Another exploit on a GFY banner?
 

I just refreshed a page and got infected by one of those Windows security alert viruses. Remember that from a few months ago? I was only surfing GFY and on DroidDoes.com
a Verizon site I assume.

Wonderful! I went through this last time...what a pain in the arse.

Thanks for the heads up :thumbsup

Thanks jim, luckly I'm not on IE.

Next time, think Mac

For all those of you that want to see what is going on on the different sites you visit, I can highly recommend you try Fiddler
http://msdn.microsoft.com/en-us/libr...46(VS.85).aspx

It's also a great tool to track where and how the dodgy affiliates redirect their traffic. This tool have saved me hours of work, when catching and investigating fraud amont affilates.

No one else got infected yet? I use FireFox and this is the second time assuming I did pick that up here today. Thinking about switching to Chrome next to see if that is safer.

you were more than likely already infected.

Avira detected and deleted it too when I opened a thread!

:thumbsup:thumbsup:thumbsup

Fire fox here and don't have any problems ;)
I also run Nod32....

Thanks for the confirmation. I use AVG but will switch to Avira next if that is the case. I am too entrenched in Windows to go MAC. But switching anti-virus and browsers after I clean this up is definitely in order.

Adblock + Noscript.
I know an affiliate webmaster shouldn't be recommending this but unfortunately it's the safest way to surf.

What is Nod32?

My micro trend picked it up as well.

What specifically is it detecting -- what does it call it -- as much info as possible please including filename and/or registry key if present.

I recommend (in order of preference):

1. Linux (http://linux.org, http://ubuntu.com)
2. Mac
3. Firefox with NoScript (Ad block plus optional) + Microsoft Security Essentials + MalwareBytes Anti-Malware (to scan when infected)

http://www.eset.com/
that will answer it

Mods: Please take note of this thread with two confirmations. I wish that I could give more details about the infection. But I have anti-spyware running in safe mode now including Mal-Ware Bytes. It pops up the fake critical stop messages saying your pc is infected. Similar to the last banner exploit. I am real annoyed with FireFox and AVG for not catching this!

I just lost 2 days fixing the same damn virus with Avast, Avira, Spybot and super antispyware running.

Was only able to fix it booted of a repair disk from Avira. Every other repair never got to the root of the problem.

2 fucking days lost. I want to kill whoever did this.

Why the fuck can't this board scan and kill any issues before we get infected?

Hate to write it but I told you so! And was promptly pilloried as a idiot by "certain" GFY members.

I posted a thread on this very matter here:

https://gfy.com/showthread.php?t=980103

which thread includes the domain, the host and the IP of the attacking source as well as several threads on which the attack was occurring.

Sally.

Interesting read.

If they don't get this fixed fast they can color me gone.

sally and papillon
 

what happened ?

that is why I only come to GFY when I am on UBUNTU...

Still no real details of the actual exploit ... is it really a serious threat? ... is it really coming through GFY's ad server?... or maybe is coming through from an embedded image in some posts / user signatures - that has been documented happening numerous times in the past.

Ron

I am accessing GFY from a different pc now using No Script & Adblock Plus in FF for protection while I try and get rid of the "Windows Security" malware on my laptop. I do recall what thread I was reading however. It was 'Best Android Phone". maybe some one else can check that one and see if any more alerts pop up on your secured browser.

Wonder why so many including myself have no problems....

Then again, I have never used anti virus apps and never had a problem... Makes you wonder....

Thanks, apologies for the late reply, Jim ;)

http://www.eset.com/search-brand?CMP...FcZh2godlm4chg

So far I am unable to duplicate this. What browser/version and AV are you guys running?

I blame tubes!

oh wait ;)))

Thanks for looking into it. I don't know how the hell so many others are not affected by this instead of just three or four of us Windows users. It was something in the "Best Android Phone' thread this time. I got an immediate infection like I had no protection at all. I use Win XP SP3, FF 3.6.3 and AVG antivirus. Plus I run Windows Defender and Ad-Aware too.

I have blocked all ads and scripts while surfing GFY. Sucks for people paying to advertise, but the last exploit that loaded here cost me two days of fucking around to get my PC back.

Same here! On a business board like this I actually like to see the ads and banners so I can see who is spending money, and doing business and what they are promoting. I just finally removed (I hope) the exploit after a half dozen scans & reboots later and wasting the better part fo two days using a few tools including Malware Bytes, AVG anti-virus, TDSS rootkit killer,& Spybot Search & Destroy as well as manually going through my Windows/System 32 folder to remove all the newer .exe & dlls that had a date created yesterday. I am now using FF with No Script & Adblock Plus. I really have no idea why my system is so easily infected when I run an updated Win XP SP3, updated AVG anti-virus, Spybot-SD resident real time protection, Windows Defender and Ad-Aware.

I am running Firefox 3.6.8, which is the latest version, Adaware, Spybot, AVG, Malwarebytes, Windows Defender, Zone Alarm and frequently run Windows Security Essentials. I update frequently, some daily. Using Windows Vista Home Premium With SP on this box. Same programs on my laptops.

There are some recent updates to Adobe which close some holes well-known to attackers. I also keep my firewall settings way up there.

I never use IE.

I think perhaps if you take a look at my first thread on the matter, to which I linked in this thread and then compare it to the threads mentioned by other users, you might be able to pin down the source of the attacks or at least get close to the perp.

'den when you find him/her we keel 'dem an' we don' need no stinking badges!

LOL!

Sally.

they need to host the ads locally so that people can't change them out on the fly.

Wow, this malware is really insidious. I thought I had caught it all since the notifications that lock up your screen and task manager are gone. But now hours later it tried launching an installer out of system restore and luckily AVG caught it. I also saw that it had added custom proxy settings to FF & IE/Chrome. Plus there were several suspicious scheduled tasks added to the windows scheduler that most people don't even pay attention to. The malware itself is not active yet sending me messages and locking up my screen but a scan with malware bytes just caught new infections I am deleting all restore points & temp files and running the anti- virus, spyware and & rootkit apps again before I reboot my laptop.

Yet Another Attempted Attack
 

occurred on this thread:

https://gfy.com/showthread.php?t=981873

Info on IP and associated site and hosting:

67.220.140.58

67.220.140.58 - Geo Information
IP Address 67.220.140.58
Host 67.220.140.58
Location US US, United States
City Stockton, CA 95219
Organization DENIRO MARKETING, LLC.
ISP WBS CONNECT, LLC
AS Number AS14576
Latitude 38°01'99" North
Longitude 121°38'06" West
Distance 10357.98 km (6436.15 miles)

I KEEL DEEZ MOTHYFUCKER AN I DON' NEED NO STEENKEENG BADGES!

Figure it out people!

Sally.

ALWAYS disable your system restore as step #1, when removing malware.

I had a virus warning from GFY last night too, unfortunately i didnt keep the details.

I got this shit yesterday, took a nice 2-3 hours of my time to go safe mode and delete everything in registry etc and then run nod32 and spyware doctor.