Jump to content

premiumlivescanner.com (browser hijacker)


Recommended Posts

I clicked on a google link that took me to Helium.com so I could read a article. Suddenly, I was redirected to "premiumlivescanner.com" and all these screens popped up claiming I had a virus, a scan was being done, etc. I don't recall clicking on anything. I started to hit control alt delete to close the screen but as things were moving pretty fast I just went ahead and shut down the power to the computer. There doesn't seem to be much out there about "premiumlivescanner.com" at present but from what I've been able to see it's a new version of the Antivirus 2009 browser hijacker. I'm currently running AVG and I'm gonna download malwarebytes and run that. But I don't know if I have it. I'm not being redirected to other websites or anything. Then again, I use Firefox and I think it only does that if you use Explorer.

One more thing, someone posted something at Helium asking, "Possible Virus embedded in Helium?" I'm just reading the title of their page off Google- I'm not going back to Helium to read their article. It starts off, "A couple of days ago I logged into Helium from my home laptop and got ... http:/ /premiumlivescanner.com/promo/1/freescan.php" But I think the person is onto something.

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: I'm infected - What do I do now?

Someone will be happy to assist you further with cleaning your system if required

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

BTW: I've already sent the URL on to Bruce, the head of our research team. I have a feeling that he's asleep at the moment (it's about 2:00AM here right now, so probably late for him as well), but he'll look at it as soon as he can.

Hi and thanks. My computer was not giving me any problems but I went ahead and downloaded Malwarebytes. It picked up two things- perhaps one of them was it (though I saw an explanation for the Trojan.Agent result elsewhere so I think my system was safe). Here are my results:

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Anyway, Malwarebytes rocks. Thanks again for your help.

Link to post
Share on other sites

Hello HG81,

I'm from Helium. We believe we were hit by an ad coming through one of our ad networks. There is nothing on our site itself causing this virus. We've shut off most of ad networks and the problem went away. Has any one heard of who is doing this and how we can all protect ourselves from something like this coming through an ad network?

Please don't give up on Helium because of this. We didn't do it.

Link to post
Share on other sites

Hello HG81,

I'm from Helium. We believe we were hit by an ad coming through one of our ad networks. There is nothing on our site itself causing this virus. We've shut off most of ad networks and the problem went away. Has any one heard of who is doing this and how we can all protect ourselves from something like this coming through an ad network?

Please don't give up on Helium because of this. We didn't do it.

You need to use reputable ad networks. Companies like DoubleClick should at least make an attempt to keep their ads clean, but there are a lot of advertising companies that do not.

Note that even Google ads are often manipulated to display links to malicious content, but they target Google searches more than independent websites. You may also want to make sure that any advertising contracts that you sign specify what type of content that can be displayed in the ads.

Lastly, never sign an ad contract with an advertiser that contacts you via e-mail. These types are often trying to sell ads that you will have problems with, and make you very little money. Go to the advertiser's site, search on Google for their history as far as spyware issues, and make sure that they monitor the content of the ads.

Link to post
Share on other sites

We do use mainstream reputable ad networks. One's that are household names in the ad industry. In fact, we haven't been able to show that it really did come from an ad network. Just that when we turned them off the problem went away. It could have been a coincidence on timing, who knows. That's the most frustrating aspect to it. I've walked through the ads that each of them report to have displayed and none of them are the problem either. So we're still in the dark.

I heard that Network Solutions had some Denial of Service attacks on about the same time we started having a problem. Does anybody know if something could be related to our domain name? We use Network Solutions for helium.com.

You need to use reputable ad networks. Companies like DoubleClick should at least make an attempt to keep their ads clean, but there are a lot of advertising companies that do not.

Note that even Google ads are often manipulated to display links to malicious content, but they target Google searches more than independent websites. You may also want to make sure that any advertising contracts that you sign specify what type of content that can be displayed in the ads.

Lastly, never sign an ad contract with an advertiser that contacts you via e-mail. These types are often trying to sell ads that you will have problems with, and make you very little money. Go to the advertiser's site, search on Google for their history as far as spyware issues, and make sure that they monitor the content of the ads.

Link to post
Share on other sites

I heard that Network Solutions had some Denial of Service attacks on about the same time we started having a problem. Does anybody know if something could be related to our domain name? We use Network Solutions for helium.com.

No, that's would not have affected your site. They would have had to compromise your hosting company's server to do that to you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.