you never can be too sure!) and went on, minding my own business.  I have been told that just opening an email will not download anything nasty onto my computer, so didn't think anything about it.
 
About ten minutes later I clicked on a link to a site I have safely clicked on almost daily for a long time and Webroot hit me with "the screen" that the link was unsafe and listed two identical links.  I quarantined them and followed the directions to get rid of them.  Webroot finished the scan, found another one and got rid of it, then ran another scan until it came up clean.
 
For the next several days, I'd get one or two Webroot screens for "suspicious activity" a day, which is really unusual, so would back out of whatever I was trying to access, but it seemed weird as they were not usually problem sites.  That has mostly stopped with only an occasional screen popping up now.
 
One....has it become unsafe to open an email?    Two....has anybody else had more activity with Webroot catching more "suspicious activity" screens lately?   I'm mostly curious (oops....there's that curiosity again!)   Nothing stranger than usual is acting up on my computer, but I'm running an iMac and figure I have a better than even chance that anything downloaded would be basically ignored by my system.  I know there is more out there attacking i-Everything now, but still......
 
I'm still happy to have Webroot watching out for me and my computer.  Hope everybody is having a good spring!  
icon

Best answer by nic 15 April 2015, 17:01

View original

18 replies

Userlevel 7
Badge +56
Couple of questions:
 
1. What are the sites that are being flagged?  That way we can look them up and make sure they aren't false positives
 
2. I wonder if something is trying to hijack your browser somehow, and that is what is causing the flags.  I'd suggest contacting support to have them double-check your machine to make sure there isn't anything on there:
http://www.webroot.com/us/en/support/contact
Userlevel 4
Tnx, Nic.

Boy, learn something new every day! I had no idea browsers could be hijacked. I actually use two different ones, sometimes at the same time. One is my main browser, but if I need to look something up for definition while in the middle of an email, I'll load the second one.

Unfortunately, I didn't write down the sites that were flagged, and being old and half senile at times (well, maybe all the time...heh), I can't remember what was flagged. Sorry. It's that short-term memory thing. >:-)

However, tnx for the suggestion to have support check out my computer for some hidden gremlins. Darn those things....they can really take the fun out of your day! Have a great day, Nic and the Webroot fam, too. 🙂
Userlevel 7
Badge +56
Yeah there is malware that will attempt to insert itself in your browsing experience.  So if you go to a normal site, it will inject its own ads in there, in place of the ones that might normally be there.  If something like that is happening, it might cause the whole page to be flagged.  Anyway, let us know what support says!
Userlevel 4
Hey Nic....

Used your link, got through by phone very fast. Talked to Zack; explained the situation. I got an explanation about hijacked browsers and what would be the result and between us we determined that it was unlikely that mine was hijacked. He did say to call back if I find any odd things happening, but I decided not to have a check done remotely at this time. Very nice support. I feel better now. Tnx!
 
And btw, Zack did offer to check my computer remotely right then, but I declined after finding out what to watch out for when I'm browsing.  Didn't want anyone to think support wasn't totally supportive.  ;-)
Userlevel 7
Badge +56
Glad to hear you got some good help.  And please let us know if you have any other blocked pages.  If you post the URLs when it happens then we can double-check to make sure they are safe and if our database needs updating.
Userlevel 4
Will do. 🙂
Userlevel 4
Hi again. ugg.

Was on Facebook and clicked on a Distractify.com link, which I have done before with no problems. It started to open, then blanked out with a box in the center of the screen with the link: ****** Removed for safety ************* Said I had won something. My screen froze; I couldn't do anything but shut down my browser OR click on the link in the box, so I shut down my browser. Webroot didn't react, but then I didn't click on the link, either. Is this the type of hijacking we've discussed?
Userlevel 7
Badge +56
I looked up Distractify.com in our database, which anyone can do here: http://www.brightcloud.com/tools/url-ip-lookup.php
and it gave a score of 50/100.  The main factor seems to be the low age of the site.  I opened the site on my computer and Webroot didn't block it, nor did I get any popups, so it does sound from your description that something is taking over the browser session to display pop-ups.  I'd say call in to our support again and see if they can help you track it down.  Also, if you open up your Add/Remove programs on your computer, post the list of stuff in there.  We might recognize one of the programs as a browser adware that might have gotten installed as bundleware along with some other legit program that you might have installed recently.  Often the fix for that is as simple as just uninstalling the bundleware.
Userlevel 4
Hi again. Again. Again.

I contacted support, had Luis run a remote scan on my computer. It turned up nothing. He suggested I uninstall Safari, reboot, and reinstall Safari. Since Safari is a part of the Yosemite program, and my computer doesn't have either a disk drive, or disk (downloaded from Apple), and since I have continued to keep my upgrades current....I can't get Safari back. I have looked at other sites and every one shoots a Webroot screen at me as being unsafe for downloading Safari. I've read reviews on the sites and have seen complaints about downloads having malware attached. I seem to be stuck. I miss Safari. I do want a secondary browser (I have Firefox) but Chrome and I didn't get along at all. Any advice on either safely downloading Safari from someplace as a standalone, or another browser? I'm using Mac Yosemite version 10.10.3. Now I'm going to take a nap. 😉 Tnx, and happy Friday!
Userlevel 7
Badge +62
Hello @,
 
I'm not 100% positive but I believe you can go to Finder/Applications/Safari app/ double click and see if Safari will install.Edited: Or did you uninstall this application from here?

 
The other Websites that you are being blocked from will not work with Mac Yosemite version 10.10.3.  I believe it has to be from the iinstallation of Yosemite. If what I have suggested above does not work then I'm quessing a reinstall of Yosemite from the Apple Store will have to be done.  I also own a Mac/Yosemite 10.10.3 and I run all three browsers. Mainly FF is my default.
 


 
I can ask @ if he has any solutions for this issue.
 
 
Hope this helps,
 
Kind Regards,
Userlevel 4
[Post movie and nap]
Hi Sherry.....

No, I didn't uninstall Safari from the apps list. Might have been a crazy thing to do (can never discount that when I'm on the computer), but I used the uninstall feature in CleanMyMac3. It seemed easier at the time. Famous last words.

I'm sitting here thinking about how badly I could mess up my whole computer if I uninstall Yosemite and reinstall it. That's a big EEK for me! Wouldn't that delete my photos, documents, and anything else that is connected to Yosemite? I've already lost all my bookmarks with Safari.....maybe not horrible as I needed to clean some out, anyway.

I went to the Apple Store and couldn't find just a download for Safari as a separate entity. I even tried to install an older version of Safari, thinking i could then update it, but it wouldn't let me do that.

Sherry, I really appreciate all the time you've put into this! I think I plain messed up and if I decide to uninstall and reinstall Yosemite, I think I'll have to go through and save everything to thumb drives if I want to keep the info. Not sure I'm ready to do that. Probably why I never got into IT. lol

I'll let you guys know if I figure out what to do and how it turns out. In the meantime, I'll be looking for another browser to use as a backup. I'm a little too OCD to only have one browser. >:-)

Tnx, again, Sherry! Hope you and all Webrooters have a good evening!

Jan
Userlevel 7
Badge +62
Hello Jan,
 
Yes it's important to back up your computer as I use the Time Machine to back up all my important information, I've even been faced to reinstall Yosemite but have been reluctunt myself even with my backups. It's time and work invested to get everything back to what you want and like.
 
I did do some research for this Safari issue and found the same thing you did. One just can't install Safari from the Apple Store like you would think you could.:( Right?
 
Anyways sorry there isn't an easy fix for this Safari. I know how it is to want a program back that belongs with the OS. Right?
 
 
Have a nice weekend too.:D
 
 
 
Userlevel 4
😳 Well, isn't this embarrassing!  I never set up my Time Machine.  Maybe my driver's license should be taken away, too.  I have an old Buffalo external hard disk, but it might blow up the house if I tried to use it.  I used it for my Time Machine on my last iMac, but at some point it freaked out.....and I followed suit and unplugged it.  It's still sitting here, though.
 
I checked out the Time Capsule and it says to "set up airport time capsule".  Once again, I am lost.  I am always lost.  How does a person go about doing this?  I need a frippin' MAP. :@
 
You are all lovely people....just want to say that.  Jan
 
 
Userlevel 7
As far as i know the only way to get Safari is through osx install or update... I suggest doing a recovery mode and reinstalling he os.  Here is how: https://support.apple.com/en-us/HT201314
That should get everything back to normal for you.  Let me know if you have anymore questions.
Userlevel 4
Tnx, Wanderingbug. Guess I'll have to figure out how to do a backup and then tackle this over the weekend. I really do appreciate everyone's help! Now I have to go make spaghetti. 😉 Jan
Userlevel 7
Badge +62
Hi Jan,
 
I'm not into setting up a airport time capsule. It's a wireless base station, Which  Idon't have so therefore I don't know much about it. But you can look this up on https://www.apple.com/support/airport/timecapsule/ and here https://support.apple.com/en-us/HT201510
 
As described here:
 
Time Capsule doubles as a full-featured AirPort Extreme 802.11n. So, if you’re adding Time Capsule to an existing wireless network, you’ll want to set it as your primary base station, rather than as a network client. That way, you benefit from its faster performance and ensure that your backups occur without any speed bumps.

Please look here at YouTube

 
I don't have this setup unfortunately.
 
 
Best Regards,
 
 
 
 
Userlevel 4
Tnx, Sherry, Nic, Devin and all. Seems my bumbling all-night efforts have turned out very well with no further adieu. My computer is smarter than me, apparently. Have Time Machine up and running, Safari is back, and only thing worse for wear is moi. I appreciate you guys having my back while I experimented. Thanks again! Hope you have a good week!
Userlevel 7
Badge +62
Hi Jan,
 
That's great that everything is running great for you. No problem..we are always here if you need help.
 
Have a nice evening!
 
Kind Regards,

Reply