| View previous topic :: View next topic |
| Author |
Message |
HeyZeus Heimin (Commoner)

Joined: Nov 20, 2005 Posts: 73 Location: Right......there!
|
Posted: Wed Feb 13, 2008 3:06 am Post subject: |
|
|
once again same thing but different site origin this time. didnt check the product name but all else was the same.
it was bestsellingantivirus.com or something. _________________ DO THESE LOOK LIKE THE EYES OF A JIGOLO O_O !?
" I"'s "
-----Thank you VERY much Admins For having this sight! its very much appreciated------- |
|
| Back to top |
|
 |
HeyZeus Heimin (Commoner)

Joined: Nov 20, 2005 Posts: 73 Location: Right......there!
|
Posted: Sat Mar 01, 2008 11:28 pm Post subject: |
|
|
yet again but this time it came from the forums after following a link from my email to a replied to topic.
i hadnt gotten to that tab yet and suddenly it did its usual thing with a few details different as usual.
malware again. _________________ DO THESE LOOK LIKE THE EYES OF A JIGOLO O_O !?
" I"'s "
-----Thank you VERY much Admins For having this sight! its very much appreciated------- |
|
| Back to top |
|
 |
Neogenesis newbie!

Joined: Jan 28, 2006 Posts: 2
|
Posted: Sun Mar 02, 2008 11:27 pm Post subject: |
|
|
I got the gnida trojan as well. I googled it. It's a flash downloader virus that you find in ad banners. My computer was riddled with them until norton updated and found them. Every now and then when I connect with the site, Norton pops up with a virus qurantine and the ad banner doesn't load. I figure some one has given you guys an ad banner infected with spyware. If I have it pop up again I'll see if I can figure out which banner it is. The file is always called gnida[1].swf. |
|
| Back to top |
|
 |
legioxxiv newbie!

Joined: Mar 07, 2008 Posts: 2
|
Posted: Fri Mar 07, 2008 7:34 pm Post subject: |
|
|
It appears that the site is infected. Every so often probably at least twice a week or more it will forcefully cause a redirect, and today it somehow managed to get a file onto my computer which thankfully was deleted. Administrators, please check the site more often, something is causing the site to forcefully redirect users to other sites and may cause problems for the inexperienced.
Norton auto deleted the program siting that it was a downloader so i have no idea what it is.[/b] |
|
| Back to top |
|
 |
Neogenesis newbie!

Joined: Jan 28, 2006 Posts: 2
|
Posted: Sat Mar 08, 2008 1:07 am Post subject: Got it |
|
|
I got the ad that was causing all the problems on my computer
http://thetechnorati.com/statsg.php?u=1201780750&campaign=mebiennial
I logon to the site pretty often so it was only a matter of time before the infected ad appeared again. Norton popped up said someone just tried to put a downloader virus on my computer and this was the address of the ad banner that wouldn't load due to the block. So stands to reason this is the culprit. Hope you can at least do something to the guy. |
|
| Back to top |
|
 |
AoWhijun newbie!

Joined: Jun 23, 2005 Posts: 3
|
Posted: Sun Mar 09, 2008 6:57 pm Post subject: |
|
|
I have also encountered the same ad that Neogenesis encountered. I was in the Daily Releases section of the site when my anti-virus software (Avast) caught it. The other ad that I saw was a Classmates.com "They got Married?!" ad. Here's the information Avast spat out and the source code I pulled from the ad:
File name: http://thetechnorati.com/swf/gnida.swf?campaign=mebiennial&u=1201780750
Malware name: Win32:Gida [Trj]
Malware type: Trojan Horse
White/Blank Banner Ad on top
-Source Code-
Replaced < and > with ( and )
| Code: |
(html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en")
(head)
(title)(/title)
(/head)
(body bgcolor="#ffffff")
(object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="200" height="200" id="gnida" align="middle")
(param name="allowScriptAccess" value="sameDomain" /)
(param name="movie" value="swf/gnida.swf?campaign=mebiennial&u=1201780750" /)
(param name="menu" value="false" /)
(param name="quality" value="high" /)
(param name="bgcolor" value="#ffffff" /)
(embed src="swf/gnida.swf?campaign=mebiennial&u=1201780750" menu="false" quality="high" bgcolor="#ffffff" width="200" height="200" name="gnida" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /)
(/object)
(/body)
(/html)
|
Hope this helps. |
|
| Back to top |
|
 |
Frundock A-Source Admin


Joined: Aug 04, 2002 Posts: 1561 Location: Canada
|
Posted: Sun Mar 09, 2008 11:39 pm Post subject: |
|
|
Removed a possible advertiser as a possible fault.
Just to make it clear, we unfortunatly don't get to choose what ads gets displayed. What we do, is sign with an advertiser to show his ads, and in this case, it seems AdTegrity, was posting virus contained ads.
The servers here are pretty safe and it's not on A-Source side that the problem resides. STill, please let us know if the situation doesn't improve. |
|
| Back to top |
|
 |
JinJo Conscript

Joined: Sep 19, 2007 Posts: 119
|
Posted: Mon Mar 10, 2008 2:41 pm Post subject: |
|
|
| I'm still getting this scanner2 malware site. It happens very frequently and I've been getting it for the past couple of months. Sometimes it even crashes my browser so I'm getting to the point where I just won't visit this site anymore. |
|
| Back to top |
|
 |
Kricket newbie!

Joined: Mar 25, 2008 Posts: 1
|
Posted: Tue Mar 25, 2008 9:19 pm Post subject: |
|
|
still poppin up, avast! has been doin a good job stoppin it tho.
3/25/2008 7:06:07 PM
Sign of "Win32:Gida [Trj]" has been found in "http://thetechnorati.com/swf/gnida.swf?campaign=mebiennial&u=1201780750" file. |
|
| Back to top |
|
 |
legioxxiv newbie!

Joined: Mar 07, 2008 Posts: 2
|
Posted: Wed Mar 26, 2008 7:32 pm Post subject: |
|
|
| Was fine for about a week I think. Now the pop-ups are back. Its really annoying in the way it hijacks the browser. Please try and fix this problem. |
|
| Back to top |
|
 |
Kaiser A-Source Admin


Joined: Aug 04, 2002 Posts: 4555 Location: Canada
|
Posted: Thu Mar 27, 2008 2:31 am Post subject: |
|
|
Ok, Keep us informed if you guys still keep getting the popup.
I made another few changes to the coding and advertisers _________________
 |
|
| Back to top |
|
 |
dargondarkfire newbie!

Joined: Jun 18, 2005 Posts: 27
|
Posted: Thu Mar 27, 2008 4:57 am Post subject: |
|
|
finally found my login name and password.
the add popups, hijacks, and even viruses i have had happen several times while visiting this site on any page, however i started using fire fox and running AD+ add on and haven't had problems.
some tips since you keep having that your computer is weak message come up or the run our free scan program now thing.
don't click it, don't close it do not touch it! clicking ok, cancel, or the close out x button will download the virus, spyware, addware, or trojan.
what you want to do is use ctrl+alt+delete and shut the popup down from there.
and still you should run a add scan afterwards just to be safe.
also if you get spybot make sure the active add scanner is on at all times, it will not only stop allot of adware from getting into your computer but it will also notify you when web site or add programs in sites try making registry changes and allow you to stop the change. your might want to turn this off when you isntall a new game or progam for your printer or ect that your want as it will want to know if you want to let these programs make registry changes and you may make the programs act funky if the registry changes are not made.
also a note on these hijack windows they have little tricks, they have hidden program bars most often so they look like they are part of the internet program, however if you watch there is actual a very very small internet window in either the lower right, lower left, upper left, and sometimes the upper right corner of the screen, allot of the time these are only viewable if the hijack shrunk down your internet window/s, otherwise they hide behind the currently open internet window
you can kill the problem somewhat if you switch to fire fox, but adding security add ons and programs will cut it back even more. |
|
| Back to top |
|
 |
Kaiser A-Source Admin


Joined: Aug 04, 2002 Posts: 4555 Location: Canada
|
Posted: Sun Mar 30, 2008 5:19 pm Post subject: |
|
|
So no more reports of popups anyone? _________________
 |
|
| Back to top |
|
 |
|