1. Home
2. Questions
3. Tags
5. Users
6. Jobs
7. Companies
8. Unanswered
Teams

Now available on Stack Overflow for Teams! AI features where you work: search, IDE, and chat.
Learn more Explore Teams
Teams
Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Explore Teams

Weird porn searches showing up in history (NSFW)

Ask Question

Asked 11 years, 11 months ago

Modified 6 years, 10 months ago

Viewed 20k times

6

A few months ago I went to do a search from the Firefox search page (the default home page) on my computer and one of the previously run searches in the dropdown was for "pee porn." At the time it was a little upsetting as I thought maybe my temporary housemate was responsible, but the dates and times related to the search didn't add up. I looked through the history and could not find any evidence that anything was accessed after the search, nor could I find the search results page for this query in the browser history. Perhaps the history was deleted but I never figured it out, the computer eventually got reformatted and I didn't think about it again.

Fast forward to a few days ago, my daughter and I were playing a game on my wife's laptop when I alt-tabbed out to Firefox to look up something for the game. On the Firefox search page, in the first five entries was a search done for "girl eats own p***y". I shooed my daughter away and looked at what else was on the list; there was "huge c--t porn," "men lick their c-- off girl b------," and possibly others (you get the point).

Assuming these searches are related, this set of fetishes is so diverse and in language that neither of us would ever in a million years use that my first guess was that this is all some kind of SEO attempt. The thing that gets me though is that I can't find any evidence that these searches are ever completed or that anything is accessed as a result. I 10000000% don't believe it's my wife doing this, I didn't do it, and I don't have any kids or visitors who would have done it either.

Virus scans are clean; both affected computers run Adblock Plus and the laptop in question just came back reformatted from the shop in May.

Anybody else have anything like this pop up on home or work computers?

Thanks

edit: I'm starting to get some validation in that I'm not the only one who seems to have this problem. This google thread (http://productforums.google.com/forum/#!category-topic/websearch/unexpected-search-results/dmT4efq3-HY) has a bunch of people complaining about weird searches showing up in their Google History.

edited Jul 27, 2012 at 15:45

asked Jul 26, 2012 at 14:07

jstar

691 gold badge1 silver badge3 bronze badges

2

While its semi integral to the question, i've taken the liberty of editing this question slightly for worksafeness - folk can look at the previous edits if need be, and we've had some users complain about that sort of language before under more innocent circumstances. I've asked about it to the mods, and if necessary we can roll back my edit.
– Journeyman Geek ♦
Commented Jul 26, 2012 at 14:34
1

> and the laptop in question just came back reformatted from the shop in May. Um…
– Synetech
Commented Jul 26, 2012 at 15:36
When you say it happens while doing searches, what does that mean? Is it Google or other search engines? Get a fresh, portable copy of Firefox and see if it still happens. Try IE or other browser. If you can narrow it down to just that one copy of Firefox as opposed to a network-related issue, then try clearing out the cache. Maybe even consider making a backup of your profile and then try clearing the history, cookies, etc. until you find something that stops it altogether. That way you can narrow down exactly what is causing it.
– Synetech
Commented Jul 26, 2012 at 15:48
4

Do you use Firefox's sync? If so, is it possible you've synced with another computer that someone else had access to? That could definitely account for this behavior. Is it possible that you logged into your google account on someone else's computer (or library, work, school) and left it logged in? I'm not sure if that would cross computers automatically, but if so it could just be searches someone else made before you were logged out.
– techturtle
Commented Jul 26, 2012 at 17:39
@techturtle : you should post that as an answer. Its another possibility, and one i didn't think about.
– Journeyman Geek ♦
Commented Jul 27, 2012 at 0:23

| Show 3 more comments

3 Answers 3

Sorted by:

9

There are two things I'd suggest here:

SU malware removal community wiki should be your first port of call.

Nirsoft has a few tools that may be useful in terms of forensics - my last search should help you find searches and when they were done, at least as far as the browser is concerned. He also has tools for looking at cache, cookies and history.If nothing else, if all these happens at wierd hours, you could rule out human involvement, short of a catburgler with an embarrassing porn fetish.

As for prevention, If you're running XP (or even newer windows versions, you may want to consider doing everything as a limited user and have per user accounts. If nothing else this should contain any weirdness to that user.

edited Apr 25, 2017 at 14:44

Mithical

3211 gold badge3 silver badges14 bronze badges

answered Jul 26, 2012 at 14:29

Journeyman Geek♦

130k52 gold badges272 silver badges443 bronze badges

If you use Google and stay logged in, you can turn on search history, and then use the google search history to see when those searches were made. And introduce your roommate to Google Chrome and ctrl+shift+n
– jcolebrand
Commented Jul 26, 2012 at 20:57
If he determines there's malware causing this, I'd vote against using any malware removal tools. Given the symptoms, there would be at least a rootkit involved here, and malware travels in packs. It'd be easy to remove the obvious symptoms and unknowingly leave behind a more nefarious keylogger designed to steal credit card, bank passwords, or the like.
– Joel Coehoorn
Commented Jul 27, 2012 at 13:53
Oh yes, If his system is compromised to hell, reformatting is a very good idea. I still think checking for malware would be the first thing to do, before deciding on a course of action
– Journeyman Geek ♦
Commented Jul 27, 2012 at 14:28
I've activated Google history on both our accounts just to see if I can drill down on any future occurrences. It is my understanding that reformatting does not always eliminate rootkits. Is this true?
– jstar
Commented Jul 27, 2012 at 15:33
Oh, and I fired up MyLastSearch and it cannot find any evidence of these searches, even with the Google Instant exclusion disabled. These queries were entered but like my first experience with it there is no residual evidence...
– jstar
Commented Jul 27, 2012 at 15:34

Add a comment |

2

Do you use Firefox's sync? If so, is it possible you've synced with another computer that someone else had access to? That could definitely account for this behavior. Is it possible that you logged into your google account on someone else's computer (or library, work, school) and left it logged in? I'm not sure if that would cross computers automatically, but if so it could just be searches someone else made before you were logged out.

answered Jul 27, 2012 at 13:39

techturtle

9,23611 gold badges45 silver badges81 bronze badges

I checked; sync is not enabled.
– jstar
Commented Jul 27, 2012 at 15:33

Add a comment |

-1

I'm not sure this can be a virus or rootkit since you have AV installed.

I would install keyloger to check all hits from keyboard. the log will contains dates and time of the hit so it will be much easier to narrow down the time frame and possible cause.

Additionally some firewalls / AVs have a possibility of extended log - you may want to enable this. It might show accessed web pages.

If you are determined and your ISP provides his own DNS server - so you dont have like 8.8.8.8 as DNS entry, you may want to ask your ISP for date and time when the query for this particular domain was sent to DNS server.

you can also install local proxy which will collect all the urls and log them, and direct browser to use this local proxy.

answered Jul 26, 2012 at 14:16

mnmnc

4,1291 gold badge20 silver badges24 bronze badges

5

"I'm not sure this can be a virus or rootkit since you have AV installed." - A popular misconception. Having said that, Occam's Razor in this case would point to someone actually doing those searches.
– EBGreen
Commented Jul 26, 2012 at 14:25
i've heard of worms that block certain DNS queries or drops connections to certain sites. I've never heard of a worm that will search nasty things by using ones browser. What would be the benefit? Malware usually access the url directly - no need to search for the page as it might raise an unnecessary alarm.
– mnmnc
Commented Jul 26, 2012 at 14:29
1

Viruses often have no real benefit for the writer these days. They are written simply to show that they can be.
– EBGreen
Commented Jul 26, 2012 at 14:30
3

@EBGreen: Quite the opposite. Gone are the olden days when people wrote viruses to show off; most malware these days aims for commercial gain - be it ad popups, clickjacking, identity theft, ransom, corporate espionage or something else. Perhaps those searches might have been inserted by malware trying to promote some shady site?
– Piskvor left the building
Commented Jul 26, 2012 at 14:55
2

Either way, stating that it is unlikely to be a virus just because AV is installed is faulty logic in my experience. Having said that, in my opinion, I would rank virus below the likelihood of someone actually doing those searches.
– EBGreen
Commented Jul 26, 2012 at 15:00

| Show 9 more comments

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
firefox
search
history
.