Jump to content



Photo

Ads/Script redirecting to Virus site?


  • Please log in to reply
27 replies to this topic

#1 Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 11 July 2013 - 16:57

2nd time this has happened to me now. I use inprivate mode at work so i'm not logged in but i'm on the neowin main page then start getting redirected to other site to land at:

 

Fake Virus.png

 

WARNING: Don't be a smarty and go to site below: :punch:

http://usdppvs.myftp.biz/index.php?....................... etc

 

I don't know if it's the same site as last time but it was the same fake Security Essentials thing.

 

It's only happened when not logged in so i'm guessing guests haven't been able to report it.




#2 SecretAgentMan

SecretAgentMan

    Super Genius

  • Joined: 09-January 03

Posted 12 July 2013 - 22:59

Yes, I am not the only one that has seen the fake Security Essentials windows a few times now when I come to Neowin.  It seems like a bad advert in the rotation I am guessing and the link is different each time. 

 

Warning to not go to the link below!!

 

"http://thpfbez.myftp...zaZzWwL95qmKyoM="

 

 

And this happens while I am logged in.



#3 papercut2008uk

papercut2008uk

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 05-June 13

Posted 12 July 2013 - 23:09

this is what i usually do if i get infected.

 

Malwarbytes

http://www.malwarebytes.org/

 

if you dont have it, download, install, update and then do a full system scan.

 

then once i have used my antivirus to scan (which takes about 2 days, since i have a huge amount of data and space!) and done a malware scan, i then use one or more of these:

 

(these are all online scanners, so do not require you to remove your existing antivirus software)

 

Trendmacro Housecall

http://housecall.trendmicro.com

 

panda active scan

http://www.pandasecu...tivescan/index/

 

Bit Defender

http://www.bitdefend...nline/free.html

 

Eset online scanner

http://www.eset.com/us/online-scanner/

 

and check startup items and running processes, if i suspect anything i submit it to this site, you can usually judge weather you need to get rid of the file or not

 

Virus total

https://www.virustotal.com/en/



#4 Atomic Wanderer Chicken

Atomic Wanderer Chicken

    Assistant Special Agent Chicken in charge

  • Tech Issues Solved: 5
  • Joined: 20-August 12
  • Location: Black Mesa Research Facility, USA
  • OS: Windows 95 with Microsoft Plus
  • Phone: Motorola MicroTAC Elite

Posted 12 July 2013 - 23:11

I am getting this too, I closed my browser immediately when the fake antivirus thing popped up.



#5 OP Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 12 July 2013 - 23:26

I'm not infected.... pssht :p - I run clean shop over here. It's happened on work PC and my home machine which was formatted to install Windows 8.1 preview. SO it's as clean as a bell. Dunno though, haven't seen it yet today.



#6 SecretAgentMan

SecretAgentMan

    Super Genius

  • Joined: 09-January 03

Posted 12 July 2013 - 23:27

Yep, my system is clean and no damage was done but if people accidentally click through it may be bad.  I am not going to test that however.



#7 Hum

Hum

    totally wAcKed

  • Tech Issues Solved: 5
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 12 July 2013 - 23:35

Not detected here.

 

MSE running.



#8 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Emterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520 Black

Posted 12 July 2013 - 23:57

TMG caught it, Eset caught it, smartscreen caught yep that's some good malvertising.



#9 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 61
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 13 July 2013 - 07:38

Can someone please screenshot the advert that supposedly triggers this? It's quite serious and I need to be able to report it. Does it happen only on main or also in the forums?



#10 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 61
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 13 July 2013 - 07:45

I've reported it, hopefully our guys can sort this with the information provided in this thread.



#11 cork1958

cork1958

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 04-October 02

Posted 13 July 2013 - 09:41

this is what i usually do if i get infected.

 

Malwarbytes

http://www.malwarebytes.org/

 

if you dont have it, download, install, update and then do a full system scan.

 

then once i have used my antivirus to scan (which takes about 2 days, since i have a huge amount of data and space!) and done a malware scan, i then use one or more of these:

 

(these are all online scanners, so do not require you to remove your existing antivirus software)

 

Trendmacro Housecall

http://housecall.trendmicro.com

 

panda active scan

http://www.pandasecu...tivescan/index/

 

Bit Defender

http://www.bitdefend...nline/free.html

 

Eset online scanner

http://www.eset.com/us/online-scanner/

 

and check startup items and running processes, if i suspect anything i submit it to this site, you can usually judge weather you need to get rid of the file or not

 

Virus total

https://www.virustotal.com/en/

Over kill to the maximum, even if it is better to be safe than sorry!

 

Malwarebytes and SuperAntiSpyware, are all I need. If those 2 programs haven't gotten everything, I'll use Malwarebytes anti rootkit, which I'm not even sure is any different that regular Malwarebytes! Usually, either of those first 2 programs get's those baddies.

 

Not even using an AV now. Have NEVER had one of those bloated programs block/find/remove anything!



#12 SecretAgentMan

SecretAgentMan

    Super Genius

  • Joined: 09-January 03

Posted 13 July 2013 - 09:44

Can someone please screenshot the advert that supposedly triggers this? It's quite serious and I need to be able to report it. Does it happen only on main or also in the forums?

Not sure which ad was doing it but it only happened to me on the main page and not the forums.



#13 OP Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 13 July 2013 - 12:26

Couldn't screenshot it because it goes by too fast as I'm generally not paying attention to the ads either (:p) - I just go neowin.net then go to try click the login button and it starts going all over the place.



#14 SecretAgentMan

SecretAgentMan

    Super Genius

  • Joined: 09-January 03

Posted 13 July 2013 - 22:43

Just happened again and with a different link.  Do NOT click the link below!!

 

"http://obtxlov.myftp...y6MiWQCn56uDyoM="



#15 Leopard Seal

Leopard Seal

    Neowinian

  • Joined: 28-October 12

Posted 13 July 2013 - 23:20

Just happened to me about 30 minutes. Fortunately I was browsing on my Surface RT, so no worries about malware and Trojans.





Click here to login or here to register to remove this ad, it's free!