Every time I open IMDb (Internet Movie Database) I get this pop-up from my Trend-Micro program. What could cause this? It is the correct address in the address bar, it is not the address shown in the pop-up. It only happens when I visit this website.

What could cause this?

Malware can intervene and redirect your input address to any address of their choice. Try the following scan:


* Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Full Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked , and click Remove Selected.
• When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
• A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
• Please post any current revised observations.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

I am not being re-directed to another site. It is the actual IMDb site.

It is the correct address in the address bar, it is not the address shown in the pop-up.

Please provide the particulars for each address - 'address bar' does NOT equal 'pop-up address'. Were it not for TM you would most likely be redirected to the dangerous pop-up address? The recommended scan may still be your best bet.

I wonder why the Trend Micro didn't catch these two?

____________________

Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 6.0.6001 Service Pack 1

12/6/2008 10:41:23 PM
mbam-log-2008-12-06 (22-41-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 192762
Time elapsed: 1 hour(s), 22 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I wonder why the Trend Micro didn't catch these two?

If your TM tool is primarily an antivirus tool its core competency is still not anti-malware and will most likely be found wanting in that area. Nevertheless, there is not one tool that will catch everything, particularly in a timely manner.


If you are still having issues, post the addresses requested (if still appearing) and a HijackThis LOG. Your issues might be explainable, as follows:

For a given link or icon there is/was an additional non-obvious one sitting below or slightly offset. Clicking one may also invoke the other. How sneaky is that?