1. Forums
  2. Mystery Shopping Discussion

Trojan Virus Alert - Inside Hospitality

November 06, 2011 11:26AM
Just a word of caution.

Kaspersky picked this up when I attempted to go to the website and sign up with this MSC:

**I used the link provided here on the Official List of Mystery Shopping Companies**

Kaspersky
Anti-Virus 2010
Access denied

The requested URL could not be retrieved

While trying to retrieve the URL:

[insidehospitality.com]

The following threat was encountered:

The requested object is INFECTED with the following viruses: Trojan.JS.Redirector.ro
Generated:
4:22:28 AM
Kaspersky Anti-Virus 2010

~ + ~ + ~ + ~ + ~ + ~ + ~ + ~

Proud To Be A Soldier's Mom
Reply
Log In
x

Create an Account or Log In

Membership is free. Simply choose your username, type in your email address, and choose a password. You immediately get full access to the forum.

Already a member? Log In.

More Discussions About Inside Evaluator Brands (All Companies)
November 07, 2011 04:53AM
WOW! Whats up with that. That is not a good thing!
Reply
November 07, 2011 07:05AM
I just clicked on the link and got nothing. I was signed into their site earlier and got nothing then, either. My AV program didn't act up. I wonder if it's some script that your AV doesn't recognize? Or...? I don't know. I was scared to click on the link but I also edit there. Kinda gotta sign in, ya know? LOL So I was thankful when nothing happened. Whew! I'm there now working. smiling smiley
Reply
November 07, 2011 10:30AM
It is definitely weird.

I know my Kaspersky says 2010, but it was from 12/2010, and I do update it daily. I also just did a full PC scan two nights ago and my desktop was A-OK. I'm using Vista, that's updated with patches, etc.

Interestingly enough, I JUST tried the link again, and I received the same error. My AV isn't allowing me to even open the first page.

I'm still trying to research why I am getting this Alert. I do not believe in any way that a reputable company would do this.

Angie - what is on the first page? Are there advertisements, something that my AV program may pick up. (I can't see it, so I don't know what to send to Kaspersky.)

Going to still keep digging. It's possible if other AV Programs don't pick anything up Kaspersky (which is supposed to be the filet mignon of AV programs, SUPPOSED to be I said, I hate Norton, LOL) is giving me a false negative. Don't know, I'm the most untechnical adult on the planet!

Thanks.

~ + ~ + ~ + ~ + ~ + ~ + ~ + ~

Proud To Be A Soldier's Mom
Reply
November 07, 2011 02:25PM
There are some ads but they all appear to be for the company itself, I believe. There is also a live chat pop-up at the bottom right corner of the screen. I don't know if any of those could be the issue or not.
Reply
November 07, 2011 05:36PM
Trojan.JS.Redirector.ro is a malicious JavaScript Trojan that may seem to be a legitimate program and redirect Internet users from one compromised website to another malicious website. Trojan.JS.Redirector.ro spreads via dubious websites and infected links, and uses vulnerabilities in a targeted web browser to reroute affected web users to other unwanted websites. Trojan.JS.Redirector.ro keeps track of the Internet user’s browsing activities and injects some malicious JavaScript code which, in addition, hijacks affected web user’s online search. Trojan.JS.Redirector.ro can also steal your confidential information and transmit it to remote attackers. Remove Trojan.JS.Redirector.ro before it damages your computer system.
Reply
November 07, 2011 07:12PM
anakin Wrote:
-------------------------------------------------------
> Trojan.JS.Redirector.ro is a malicious JavaScript
> Trojan that may seem to be a legitimate program
> and redirect Internet users from one compromised
> website to another malicious website.
> Trojan.JS.Redirector.ro spreads via dubious
> websites and infected links, and uses
> vulnerabilities in a targeted web browser to
> reroute affected web users to other unwanted
> websites. Trojan.JS.Redirector.ro keeps track of
> the Internet user’s browsing activities and
> injects some malicious JavaScript code which, in
> addition, hijacks affected web user’s online
> search. Trojan.JS.Redirector.ro can also steal
> your confidential information and transmit it to
> remote attackers. Remove Trojan.JS.Redirector.ro
> before it damages your computer system.


Anakin, do you think this is something on her computer that is trying to get her information? I checked mine and I don't have it.

FYI to everyone, I don't work for IH directly but a scheduling company. So I sent the link to this thread to my boss. Hopefully she can forward it to the right person so they can check it out.
Reply
November 07, 2011 07:26PM
First of all one has to find out if the virus is there. If you have good firewall and virus program most likely you are not affected.

1. hit ctrl+alt+del keys together.

2. There will be a menu - start the Task Manager

3. Click the 'Processes" tab and see if Trojan.JS.Redirector.ro is running. The list will be very long.

4. Stop that process

5. This will not remove the virus, but for that particular browsing session the virus may not run, and you could be safe. This is not a guarantee. Some Trojans are very persistent and have lives of their own.

6. You have to do that every time you restart the computer.

7. If you do have it, some how you need to get rid of it. Either via virus removal tools or manually. If you google that trojan you may find instructions to remove it manually.
Reply
November 07, 2011 08:40PM
Hello, this is Lysa from Private Eyes Scheduling; we manage Inside Hospitality's mystery shopping component. First of all, I would like to thank everyone for their posts. We certainly want to be sure that our client's sites and software are completely secure for the benefit of everyone's privacy and security.
Before I contact the client about these concerns, might someone clarify for me if the Trojan Redirector virus is related to person's computer, or if in some way, a url can be infected. My team is of course on this site almost 24/7 and have never had an issue.
Please advise so I can help. Thanks! smiling smiley
Reply
November 07, 2011 10:28PM
Hello again, klhofbauer, and all others on this thread...
I went ahead and inquired with my client in the attempt to rectify this ASAP.
The owner of Inside Hospitality immediately had their engineers run tests. It has been confirmed after an hour of technical research that there are no site issues and the hosting for www.inside-hospitality.com is 100% secure. Their best assumption is that there is a security threat on klhofbauer's computer.
Should anyone else have any questions, please feel free to contact me directly.
A direct link to IH's login page is: [insidehospitality.clientsmart.com]
Thanks again! smiling smiley
Lysa@PrivateEyesOnline.net
Reply
November 07, 2011 10:45PM
Thank you for your replies.

PrivateEyes - I thank you for contacting Inside Hospitality.

I had sent an email directly to Kaspersky this morning after I got the second notice alert when I tried to log in directly to: [insidehospitality.com]

I had not heard back from them as of yet.

HOWEVER - the interesting thing is, I used the Client Link you have listed above, and I was able to pull up the page IMMEDIATELY - and absolutely no problem!

I then clicked on the link for "Don't have an account yet? Click here to register as a shopper." and I was taken to: [insidehospitality.clientsmart.com] right away - NO popup warning from my AV Program.

So - knowing this, it has to be directly on Kaspersky's AV and I need to find out what it is. It is NOT on my desktop, I did another scan this morning, "Full Scan", and nothing came up. (As a side note, I have to have major AV protection because part of my "day job" is editing and writing descriptions for movie scenes, so I'm all over the 'net)

I've amended my email to Kaspersky and informed them that this site was checked by the owners and it is 100% free of any issues.

Thanks again for your quick responses!

~ + ~ + ~ + ~ + ~ + ~ + ~ + ~

Proud To Be A Soldier's Mom
Reply
November 07, 2011 10:47PM
It was our pleasure! Good luck with your threat issues. That's always a pain. winking smiley
Reply
November 07, 2011 10:55PM
Based upon what you shared and with no further info...it sounds like their site has a bug! It was trying to deploy into your system.

Glad you caught it!

Don



klhofbauer Wrote:
-------------------------------------------------------
> Just a word of caution.
>
> Kaspersky picked this up when I attempted to go to
> the website and sign up with this MSC:
>
> **I used the link provided here on the Official
> List of Mystery Shopping Companies**
>
> Kaspersky
> Anti-Virus 2010
> Access denied
>
> The requested URL could not be retrieved
>
> While trying to retrieve the URL:
>
> [insidehospitality.com]
>
> The following threat was encountered:
>
> The requested object is INFECTED with the
> following viruses: Trojan.JS.Redirector.ro
> Generated:
> 4:22:28 AM
> Kaspersky Anti-Virus 2010
Reply
November 08, 2011 12:53PM
Just for the record, the likelyhood that you will see a named infection listed in Task Manager are about zero. There may be a process linked to it running somewhere, but it will not be running with a name like that. One reason is that each antivirus company uses their own naming conventions, they are the ones that name them, not the infection's author. Two, if someone wants you to be infected, they would not name their process with an easy to identify name so that you could kill it.

Hope this helps in the future.
Reply
November 08, 2011 04:43PM
Agree with that. Usually the processes have innocuous names, or in some cases names similar to processes that should be running (e.g. winlogon is there all the time, if you see "winlogin" you've got a problem.)
Reply
November 08, 2011 05:19PM
I checked my task manager anyway. The only things running were my web pages I have open, a Word file I've got and Sony's messenger. I also ran AV program and since Inside Hospitality checked their system, as Lysa mentioned, I agree with KlhofbKuer that it is probably his/her AV program.

On a side note, if you think you've been infected with malware, Malwarebytes.org is a fantastic program and they offer a free version. When my old laptop got infected and my ISP blocked me from the Internet, that was the program the tech recommended. It found things my AV program missed. Plus, when I had a problem with one file, a tech at Malware Bytes worked with me until it was fixed. He even recommended competitor software that might be beneficial. GREAT program!
Reply
November 08, 2011 11:30PM
AlwaysAngie Wrote:
-------------------------------------------------------
> I checked my task manager anyway. The only things
> running were my web pages I have open, a Word file
> I've got and Sony's messenger.

Once you open the task manager you have to click on 'Processes', these things won't show up on the 'Applications' tab. The 'Processes' tab is where you find actual .exe files running. You'll probably notice you have a ton of them, and that's why it gets confusing very fast, and also why it's difficult for those without the level of knowledge needed to do anything about a robust work/virus/trojan.
Reply
Sorry, only registered users may post in this forum.

Click here to login