Friday, March 05, 2010

Some Hijack Malware Is Being Claimed To Be Blogger Provided

As the ongoing investigations into the nature of the latest malware based blog hijacks continues, some victims are claiming that the malware that they installed, unwittingly, was possibly part of a Blogger provided gadget, installed using the Blogger "Add a Gadget" wizard in "Page Elements".

If you find this as you clean your blog, will you please report your finding here. Please state, in a comment below, as completely as possible
  • The title of the offending gadget.
  • The author of the offending gadget - this detail is very useful, as many popular gadgets are provided by multiple authors!
  • Any specific selections or settings that you made, when installing the gadget.
What you find, and what you provide here, will be passed on to Blogger Support, at all possible speed, for their verification.

All responsible bloggers thank you, for your honest contributions.

>> Top

34 comments:

Punohu's Politics,Environment and Culture said...

Mine came from a blogger widgetL Martin Luthor King Jr Quotes. I went through my whole list, deleted everything, lost so much stuff, and then my malware and spyware detector went nuts, with a trojan horse warming. I finally managed to click delete ok before the trojan horse warning came on the screen which solved it.

Also as a precaution I changed my google password aas well

Selma-Janet said...

Hi Nitecruzer,
Thanks for the help you have just given me. I found the REEL TIME COUNTER in the gadget section of Blog Spot. Sorry I don't know who acatually supplied it, when I just checked there I found four different ones there. As I did't know it had even loaded, I am not able to provide any further information, sorry.

Once again, thank so much for your help in resolving my problem.

bunnits said...

Removed Weather.com Radar widget seemed to fix site redirecting to deplayer.net

JohnMacDougall said...

Source of unwanted redirect to deployer.net from my blog was gadget called Internet TV (listed in Blogger Add Gadgets). Could not be removed in usual way, had to find the line of relevant code from Edit HTML option and delete it, then save new template). This cleared the problem, at least for now. Impressions - this blog hijack problem began for me same day (March 4, 2010) deployer.net was registered in Poland. Many different approved gadgets seem compromised. If one lets deployer.net run till it reaches a site on its 'customer' list, sites reached will vary and seem to be money-makers or personal info harvesters. First time I ever had problem like this, very frustrating, took day and a half to find a fix using the accumulated feedback here and around the net.

hmfoster said...

Am so sad and frustrated, blog was hijacked by counter also to deplayer.net.
tried to follow directions to delete gadget, but in the edit page elements there is no choice for deleting it???
any help would be greatly appreciated, am not HTML literate

KJAER said...

My problem, it turned out, was a stupid little clock that I installed over a month ago... got rid of it... and problem solved!!!!

Oh... and I am not a computer person but this is how I did it ... simply went to tools on top right hand corner of screen ... internet options.... security.... turned it to 'high'... and then I could control the removal of the clock and simply switched everything back.... YES!!!! www.kjaerpedersen.blogspot.com

D-Slayer said...

my problem was partly to do with Either the RSS FeedBurner i installed off Google Bloggers Widget gallery and the Homer Simpsons Quots widget also installed off Google Blogger - so be vary people install / dont install them - using your own risk

NO2SHOTS said...

The main gadget problem I had was "Hamster Box" by:FreeGadget

I also removed and suspected that the "Guitar" by: Kazekage ke-7, may also be a problem.

Upon removing both the problem was solved and my page no longer got redirected. To be clear I know for sure "Hamster Box" is a problem. The "Guitar" I think may be but not sure. Removed it to be on the safe side.

Pedro Sykes said...

Mine was caused by the CNN.com Headlines 2010 gadget from Qubezo Nabel. Many of the gadgets that I've seen on the list are from the same person. There were no settings on the gadget except the height. It worked for a couple of weeks. Then it started to redirect traffic. It looks as if there was some timing involved in this attack. They waited until some time had passed an then sent out the redirection code.

peggy gatto said...

I removed 3 new gadgets!
I have my blog back
thank you!

Gotta Getcha Back said...

The gadget was Facebook, and I had installed it awhile ago, (months ago actually), but just the other day for some reason, I had to sign in, which I hadn't had to do since it was installed months ago. Sorry I'm not much help, except for the gadget itself, but upon removing Facebook, and clearing the cache, I got my blog back.... !! Thank you so much for this blog, you saved me, my sanity, and my BLOG !!

Call me Exhilaration said...

My gadget problem was from the Real Time Hit Counter. Hijacked to feeltsee.com which seems to be a common redirect site. Easily removed in the layout section EDIT > REMOVE.

Thanks for your help!

Jack said...

The add a gadget feature of the blogger web site. I added a hit counter and was subsequently hijacked. I removed the hit counter and eliminated the problem. Thanks!

Huma Shah said...

Thank you for solving my virtual headache - unauthorised Blog redirection to http://deplayer.net/ptp.html through digital breakdown of the clock/calendar widget.

Thank you to nitecruzr :-)

Team RenCom said...

I'm ready to cry ... I used "Add A Gadget" to add a counter, and my blog has now been hijacked. When I try to login to my site to delete the gadget, I can't get to it without being redirected to http://deplayer.net. I can't seem to get around it. Can someone please help? I appreciate so much any help you might be able to provide. Thank you!

Chuck said...

If you have trouble using "Page Elements" and the GUI "Remove" button, use "Edit HTML" and delete the line entry for each problem gadget.

Highly Acclaimed Stories said...
This comment has been removed by the author.
Heather Brennan said...

I was being re-directed to http://deplayer.net/ptp.html

I removed a hit counter gadget (sorry, I should have written down the exact name of the gadget before I deleted it) and that seems to have fixed the problem.

www.MemoriesByHeatherPhotography.blogspot.com

Sirtea 茶翁 said...

I removed "Fish Tank". The redirect & multiple Ads were gone. Thank you for your advise.

Darlene Currie said...

I deleted all of my gadgets. I did them one at a time. It seems the last 2 might have been the problem, one of them was bumper stickers and the other was Hollywood birthdays of the day. I can't remember where I got them from. It was 2 months ago and my first blog. But I do have my blog back. Thank you.

My name is Barbara said...

I recently had my blog hacked. Afer I removed several of the gadgets I had gotten from blogger, my blog came back. I read through some of the post here and after reading what several of you have written I raised my security level from medium to high. I am so happy I found this blog. I decided to become a follower. I am not computer literate but this blog has helped me. I was very upset when my blog was hacked. It was terrible to see my blog disappear after all the work I had put into it.
Now I am nervous about putting any gadgets on my blog.
I filled out the form that is offered in blogger help to see if someone could help and that didn't help. I just got a reply that didn't make sence to me.

Wax Beach Artist said...

Hi and thank you for your helpful info. The gadget at fault was the Zen Fish Tank by free gadgets. I removed it and the redirection problem has ceased. I tried a few more gadgets by free gadgets and they all started trying to redirect as I was adding the gadget. I think they are all malicious and should be removed.

Stevie said...

Thank you for your help - I was getting desperate - I didn't know what to do!!!

My Blog was being redirected to the same site mentioned above "deplayer.net" - I took your advice and deleted the Fish Tank first but this one was not the cause!!!

I then tried to delete the Stress Ball Game but could not as it kept redirecting so then tried HTML and deleted it that way!

What a relief - Stress Gone!! Sorry for the pun!

At least I will know what to try next time - if it happens again!

Thanks.

40KEndgame said...

Mine came from a gadget called Super Mario kart Xtreme. I'm getting fed up with all this. Every single page I make gets infected.

nikgee said...

First off I want to thank you for your sound advice. you where right on target. there where two gadgets that where the problem. One was the real time counter. The second was a digital clock. I couldn't remember the name of it.I went back to check on it but couldn't find it.I just remember it was multi-color psychodelic numbers flashing.Anyway thanks again.hope the info helps.

T-551 said...

Recently my blog was taken over with a redirection. I was later told to try removing the gadgets. I have had those gadgets for months, but I removed the "points to ponder" gadget that being the most recent and also the "Tic Tac Toe" gadget and a "Darts" gadget from my blog and now everything appears to be working fine. Thank you for your help.

Jim Dornberg said...

DO NOT use the Scribble Clocks! They hijack your blog.

Thoris Designs said...

Thanks to your article I just fixed my blog. This must have been going on for a few days, which really sucks because my blog is for my business.

The offender:
Realtime Hit Counter 2

Provider:
FreeGadget

I got rid of the gadget by going into my layout setting, hitting the edit button, and then, with lightning speed, right clicking in the window and choosing STOP to get it from redirecting me. Then I hit REMOVE. It took a few tries.

Thanks for your help. You saved me.

252 said...

its the discovery channel gadget on mine and every time I click to edit I go to click remove and it is redirected from there Grrrr .... How do I remove it if it wont even stay on the page long enough for me to press the remove button ?

Sirena said...

Looks like Kazekage Ke-7 is a serial offender. He/she has created several Amazon gadgets. The one I installed redirected my blog to another site. The only way to get rid of it is to delete the HTML - nothing else works.

The one I installed was the "Amazon Product Cloud Widget - Grey" but I'm guessing all his other gadgets do the same.

Chuck said...

Thanks, 252,

You need to identify the gadget by name, then use "Edit HTML" and remove the code by deleting the gadget entry.

Bruce said...

Hamsters, bubble wrap, and penguins all worked for a while, then stopped working, and finally caused a redirect to some Chinese news site without even being clicked.

Dark Angel said...

My was an itunes update. It screwed up mu entire network connection. Beware!

Highly Acclaimed Stories said...

Sorry mate.. it's 1.30 in the morning over here in NZ and I removed my comment written on 10 April like an egg! haha
I remember it was the Did you Know? blogger gadget. Got rid of it and never ever had a problem since.
As now I know not to go near anything else EVER again thanks to this... never affected any subscribers re any viruses it was just a redirection to a sex lube site! Saw the funny side but was mighty ticked off...
BUT no probs at all now...

Cheers for this blog...