• Advertisement
Sign in to follow this  

Rogue Java Script

This topic is 4413 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

What's a good site for getting help on tracking down a rogue Java script. It's highjacking my search results from Yahoo and Google, but Norton, Ad-Aware nor SpyBot recognize it as the pain in the rump that it is. I assume it is a java script since diabling java scripts in Internet Explorer ends the problem. Also hitting Refresh then Stop keeps it from highjacking the links. It seems to start running on the search page since Refresh/Stop there prevents it from highjacking the search results as well. It seems to load on www.yahoo.com or www.google.com since if I jump directly to either without a Refresh/Stop is hijacks the links on the search results. I don't know enough about java to see what scripts are running, how to figure how this thing is getting invoked and ultimately how to get it off my system. I downloaded the Jave Development Kit, but as near as I can tell JConsole is connecting to itself. Even if not I'm at a loss as to how to tell what scripts are running.

Share this post


Link to post
Share on other sites
Advertisement
javascript (one word, not two) is not Java. Java is a language developed by Sun Microsystems. javascript was originally developed by Netscape as a language named LiveScript. The named was changed to javascript as a marketing ploy shortly after it was released. The standardized version of the language is called ECMAScript, and the Microsoft version is JScript. So the Java Development Kit isn't going to help you as it has absolutely nothing to do with javascript or any variation thereof.

With that information, maybe you can narrow your search a bit.

Share this post


Link to post
Share on other sites
Please provide more information:

- Is this a piece of malware that you suspect is installed on your local machine?
- Or something that has been installed without your permission on your web site?

In the former case, if you suspect your machine has been compromised, you should stop using it immediately and reinstall from clean installation media, restoring backups carefully.

If you suspect that your web server has been compromised, then you should notify the sysadmin immediately, who will probably reinstall the web server. Then you'll want to carefully restore from backups, as before.

Continuing to use a compromised machine is always a mistake. No amount of anti-spyware and anti-malware software can detect unknown threats which may have crept in through holes left by other stuff, or been manually installed by someone.

Mark

Share this post


Link to post
Share on other sites
Script, applet, application, program, whatever you want to call it, it was Sun's Java since disabling the JRE stopped it. Apparently it was running as a search assistant and I got it to stop running.

Certainly, recovering from a full system backup would be preferred, but regretably I don't have one. As hard drives have grown the capability to back them up hasn't so it's been years since I had a full system backup. Looking around though I can get an Iomega Silver 250GB external drive for about $160. That seems a small price to pay to avoid the hassle I've had for the last three weeks.

I was really just looking for a reference to a reliable site for getting assistance in tracking down viruses that scanners miss. There was the hope some slight hope someone could tell me how to see what Java scripts/applets/whatever were running under Internet Explorer. This isn't the site for help in combating a virus, but it is a site of referals by people I trust.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement