# Phishing Problem - Google Images - t3.gstatic.com



## XFiiire (Jul 14, 2010)

Hello,

Every single time I search any phrase on Google Images on Firefox (or Internet Explorer - but Firefox is my main browser), my Kaspersky Internet Security alerts me to Phishing Attacks - 
this is one example

blocked: phishing address http://t3.gstatic.com/images 
URL: http://t3.gstatic.com/images?q=tbn:...t.com/albums/ll176/yescomm/hello/hello020.gif

Hence the apparent phishing attack seems to operate by taking the images shown from the search and then turning it into what Kaspersky finds as a phishing attack - those images (on the browser) do not show up - they become a blank white box normally with a small red X in the top left hand corner

This started after visiting a dodgy website which offered me one of those rogue spyware/antivirus softwares - my normal procedure is just to abort firefox and upon the session restore simply untick the box for the "rogue" website - although this seems to have failed

So far I have scanned with Malwarebytes and found Rogue.RegSweep - although quarantining and deleting this has not solved the problem

______________________________________
LOG:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4310

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/07/2010 00:23:04
mbam-log-2010-07-14 (00-23-04).txt

Scan type: Quick scan
Objects scanned: 137196
Time elapsed: 21 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________________
At the moment I am scanning my whole system using Trend Micro Housecall - although I am still unsure as to whether it fill find anything on my system and whether if it will solve the problem

What should I do?

Note: I have done one system restore to the 13th of July (the latest one I had to restore to) - previous to this date I did not have the problem

Note: When using Firefox's Private Browsing Mode and searching Google Images - the problem does not occur - Kaspersky does not warn me of any phishing attempts and all the images on Google show up as they normally should

Thank You

Edit: It seems like it does affect Private Browsing... however that means that for some reason on one occasion it did not do anything and the Google Image Search actually worked


----------



## Blade81 (Oct 27, 2006)

Hi,

Download DDS and save it to your desktop from *here* or *here* or *here*.
Disable any script blocker, and then double click *dds.scr *to run the tool. 
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop. Post them back to your topic.

---

Download GMER here by clicking download exe -button and then saving it your desktop:
Double-click *.exe* that you downloaded
Click *rootkit*-tab, uncheck files option and then click *scan.*
*Don't check 
Show All
box while scanning in progress!*
When scanning is ready, click *Copy*.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.


----------



## XFiiire (Jul 14, 2010)

Hi Blade81, 

Thank you for your response, ((should have posted it here earlier - but I was on holiday  )), I managed to solve the problem eventually through doing a few scans of my computer and scanning the registry which removed some entries.

The problem has been removed - I used Malwarebytes, Uniblue Registry Booster, Trend Micro Housecall and (after the event - this scan did not find any threats) Kaspersky Internet Security 2011

Though thanks again for replying

XFiiire


----------



## Blade81 (Oct 27, 2006)

Ok. Thanks for letting us know


----------

