Page 1 of 2 12 LastLast
Results 1 to 20 of 28
Like Tree5Likes
  1.    #1  
    I know, there a lot of people who will think , virus? Impossible.

    Well I may be super unlucky, or just missing something obvious.
    I hope it is something obvious.

    i have the basic and advanced browsers.
    In both , if javascript is turned on in prefs, have this happen: Do google search, all search results redierct to insurancepuma.com .

    I know this is virus in the wild on PCs.

    I cleared cache, cookies etc.
    Luna restart, device restart.

    ***
    Add info

    My use of this is basically an ereader and email checker, so I am really unsure as to when the behavior started.



    It will not go away.

    I put a few preware apps on to see if I could trace the problem.
    ProxySwitch always says , yes a proxy is on and it is set to 10.128.1.69 :80 .
    i turn it off. close app, open it . Proxy is on and set.
    Proxy Set Basic does not find a proxy configured, so I am thinking the toggle app may just may be poorly written.

    I looked in /etc/hosts only 2 entries palm-webos and localhost.localdomain both at 127.0.0.1

    I deleted pretty much every freebie random app i had installed from the market place.

    I am at a loss as to what to check next.

    BTW when I turn javascript off the google landing page definitely looks different and it appears to function as designed by the googlees. (google employees)

    So ya... this smells like a virus to me.
    Last edited by Mannybo; 02/15/2012 at 06:39 PM. Reason: adding info
  2. #2  
    Having a virus on this platform would require you to knowing install malicious software and devmode to be on to have a chance. It's not impossible, just webOS has been under the radar from such attacks. Might be possible if you have done such outside app catalog, preware, or weboscentral feeds.

    Trace back what you may have installed recently and then do an erase apps and data to eliminate the anomaly.
    Try diplomacy first. You can always conquer them later...

    www.webos-internals.org, read it, use it, love it, and donate to it.....
    beangeary likes this.
  3. #3  
    I loaded proxyswitch and it says the same thing here but I'm having no problems, think you're misinterpreting that. Is your browser default search engine set to google? If you're using just type is that set to use google?
  4.    #4  
    Quote Originally Posted by addiarmadar View Post
    Having a virus on this platform would require you to knowing install malicious software and devmode to be on to have a chance. It's not impossible, just webOS has been under the radar from such attacks. Might be possible if you have done such outside app catalog, preware, or weboscentral feeds.

    Trace back what you may have installed recently and then do an erase apps and data to eliminate the anomaly.
    I do not recall placing it in devmode, but I did install preware, overclockied it, etc when I first got it.
    There have been a few apps I installed directly from the hp marketplace, like some sms app that appeared to do nothing.
    I uninstalled it, but my concern is that when they were installed they altered a system settings in some way.
    Or placed some form of include file in to the browser.
    It is definitely using a java script injected into the page.
    Looks like it is
    I really do not know where to look or even what known good should be, so that is fairly hard to determine if that is the case.

    The HP app store really doesn't seem to have a change control process in place.
    And some of the free apps I see there are just total junk, or seem fairly sketchy.
    But hey, free, so when my wife or kids are playing around , they just dump stuff in.
    Devs appear to be able to update the app anyway they want with little or no qa after the initial upload.
    Ok ..end of rant


    Quote Originally Posted by texasflood View Post
    I loaded proxyswitch and it says the same thing here but I'm having no problems, think you're misinterpreting that. Is your browser default search engine set to google? If you're using just type is that set to use google?
    Thank you for doing that. If you get the same results... I don't think either of us is misinterpreting it, it may just be a garbage app.

    Google is set as my default search engine. I have tried via the bar and via going directly to google.com.

    https://www.google.com does not load.
    when i turn javascript off the google.com part of the URL is replaced by 209.85.145.103 .

    I would guess what ever is happening is somehow redirecting the java style or some other component of the page to hijack the results.
    The page doesn't look like the live standard page which is why I think this.
    I just can't figure out how it is happening.
  5. #5  
    how about your router itsself? checked any proxy/dns/etc settings in whatever router options you have? esp if your pc does the same.
  6. #6  
    Doesn't look like the proxy is set for me even though it's listed in the app, that's what I was trying to say.

    When I turn javascript off, my google.com url looks normal, the IP isn't shown. Try using a valid google IP with javascript on and see if you go to google. Maybe some sort of DNS issue if so. 209.85.145.103 isn't the IP I get for google but it does seem to be registered to google.
  7.    #7  
    Quote Originally Posted by geekpeter View Post
    how about your router itsself? checked any proxy/dns/etc settings in whatever router options you have? esp if your pc does the same.
    5 pcs/laptops mix of win7 and linux , several android devices, none of them do this.
  8. #8  
    have you tried going directly to a google / yahoo ipaddress?

    Have you checked your router dns settings?
  9. #9  
    Quote Originally Posted by abegee View Post
    have you tried going directly to a google / yahoo ipaddress?

    Have you checked your router dns settings?
    Yup, that's what I was trying to ask above, could be DNS, try an IP.
  10. #10  
    While not impossible, it's very unlikely that you have a virus on your touchpad. That's not to say, however, that you don't have a virus somewhere, even if only one system is currently showing symptoms.

    What is your home network setup (is it a standard set-top router running something along the lines of dd-wrt, or do you use a full-fledged server in conjunction (and I don't mean a media server))? If you use a server, what OS/packages is it running? Who resolves your DNS? What type of proxy were you trying to run through?
  11. #11  
    Quote Originally Posted by addiarmadar View Post
    ........................... and devmode to be on to have a chance.
    I've never turned devmode off. Should I ?
    You plug your phone in?
  12. ggendel's Avatar
    Posts
    463 Posts
    Global Posts
    818 Global Posts
    #12  
    I would bring up a terminal program and experiment to see where the fault is. I assume the Touchpad has nslookup or dig, so you could do:

    nslookup google.com

    nslookup google.com 8.8.8.8

    and see what they return (the second asks google's dns servers directly).
    Palm III->Palm IV->Palm V->M130->Tungsten->Treo 270->Treo 600->Treo 700->Palm Pre Plus->FrankenPre 2->Pre 3 & TouchPad
  13. #13  
    Quote Originally Posted by woosh View Post
    I've never turned devmode off. Should I ?
    Once you have preware on, you really don't need it left on unless you plan on more sideloading or doing some deep level stuff in webOS. If you do plan on installing stuff not from established sources or go to questionable sites, then you may want to turn it off. Leaving it on does compromise the security of your device, just like rooting does to android and jailbreaking for iOS.
    Try diplomacy first. You can always conquer them later...

    www.webos-internals.org, read it, use it, love it, and donate to it.....
  14. #14  
    Quote Originally Posted by Mannybo View Post
    I do not recall placing it in devmode, but I did install preware, overclockied it, etc when I first got it.
    There have been a few apps I installed directly from the hp marketplace, like some sms app that appeared to do nothing.
    I uninstalled it, but my concern is that when they were installed they altered a system settings in some way.
    Or placed some form of include file in to the browser.
    It is definitely using a java script injected into the page.
    Looks like it is
    I really do not know where to look or even what known good should be, so that is fairly hard to determine if that is the case.

    The HP app store really doesn't seem to have a change control process in place.
    And some of the free apps I see there are just total junk, or seem fairly sketchy.
    But hey, free, so when my wife or kids are playing around , they just dump stuff in.
    Devs appear to be able to update the app anyway they want with little or no qa after the initial upload.
    Ok ..end of rant




    Thank you for doing that. If you get the same results... I don't think either of us is misinterpreting it, it may just be a garbage app.

    Google is set as my default search engine. I have tried via the bar and via going directly to google.com.

    https://www.google.com does not load.
    when i turn javascript off the google.com part of the URL is replaced by 209.85.145.103 .

    I would guess what ever is happening is somehow redirecting the java style or some other component of the page to hijack the results.
    The page doesn't look like the live standard page which is why I think this.
    I just can't figure out how it is happening.
    Wonder if it is a stuck cookie that wont purge. Using Internalz Pro, go to the var/palm/data/ directory and move the browser-cookies.db.com.palm.app.browser and cookies.db files to your /media/internal directory and then try the google search. These 2 files come back when you reload the web app but wanna move rather than delete just in case you needed something from them.
    Try diplomacy first. You can always conquer them later...

    www.webos-internals.org, read it, use it, love it, and donate to it.....
  15. #15  
    Quote Originally Posted by Mannybo View Post
    The HP app store really doesn't seem to have a change control process in place.
    And some of the free apps I see there are just total junk, or seem fairly sketchy.
    But hey, free, so when my wife or kids are playing around , they just dump stuff in.
    Devs appear to be able to update the app anyway they want with little or no qa after the initial upload.
    Ok ..end of rant
    The above information is false. Now if you are beta testing for someone this could be possible... I would say you would be more likely to load a virus by loading items to the USB partition.

    Also as someone who has used the OS for 2 1/2 years on many devices and loaded many packages directly from developers I have yet to run into an issue.


    Now something that hasn't been mentioned, do you login to a google account and save search results/preferences. Not that this is likely your problem, but more likely than this being the cause of a free app from the catalog.
    I love physical keyboards... but there is two devices that would make me consider a slab, one is something running a full version of Open webOS. The other is an iPhone!!!! HA HA just kidding (about the iPhone that is)...
  16. #16  
    Quote Originally Posted by ggendel View Post
    I would bring up a terminal program and experiment to see where the fault is. I assume the Touchpad has nslookup or dig, so you could do
    Surprisingly I don't see these tools, not sure if there is a way to add them.
  17. #17  
    Well, my 2 cents would be to just doctor the device. Virus or not, whatever the reason behind it, your touchpad is acting strange and I'd say there is no good reason to leave it compromised like that.
    New to webOS? Here's my definitive Get Started guide: http://forums.webosnation.com/hp-tou...ted-guide.html

    Want to dual boot Android on your Touchpad? Here's my guide: http://forums.webosnation.com/androi...ted-guide.html
  18. #18  
    Quote Originally Posted by ncinerate View Post
    Well, my 2 cents would be to just doctor the device. Virus or not, whatever the reason behind it, your touchpad is acting strange and I'd say there is no good reason to leave it compromised like that.
    Well my 2 cents would be that we have a tendency to jump to the doctor to much. I am all for the doctor and it's a great tool, but it's not a crutch to solve all problems. It's a last resort step and should be treated as such.

    Doing the doctor may in fact resolve the issue, but it could be resolved by doing a flush on the DNS. One takes thirty seconds and keeps everything great the other takes a much longer process and causes data that isn't backed up to be lost.

    While the doctor fixes many problems it's mentioned in almost every thread on webOS Nation that someone has a problem, while the person mentioning to run the doctor is generally correct that it will resolve the issue, doesn't mean that it was the step required to fix it. Just means while they were in the race they didn't do the hurdles instead went right to the end.

    I don't have to jump hurdles and I can go straight to the end of the race well that doesn't sound bad! It doesn't sound bad for the person doing it, but now (if)when that issue comes up again no one is going to know how to fix it, but run the doctor,and now we are no where closer to a resolution, just in a loop of doing the same thing over and over again.

    As for the original poster there is a lot of good suggestions in the thread as to what the issue could be caused by it does sound like a DNS lookup failure that is causing the issue, this is not likely going to be virus that you are running into.

    Are you able to reproduce this same issue across multiple networks?
    Ex HP webOS Tech Support

    5Ts: Five ways to get your webOS tablet working again: http://www.hpwebos.com/5Ts

    6Ts: Six ways to get your webOS phone working again: http://www.hpwebos.com/6Ts
    treodoc755 likes this.
  19. ggendel's Avatar
    Posts
    463 Posts
    Global Posts
    818 Global Posts
    #19  
    Quote Originally Posted by texasflood View Post
    Surprisingly I don't see these tools, not sure if there is a way to add them.
    You're right. I know they were there a long time ago on the phones. You can use traceroute to do the name conversion in a pinch. However, to redirect it to a specific name server you have to edit /etc/dnsmasq.palm.conf:

    uncomment: #no-resolv
    add this line: server=8.8.8.8

    So, I would double-check to make sure nothing has mucked with this file (specifically uncommented #no-resolv).

    Then modify the file. If that resolves your problem then someone is trapping your dns calls and remapping them. BTW, many ISPs redirect DNS failures to their own landing page. Google (8.8.8.8 or 8.8.4.4) doesn't so it will rule out a lot of things.

    But first I would look at your network settings to see what the name server it's using and test nslookup using that on some other machine. Just go to network preferences and tap on your connection to see this information.
    Palm III->Palm IV->Palm V->M130->Tungsten->Treo 270->Treo 600->Treo 700->Palm Pre Plus->FrankenPre 2->Pre 3 & TouchPad
  20. #20  
    Quote Originally Posted by HardBeatZ View Post
    Doing the doctor may in fact resolve the issue, but it could be resolved by doing a flush on the DNS. One takes thirty seconds and keeps everything great the other takes a much longer process and causes data that isn't backed up to be lost.
    Is there a command to flush DNS or do you mean to do a reboot?
Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions