web site 2baksa.net avoid

[vbfg456]

There is a java program that is downloaded when you access this site.
It appears this program will remove chrome update and any use of keyboard will lock your system, after you reboot.

[Theo Peterbroers]

Hi vbfg456,

Thanks for warning us off this warez site.

I'm no malware removal expert, but I have four questions for you
- does your system still get locked,
- did you get any message when your system locks,
- does your system show a bootmenu offering you to start a recovery console,
- does your system lock when you start in safe mode? You can get into safe mode by repeatedly pressing F8 key during boot.

Best regards,

[Pondus]

Sucuri
http://sitecheck.sucuri.net/results/2baksa.net

Zulu analyzer
http://zulu.zscaler.com/submission/show/4a6d529f6cf9a04c9e605dabfa96a3bf-1345438365

wepawet
http://wepawet.iseclab.org/view.php?hash=b1c7828d11110ae6437f4df37241b4fd&t=1345438420&type=js

[Theo Peterbroers]

Quttera:
Normalized URL:    2baksa.net
Submission date:    Mon Aug 20 05:49:45 2012
Server IP address:    178.218.212.214
Country:    Russian Federation
Malicious files:    0
Suspicious files:    0
Potentially Suspicious files:    2
Clean files:    160

Potentially Suspicious files: 2
/all-include.js
File size[byte]:   
224339
Threat type:   
Potentially Suspicious
Details:   
Detected hidden reference to external web resource.
Reason:   
Detected generation of hidden DOM element [iframe].
MD5:   
1DFFE292D407F3F5587F99CC65166457
Scan duration[sec]:   
0.547000
/billingXX.maxhost.ru/order/host.php?name=nowa
File size[byte]:   
67
Threat type:   
Potentially Suspicious
Details:   
Detected unconditional redirection to external web resource.
Reason:   
<meta http-equiv="refresh" content="0; url=hXXp://www.maxhost.ru/">
MD5:   
1379511935659EB5BFBA206CFBF51BB0
Scan duration[sec]:   
0.005000

Dunno, still learning. When I open it now, I see a site that clearly proclaims Torrent Treker. But I swear that when I first opened it this morning, it had an altogether different design and proclaimed Warez. Hmmm, probably was not yet fully awake and clicked on wrong link.

Best regards,

[Pondus]

Norman lab say there is a redirect

2baksa.net.htm - Redir.ID

[polonus]

This is also here: teasertop.ru/js/teasertop.js considered as suspicious
Probably worth blocking, see: http://adzilla.fanboy.co.nz/forums/viewtopic.php?t=10319&p=28476
and where it was adopted: http://hg.fanboy.co.nz/rev/404fd502d6e0
avast webrep also alerts the link to ru.redtram dot com a spammer
Помойка. Фейковые новости    " listed  here: http://firefox.org.ua/xpi/adblock_ua.txt

polonus

[vbfg456]

i found out why the keyboard stopped working. it turns out the kvm switch, does not work on the computer that i use for the internet.
the other computers do not have any problems. not a problem with the cable.

i toke several tries to uninstall and put chrome back on. would say can not uninstall because some files are missing.
i toke getting the full version (20mg) to install from that. then i was able to uninstall and reinstall, so it is back to normal.

do not know why the update files were missing. they were listed in the startup program list. (just file missing).

[polonus]

Hi vbfg456,

Good to hear these issues have been solved. Welcome to these forums here,

polonus