Sign in to follow this  
Followers 0

Ads/Script redirecting to Virus site?

28 posts in this topic

Posted

2nd time this has happened to me now. I use inprivate mode at work so i'm not logged in but i'm on the neowin main page then start getting redirected to other site to land at:

 

post-698-0-85235300-1373561494.png

 

WARNING: Don't be a smarty and go to site below: :punch:

http://usdppvs.myftp.biz/index.php?....................... etc

 

I don't know if it's the same site as last time but it was the same fake Security Essentials thing.

 

It's only happened when not logged in so i'm guessing guests haven't been able to report it.

Share this post


Link to post
Share on other sites

Posted

Yes, I am not the only one that has seen the fake Security Essentials windows a few times now when I come to Neowin.  It seems like a bad advert in the rotation I am guessing and the link is different each time. 

 

Warning to not go to the link below!!

 

"http://thpfbez.myftp.biz/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBdyf5PIpX2zaZzWwL95qmKyoM="

 

 

And this happens while I am logged in.

Share this post


Link to post
Share on other sites

Posted

this is what i usually do if i get infected.

 

Malwarbytes

http://www.malwarebytes.org/

 

if you dont have it, download, install, update and then do a full system scan.

 

then once i have used my antivirus to scan (which takes about 2 days, since i have a huge amount of data and space!) and done a malware scan, i then use one or more of these:

 

(these are all online scanners, so do not require you to remove your existing antivirus software)

 

Trendmacro Housecall

http://housecall.trendmicro.com

 

panda active scan

http://www.pandasecurity.com/activescan/index/

 

Bit Defender

http://www.bitdefender.co.uk/scanner/online/free.html

 

Eset online scanner

http://www.eset.com/us/online-scanner/

 

and check startup items and running processes, if i suspect anything i submit it to this site, you can usually judge weather you need to get rid of the file or not

 

Virus total

https://www.virustotal.com/en/

Share this post


Link to post
Share on other sites

Posted

I am getting this too, I closed my browser immediately when the fake antivirus thing popped up.

Share this post


Link to post
Share on other sites

Posted

I'm not infected.... pssht :p - I run clean shop over here. It's happened on work PC and my home machine which was formatted to install Windows 8.1 preview. SO it's as clean as a bell. Dunno though, haven't seen it yet today.

Share this post


Link to post
Share on other sites

Posted

Yep, my system is clean and no damage was done but if people accidentally click through it may be bad.  I am not going to test that however.

Share this post


Link to post
Share on other sites

Posted

Not detected here.

 

MSE running.

Share this post


Link to post
Share on other sites

Posted

TMG caught it, Eset caught it, smartscreen caught yep that's some good malvertising.

Share this post


Link to post
Share on other sites

Posted

Can someone please screenshot the advert that supposedly triggers this? It's quite serious and I need to be able to report it. Does it happen only on main or also in the forums?

Share this post


Link to post
Share on other sites

Posted

I've reported it, hopefully our guys can sort this with the information provided in this thread.

Share this post


Link to post
Share on other sites

Posted

this is what i usually do if i get infected.

 

Malwarbytes

http://www.malwarebytes.org/

 

if you dont have it, download, install, update and then do a full system scan.

 

then once i have used my antivirus to scan (which takes about 2 days, since i have a huge amount of data and space!) and done a malware scan, i then use one or more of these:

 

(these are all online scanners, so do not require you to remove your existing antivirus software)

 

Trendmacro Housecall

http://housecall.trendmicro.com

 

panda active scan

http://www.pandasecurity.com/activescan/index/

 

Bit Defender

http://www.bitdefender.co.uk/scanner/online/free.html

 

Eset online scanner

http://www.eset.com/us/online-scanner/

 

and check startup items and running processes, if i suspect anything i submit it to this site, you can usually judge weather you need to get rid of the file or not

 

Virus total

https://www.virustotal.com/en/

Over kill to the maximum, even if it is better to be safe than sorry!

 

Malwarebytes and SuperAntiSpyware, are all I need. If those 2 programs haven't gotten everything, I'll use Malwarebytes anti rootkit, which I'm not even sure is any different that regular Malwarebytes! Usually, either of those first 2 programs get's those baddies.

 

Not even using an AV now. Have NEVER had one of those bloated programs block/find/remove anything!

Share this post


Link to post
Share on other sites

Posted

Can someone please screenshot the advert that supposedly triggers this? It's quite serious and I need to be able to report it. Does it happen only on main or also in the forums?

Not sure which ad was doing it but it only happened to me on the main page and not the forums.

Share this post


Link to post
Share on other sites

Posted

Couldn't screenshot it because it goes by too fast as I'm generally not paying attention to the ads either (:p) - I just go neowin.net then go to try click the login button and it starts going all over the place.

Share this post


Link to post
Share on other sites

Posted

Just happened to me about 30 minutes. Fortunately I was browsing on my Surface RT, so no worries about malware and Trojans.

Share this post


Link to post
Share on other sites

Posted

I removed the top ad from main and forums until this gets sorted, no answer from my ad provider yet.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Also added that domain (which is always the same so far) to the ban filter.

3 people like this

Share this post


Link to post
Share on other sites

Posted

This popped up for me now.  

Share this post


Link to post
Share on other sites

Posted

It's back. Just had it pop up again on my desktop machine.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

myftp.biz has been blocked here and at two ad providers that could possibly host such an ad, but it's confusing because we don't even allow popups; the only way we can truly get to the bottom of this is if I know exactly what ads are loaded on the page when the thing pops up.

Share this post


Link to post
Share on other sites

Posted

Also save the page where you see it so I can also check sigs for anything dodgy.

Share this post


Link to post
Share on other sites

Posted

People keep saying pop-ups but it's not, its a whole site redirect and you end up at a white page showing just my capture in the middle of the page.

Share this post


Link to post
Share on other sites

Posted

Hmm maybe disable "Allow sites to redirect you from the page" pretty sure Chrome won't redirect me off Neowin to some other domain just like that!?

Share this post


Link to post
Share on other sites

Posted

I added gooleadsense.com to the Firefox list of sites to block.

 

I still have not seen any bad ads/redirects.

 

Must only be for Chrome users.,

Share this post


Link to post
Share on other sites

Posted

2nd time this has happened to me now. I use inprivate mode at work so i'm not logged in but i'm on the neowin main page then start getting redirected to other site to land at:

 

attachicon.gifFake Virus.png

 

WARNING: Don't be a smarty and go to site below: :punch:

http://usdppvs.myftp.biz/index.php?....................... etc

 

I don't know if it's the same site as last time but it was the same fake Security Essentials thing.

 

It's only happened when not logged in so i'm guessing guests haven't been able to report it.

 

WOW, if MSE detects it just imagine how bad it really is....

 

Also Sandboxie FTW!

 

A good time to remind anyone who is reading this to keep their 3rd party applications and operating system up to date. It's more than likely what ever site it's redirecting to probably has an exploit kit.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.