Recently (Tuesday AM) I went to a site, popoholic.com, one of those sites, yeah, just for kicks via a link in SportsIllustrated.com, Extra Mustard.
Reason I did that was because of misplaced trust in the blog author (tho this severe incident was not his fault, nor the web site owner's either). I now know better.
Thanks to Sandboxie v. 3.74 and Avast! Free antivirus, I escaped with no harm or any malware on my system. I did see the malware attack come in a rapid streaming attack, and Avast! struggled to keep up with the network blocks as it was coming in. In the end, there were 576 blocks made in less than the twenty seconds that it took for me to close the browser and disconnect from the internet. Most people would likely have just simply pulled the power cord, but I chose not to do that.
What happened:
- Avast! alerted continously for twenty seconds or more.
The browser window became a translucent semi-opaque white
Browser became unresponsive and took several tries to close.
Here is what I would have gotten infected with:
http://www.malwarehelp.org/win-7-securi ... moval.html
http://www.sophos.com/en-us/threat-cent ... for-B.aspx
http://www.ehow.com/how_5074980_remove- ... icker.html
Among other things, I would now have a rogue fake a/v on my desktop, as well as two other things, each possibly demanding I pay to remove infections found on my system.
Thank you tzuk. You have literally saved my behind and Sandboxie will definitely get all the credit.
I have checked for any remaining resident rogue processes or services, and cannot find any anywhere. System is completely clean.
Why this happened: popoholic is on the internet website registry as being a problematic site as far as hosting malware. Most of the time it is clean, sometimes it is not. The malware hosted on popoholic was transient, active only for about four hours. A later check with urlquery.net showed it to be completely clean. As for being trustworthy, no. As for being safe to visit, I now know the answer is no, as malware can be hosted one moment, and then disappear the next.
www.urlquery.net