• We had an issue with background services between march 10th and 15th or there about. This meant the payment services were not linking to automatic upgrades. If you paid for premium membership and are still seeing ads please let me know and the email you used against PayPal and I cam manually verify and upgrade your account.
Nothing is ever 100% but it's the closest I have seen to it for browsing purposes and reduces the amount of times I have to fix my folks or friends computers.

But I agree most "freeware/shareware" programs are full of crap it is just how much crap are you willing to live with.
 
Technical Coach said:
Nothing is ever 100% but it's the closest I have seen to it for browsing purposes and reduces the amount of times I have to fix my folks or friends computers.

But I agree most "freeware/shareware" programs are full of crap it is just how much crap are you willing to live with.

My work mac is pretty safe, for a start these issues don't plague *nix based systems as much. Second I am very careful about what I put on the computer as well.
 
Mate I just had this same thing happen on work PC. I can 100% guarantee that I cannot download anything on my work PC without IT getting involved. Once again it seems coincidental that it happens on my laptop and work PC and only whilst browsing Silvertails.

Are you sure it is not something that is triggered whilst browsing on Silvertails ?? It is the only time it happens for me. Might be worth a thought.

I use Mozilla on both for browsing. I could use IE or Chrome on one or other unit to see if that has any effect on re-occurrence.

edit - @Dan tag added
 
I've taken every bit of code apart that could be triggered during those events and there is nothing there. These sorts of things are browser hijackers you don't need to download anything to get them they can attach themselves as a browser extension from browsing. I'll run through the checks again however
 
Chip and Chase said:
Mate I just had this same thing happen on work PC. I can 100% guarantee that I cannot download anything on my work PC without IT getting involved. Once again it seems coincidental that it happens on my laptop and work PC and only whilst browsing Silvertails.

Are you sure it is not something that is triggered whilst browsing on Silvertails ?? It is the only time it happens for me. Might be worth a thought.

I use Mozilla on both for browsing. I could use IE or Chrome on one or other unit to see if that has any effect on re-occurrence.

edit - @Dan tag added

See above post

These things get in as browser extensions usually and can come in via a file in email, spam emails or browsing very malicious sites, however the code that causes these is easily identifiable if it is on the actual forums.

Whilst 3 people have reported it so far, that is 3 from a total of over 10,000 that have visited the site in the last week. The biggest clue that these don't come from a website is that ad blockers don't always block them. This is a browser based virus/issue.

I have completed a maldet scan on the server side and had securi scan the site and not come up with anything
 
I'm not trying to be accusatorial I'm just interested as to why it only happens when I'm browsing Silvertails ?? I do get it blocked occassionally by our ad blocker or whatever you want to call it. I don't ever recall clicking "OK" to allow the redirect when blocked, but I may have.

Put it this way, do I need to worry about it ? Should I tell our IT guys ? I don't want it to be the end of my Silvertails browsing at work.
 
Chip and Chase said:
I'm not trying to be accusatorial I'm just interested as to why it only happens when I'm browsing Silvertails ?? I do get it blocked occassionally by our ad blocker or whatever you want to call it. I don't ever recall clicking "OK" to allow the redirect when blocked, but I may have.

Put it this way, do I need to worry about it ? Should I tell our IT guys ? I don't want it to be the end of my Silvertails browsing at work.

Yes please tell your IT guys, this is a browser based issue.

The way that these viruses work is that they monitor your behavior and tie to what they believe would make themselves look as natural as possible and therefore look like they are coming from a website.

Today I replaced the main JS files with fresh copies.

If you view the right click and view the source of the page that launches the popup (the silvertails page) and save the source to a txt file and send it to me, that would be good as I can identify where any code may be, being inserted
 
OK, I'll see what I can do next time it happens. Thanks for your patience on this, I know it must be frustrating dealing with luddites like us.
 
LOL. Just happened when I was replying to a thread then. I have saved text file and emailed it to you Dan. Hopefully I did all that part of it OK.

By the way I can't right click on the redirect page as it has a little pop up box which requires me to click OK to proceed, which obviously I don't wish to do.

I can save the page address if that is any help to you.
 
Just checked through the HTML output you sent me and there is nothing in there to cause any popups, this is 100% your computer side
 
I have had no pop ups for the last week I'm sure it was from my side, no idea how the browser extension latched on considering I am overly cautious with my browsing habits.

I think it was from one of the free dictionary thesaurus sites I used in a mad rush 2 weeks ago---silly me thought an "educational" site would be clean lol.

Deleting Mozilla and reinstalling does not help, I deleted basically all Mozilla references in regedit and I ran some malware software that found some extension in AppData Roaming downloads I think. Once I deleted all these temp files which was actually quite large everything has been fine.

Done a local and offline scan plus a Hijackthis report and seems clean so heres hoping.

Might just purchase an SSD and do a new install anyway.(I need an excuse to buy something new again)
 
What malware software did you use TC ? I have tried Malwarebytes but it found nothing. I have a pop up blocker which kicks in everytime, but it basically means I have to close ST everytime it happens, which is often.
 
Basically these things latch into the transient directories like roaming and appdata, this is why they survive a fresh install and latch onto multiple browsers. Just in case it was ST I replaced all non custom code with fresh ones from the source site and re-uploaded my own custom code from my test sandbox.

I also cleaned the server side Linux source distributions that I could.

Essentially if it is being caused by silvertails it's at such a low level of our server source as to be nearly impossible to find, but if it was it would also be present in the html source of a page.

C&C sent me his html page source in the week and everything was as expected. I still sent my obstructed js code on the source through some scanners and decoding and everything was fine.

To Fix this you are going to need to clean out the temp files that are infected
 
Chip and Chase said:
What malware software did you use TC ? I have tried Malwarebytes but it found nothing. I have a pop up blocker which kicks in everytime, but it basically means I have to close ST everytime it happens, which is often.

Damn will have to chase that program again, when I did a system restore it deleted the program.

The program actually did not work some kind of bug so I could not use it to delete the extensions but it found the locations where they were.

Will look it up again sorry about that.


Chip and Chase said:
What malware software did you use TC ? I have tried Malwarebytes but it found nothing. I have a pop up blocker which kicks in everytime, but it basically means I have to close ST everytime it happens, which is often.

The program was AdwCleaner it will find the extensions under the Mozilla tab after running the program---for some reason I could not click and choose to delete seemed to be some coding bug in the program.

All the other programs I used did not find any traces including Malwarebytes(but I later found out I was using an old version so that might have been the case)
 
Ok I gave that thing a go and it found a couple of things. I also removed and reinstalled Firefox. Now I can't even get to the silvertails site as our protection system (webroot secure anywhere) blocks it as a malicious content site. Lists a website address ad.amgdgt.com as containing malicious content, known threat and has been blocked. Don't even get a chance to log in. I don't want to hit "allow" in case I go back to square one. This is the same message I was getting before randomly but not always, sometimes I would just get that pop up / redirect to the " survey" web page.

Is it safe to allow ?

Btw am posting this from iPad
 
Chip and Chase said:
Ok I gave that thing a go and it found a couple of things. I also removed and reinstalled Firefox. Now I can't even get to the silvertails site as our protection system (webroot secure anywhere) blocks it as a malicious content site. Lists a website address ad.amgdgt.com as containing malicious content, known threat and has been blocked. Don't even get a chance to log in. I don't want to hit "allow" in case I go back to square one. This is the same message I was getting before randomly but not always, sometimes I would just get that pop up / redirect to the " survey" web page.

Is it safe to allow ?

Btw am posting this from iPad

lol ad.amgdgt.com is the google adverts and the other adverts certainly not malicious and definitely ok to allow.

Also Google is constantly indexing and checking our site. You can see it's results for malicious software scanning which it does every few days/weeks

http://www.google.com/safebrowsing/diagnostic?site=www.silvertails.net
 
Thanks mate. Just wanted to be sure, half this $hit is Greek to me.
 
@Dan

Just reinstalled Adobe Flash Player(to watch videos from the MWSE site) and this seems either the trigger or part of the problem(flash related on Mozilla) as the pop ups came back the next visit to Silvertails.

Uninstalled and the problem goes away.


While using adwcleaner i don't have the option to tick removal for each extension so i assume it is the default setting so i hit clean but it never cleans the two issues it finds.

Manually i can delete both issues, a rescan shows the issue is gone after deleting manually.

Here are the two issues it finds in Mozilla and they only reappeared after reinstalling Adobe Flash Player.

C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\9sto0jkt.default\prefs.js ]

C:\Users\Surfing Account\AppData\Roaming\Mozilla\Firefox\Profiles\0y34eycj.default-1403254580958\prefs.js ]

"Surfing account" is the guest account and "Me" is administrator---- i do not surf the web using the Admin "Me" account so the entry in this area only occurred after allowing Admin rights while installing Adobe Flash Player.
 
Team P W L PD Pts
3 3 0 48 6
4 3 1 28 6
3 2 1 10 6
4 2 2 39 4
3 2 1 28 4
3 2 1 15 4
3 2 1 14 4
2 1 1 13 4
2 1 1 6 4
3 2 1 -3 4
3 1 2 0 2
3 1 2 -5 2
3 1 2 -15 2
3 1 2 -22 2
3 1 2 -36 2
2 0 2 -56 2
3 0 3 -64 0
Back
Top Bottom