Dangerous Ads on Top Banner

[Jake Command Wolf]

I've been getting quite a few alerts from my Avast! Antivirus related to a banner that appears at the top of the Page.

From what the report says its a Trojan downloader called JS-Downloader, or something to that effect, that tries to infect your computer when the add loads after a page loads.

Thankfully my Avast! blocked it, and has more then once, I average about 2-3 scares a day from whatever this while causally surfing the Hive, and this is cause for quite a bit of concern.

And I know the very first thing everyone is going to post is: "Anti-virus are prone to false positives, your overreacting...".

I’m more than aware that anti-virus are prone to false positives as is there nature to be “overlay alert” but I really think this maybe more serious then that as this is happening far to often to be a false positive and on top of that ads are not suppose to try and download anything to my computer even cookies as I have my pop-up blocker set to not except cookies from any third party sites.

So I'd like to ask if Ralle or another high ranking admin could look at this and see if some of these ads are not safe and could be infecting the computers of many Hive members.

I'd also recommend that every Hive member have some kind of anti-virus running at all times, when surfing any site anywhere, like I said I personally use Avast! Antivirus, which is free to download from their own site or Cnet.com and has yet to let me down in guarding me on the net.

If need be I can also provide more precise information about this Trojan that keeps popping up since Avast! stores data regarding anything that tries to attack me.

This information might help Admins solve this before it becomes a serious problem.

Regards, (because I know how much anarchianbedlam hates it when I do this *troll face*)

Jake

 

[The General]

hmmm at sponsored ads my computer gives a virus alert when a curtain ad comes on but my computer is prepared for a virus

 

[Jake Command Wolf]

hmmm at sponsored ads my computer gives a virus alert when a curtain ad comes on but my computer is prepared for a virus

It's good that you are prepared but viruses and the ads that infect people are better dealt with before they become a problem, not after when there is little else to due but clean up the mess left from a viruses wake.

As someone who has had to format his computer twice because of virus, I should know.

Regards,

Jake

 

[The General]

my last computer was completely unusable because of a miserable virus

 

[Arcisal]

I've no problems whatsoever. Is it one type of ad? Or several? Maybe there is something in your computer.

 

[Jake Command Wolf]

I've no problems whatsoever. Is it one type of ad? Or several? Maybe there is something in your computer.

No its nothing on my computer, Avast! says its one of the ads that appear above the page, its laced with a trojan downloader of some kind.

All I know is it trys to get on my computer when the loads, but Avast! blocks it before it can. Some adds are just coming up white now, I think they are the trojan ads my Avast! has blocked.

Maybe Avast is making a false postive, you never know, but I'd rather be safe then sorry. And I have been sorry, more times then I care to remeber.

Regards,

Jake

 

[EloTheMan]

Do you know which ad it reacted to? (ex a company or something)
I got avast myself and it has not reacted to anything on the Hive so far.

I don't know if Hive uses regional ads which means they are adapted to your country and so but if we both have the same ads it was probably just a false alarm.

 

[Jake Command Wolf]

Heres the log from my Advast Script Shield, showing where and what attacked me;

Log

As you can see its been the same trojan five times for five different addresses. Hopefull the admin can use this info to do something about the ads altogeather.

EDIT: I've updated the screenshot to show the sites full addresses and while i was doing that Avast! blocked the same trojan again, for a total of 6 times.

Regards,

Jake

 

[The General]

i use adblocker from firefox to block both viruses and ads

 

[.mitsuki]

lol... I've got it too a while ago, then now also... here's a screenie.

 

[MasterHaosis]

As someone who has had to format his computer twice because of virus, I should know.

Ahahaha, I do not even remember how many times I had to format computer and reinstall windows because of those shits around in past.
Well, last two years I did not reinstall Windows, but in past due to viruses I think I did that over 10 times

 

[Rui]

I have no permissions over that, so, can't help you.

 

[Jake Command Wolf]

I have no permissions over that, so, can't help you.

So your suggesting I should take this up with Ralle then? Since hes the site owner and all I'm guessing hes the one to make a call on this.

And @.mitsuki - Win32 trojan was the reason I had to format at least one of those times, so I know all about the horror that little thing can cause, good Avast! caught it, make sure to delete it from your Virus Chest if you already haven't.

Regards,

Jake

 

[Squiggy]

i use adblocker from firefox to block both viruses and ads

^this
Aside from the fact that adblock doesn't block viruses...

 

[MGCǂSpectre]

I use AVG IS 2011 and I dont detect anything maybe cause I dont click on anything. I keep my system clean all the time. Basically any anti-virus works like that:

They can prevent you from being infected by moving the problematic file or rootkit to the vault but not if you got it on your system files.

Programs are made to protect you from catching a virus, whether by blocking some online threat or an infected file you click on your PC. BUT should you let the virus reach and infect your SYSTEM32\ folder and the files there like svhost.exe, no program has a magic wand to fix it.

Some programs like AVG,Kaspersky and some others would not want to move to vault infected system32\ infected files. If by any chance you do, well then move the system files and wonder why windows doesnt work anymore. So in other words - always check what you download, where you click and dont let viruses reach your system files.

Also with the 'super duper ultimate protection' that software uses today is likely to call spammy Ads 'Trojan' when they are just a pathetic 'Open 10 tabs of ads' executable i,e just harmless but spamful

 

[Kwah]

^this
Aside from the fact that adblock doesn't block viruses...

Noscript is a beautiful thing.

 

[Ralle]

Hello guys

This is not good.

I need your help finding the bad ad.

Please open these pages and refresh them until something comes up:
http://www.hiveworkshop.com/ads_fallback.php?channel=news_right_box
http://www.hiveworkshop.com/ads.php?channel=bottom_leaderboard

Then paste the source code of the page. Then I can see which ad company has the bad advertisement.

I am sorry that this is occuring to you.

 

[.mitsuki]

I think it appears twice a week. I'll try to get the code if I receive the warning message.

 

[Talavaj]

Avast ? the pro software that detects even your own files and bitmap editors as potentially malicious ?

just because it keeps showing the same infection all the time it doesn't mean its real
especially if it shows only on avast

146.185.246.160 is a known malicious site
dd.exe is Trojan.Win32.Malware however that makes no justice as you have open facebook at the same time..

jsownloader-gen@bhv [Expl] is popular for being false positive
however
connection to following is being blocked by MBAM:
195.216.243.18, UK server, hosting variety of .ru websites
this appears only on the news site nowhere else and I dont think its an ad
but then.. MBAM is rather radical in IP blocking

 

[Jake Command Wolf]

Ralle if I recall right "AdChoices" was the one who sponsored the bad ads, as even though the ad became blank because of my Avast! blocking it the "AdChoices" logo was still on the top right corner of the panel itself.

Also check my post on the first page with the screenshot of my Avast's script shield log, you can also find it on my profile in my Random Images folder.

 

[PsycoMarauder]

...Wow. I've been dealing with a virus for two weeks now. I thought I got rid of it 2 weeks ago but it came back. AVG shows soemthing similar to the screenie posted by the guy on the first page. I cant get this damn virus off my computer either, although I've removed some of it. Malwarebits, online scans, AVG, TSDKiller, SpyDoctor, and many others and STILL the virus exists. Some programs will detect a virus but they can't delete it because its in use. Ads all over and there used to be a fake spyware alert program but I seemed to have beaten that.

 

[.mitsuki]

Lol, that virus affected my internet. looks like a hack or something. sometimes my internet won't connect.

 

[Tleno]

Well, the one who had bad ads earlier was bidvertiser. firstly some malicious, then some... adulty stuff.

Ralle, why can't we just roll back to good old Tribalfusion which's ads don't slow site or contain anything evil?

 

[PsycoMarauder]

Ralle profetz off malicious advertising>

 

[Jaret]

Thank God, I don't have ads (And i am not using an Adblocker.). The only ad i have is:
"Advertise on Hive
Powered By adBrite".

 

[Arcisal]

Is this of any use?

Screenshot

I just saw it on the bottom left of my Google Chrome page then I remembered this thread. Thought it may or may not be useful but what the heck.

 

[Ralle]

Guys.
If you are running reasonable browsers, these things cannot affect you.
If you however is running any version of Internet Explorer I can't say..

Anyway. I am using tribalfusion. But they can only serve ads 20% of the time so I am trying to find fallbacks.

@Arcisal: thanks but not useful.

Also. If you have a virus, it is most likely not hive's fault.
I have been using this site since I made it and have never had a problem.
Viruses are most likely because you have installed something malicious in the first place.

I will however try to get rid of the possible malicious ad. But I have not received any useful information yet.

 

[MGCǂSpectre]

Same I was trying to say. I do not have viruses, I do not detect anything on the site and I do not click the ads.

 

[Jake Command Wolf]

I will however try to get rid of the possible malicious ad. But I have not received any useful information yet.

Really Ralle? Not to sound rude but how is my screenshot showing the exact address each attack came from not useful?

 

[Ironside]

Just like Ralle said, if you guys are using reasonable browsers then tricks like JS malicious downloaders won't work.
If it was an exploit pack or a driveby then it was a different story, although I doubt any of you would fall for something so "cheap".

@Wolf I think he missed your screenshot, as that log should provide everything he needs.

 

[Cihparg]

I have Avast 6.0.1289 with virus definition version 111202-0, and I am not getting any alerts around Hive.
As this mainly seems to be a Avast problem, try updating it completely in "Update engine and virus definitions" and "Update Program".

 

[Jake Command Wolf]

@Wolf I think he missed your screenshot, as that log should provide everything he needs.

Oh, I apologize for my above comment then.

And I wasn't JSDownloader was such a weaksauce trojan, or I would have payed it less heed. Regardless even a small nusaince of a trojan like this could open the door for much, much worse to get in, trust me I should know.

 

[Ironside]

I know it could, but that wouldn't even be a JS downloader and it also wouldn't be detected by AVs if it was any good.

 

[Rui]

...Wow. I've been dealing with a virus for two weeks now. I thought I got rid of it 2 weeks ago but it came back. AVG shows soemthing similar to the screenie posted by the guy on the first page. I cant get this damn virus off my computer either, although I've removed some of it. Malwarebits, online scans, AVG, TSDKiller, SpyDoctor, and many others and STILL the virus exists. Some programs will detect a virus but they can't delete it because its in use. Ads all over and there used to be a fake spyware alert program but I seemed to have beaten that.

If the program that the virus has infected is in use, then it could be something important. Either way, maybe you can shut down the process if you know which one it is? If you do, go the Task Manager (CTRL+ALT+Delete), click the Processes tab, find the process and end it.
That or save the location of the files, then log into safe mode and remove them, though if they're in some windows-related files this might screw up your computer. In this case, perhaps you should just reformat for good.

 

[Ironside]

Most viruses will reopen themselves when they are killed. It's either safemode or another method. Came up with a good one myself.

 

[Jake Command Wolf]

Yeah I had a rootkit on my computer that hogged memory for no reason whenever I was on the net, ending the process via the Task Manager only stopped it for 30 seconds, then it just came back online.

Also this thread isn't about my computer being infected, its fine, I just want this poential thread dealt with in one form or another before someone with out anti-virus gets nailed by something bad.

 

[Ralle]

A rootkit is not a process on the system.

The screenshot is not useful because ad companies have 100s of ads. I will have to know which ad company served the ad, not which ad it is.

 

[Dr Super Good]

The adds are also localized to some degree. Meaning that it might only occur to people in a certain region.

 

[Rui]

What DSG said.