Technical Coach
Bencher
Hmm lost me on that one, if you browse in a sandbox the malware you pick up is deleted on closing and does not make any permanent changes.
Pop Up Problem
- Thread starter Technical Coach
- Start date
Technical Coach
Bencher
Nothing is ever 100% but it's the closest I have seen to it for browsing purposes and reduces the amount of times I have to fix my folks or friends computers.
But I agree most "freeware/shareware" programs are full of crap it is just how much crap are you willing to live with.
But I agree most "freeware/shareware" programs are full of crap it is just how much crap are you willing to live with.
Mate I just had this same thing happen on work PC. I can 100% guarantee that I cannot download anything on my work PC without IT getting involved. Once again it seems coincidental that it happens on my laptop and work PC and only whilst browsing Silvertails.
Are you sure it is not something that is triggered whilst browsing on Silvertails ?? It is the only time it happens for me. Might be worth a thought.
I use Mozilla on both for browsing. I could use IE or Chrome on one or other unit to see if that has any effect on re-occurrence.
edit - @Dan tag added
Are you sure it is not something that is triggered whilst browsing on Silvertails ?? It is the only time it happens for me. Might be worth a thought.
I use Mozilla on both for browsing. I could use IE or Chrome on one or other unit to see if that has any effect on re-occurrence.
edit - @Dan tag added
I've taken every bit of code apart that could be triggered during those events and there is nothing there. These sorts of things are browser hijackers you don't need to download anything to get them they can attach themselves as a browser extension from browsing. I'll run through the checks again however
Chip and Chase said:
See above post
These things get in as browser extensions usually and can come in via a file in email, spam emails or browsing very malicious sites, however the code that causes these is easily identifiable if it is on the actual forums.
Whilst 3 people have reported it so far, that is 3 from a total of over 10,000 that have visited the site in the last week. The biggest clue that these don't come from a website is that ad blockers don't always block them. This is a browser based virus/issue.
I have completed a maldet scan on the server side and had securi scan the site and not come up with anything
I'm not trying to be accusatorial I'm just interested as to why it only happens when I'm browsing Silvertails ?? I do get it blocked occassionally by our ad blocker or whatever you want to call it. I don't ever recall clicking "OK" to allow the redirect when blocked, but I may have.
Put it this way, do I need to worry about it ? Should I tell our IT guys ? I don't want it to be the end of my Silvertails browsing at work.
Put it this way, do I need to worry about it ? Should I tell our IT guys ? I don't want it to be the end of my Silvertails browsing at work.
Chip and Chase said:
Yes please tell your IT guys, this is a browser based issue.
The way that these viruses work is that they monitor your behavior and tie to what they believe would make themselves look as natural as possible and therefore look like they are coming from a website.
Today I replaced the main JS files with fresh copies.
If you view the right click and view the source of the page that launches the popup (the silvertails page) and save the source to a txt file and send it to me, that would be good as I can identify where any code may be, being inserted
OK, I'll see what I can do next time it happens. Thanks for your patience on this, I know it must be frustrating dealing with luddites like us.
LOL. Just happened when I was replying to a thread then. I have saved text file and emailed it to you Dan. Hopefully I did all that part of it OK.
By the way I can't right click on the redirect page as it has a little pop up box which requires me to click OK to proceed, which obviously I don't wish to do.
I can save the page address if that is any help to you.
By the way I can't right click on the redirect page as it has a little pop up box which requires me to click OK to proceed, which obviously I don't wish to do.
I can save the page address if that is any help to you.
Technical Coach
Bencher
I have had no pop ups for the last week I'm sure it was from my side, no idea how the browser extension latched on considering I am overly cautious with my browsing habits.
I think it was from one of the free dictionary thesaurus sites I used in a mad rush 2 weeks ago---silly me thought an "educational" site would be clean lol.
Deleting Mozilla and reinstalling does not help, I deleted basically all Mozilla references in regedit and I ran some malware software that found some extension in AppData Roaming downloads I think. Once I deleted all these temp files which was actually quite large everything has been fine.
Done a local and offline scan plus a Hijackthis report and seems clean so heres hoping.
Might just purchase an SSD and do a new install anyway.(I need an excuse to buy something new again)
I think it was from one of the free dictionary thesaurus sites I used in a mad rush 2 weeks ago---silly me thought an "educational" site would be clean lol.
Deleting Mozilla and reinstalling does not help, I deleted basically all Mozilla references in regedit and I ran some malware software that found some extension in AppData Roaming downloads I think. Once I deleted all these temp files which was actually quite large everything has been fine.
Done a local and offline scan plus a Hijackthis report and seems clean so heres hoping.
Might just purchase an SSD and do a new install anyway.(I need an excuse to buy something new again)
What malware software did you use TC ? I have tried Malwarebytes but it found nothing. I have a pop up blocker which kicks in everytime, but it basically means I have to close ST everytime it happens, which is often.
Basically these things latch into the transient directories like roaming and appdata, this is why they survive a fresh install and latch onto multiple browsers. Just in case it was ST I replaced all non custom code with fresh ones from the source site and re-uploaded my own custom code from my test sandbox.
I also cleaned the server side Linux source distributions that I could.
Essentially if it is being caused by silvertails it's at such a low level of our server source as to be nearly impossible to find, but if it was it would also be present in the html source of a page.
C&C sent me his html page source in the week and everything was as expected. I still sent my obstructed js code on the source through some scanners and decoding and everything was fine.
To Fix this you are going to need to clean out the temp files that are infected
I also cleaned the server side Linux source distributions that I could.
Essentially if it is being caused by silvertails it's at such a low level of our server source as to be nearly impossible to find, but if it was it would also be present in the html source of a page.
C&C sent me his html page source in the week and everything was as expected. I still sent my obstructed js code on the source through some scanners and decoding and everything was fine.
To Fix this you are going to need to clean out the temp files that are infected
Technical Coach
Bencher
Chip and Chase said:
Damn will have to chase that program again, when I did a system restore it deleted the program.
The program actually did not work some kind of bug so I could not use it to delete the extensions but it found the locations where they were.
Will look it up again sorry about that.
Chip and Chase said:
The program was AdwCleaner it will find the extensions under the Mozilla tab after running the program---for some reason I could not click and choose to delete seemed to be some coding bug in the program.
All the other programs I used did not find any traces including Malwarebytes(but I later found out I was using an old version so that might have been the case)
Ok I gave that thing a go and it found a couple of things. I also removed and reinstalled Firefox. Now I can't even get to the silvertails site as our protection system (webroot secure anywhere) blocks it as a malicious content site. Lists a website address ad.amgdgt.com as containing malicious content, known threat and has been blocked. Don't even get a chance to log in. I don't want to hit "allow" in case I go back to square one. This is the same message I was getting before randomly but not always, sometimes I would just get that pop up / redirect to the " survey" web page.
Is it safe to allow ?
Btw am posting this from iPad
Is it safe to allow ?
Btw am posting this from iPad
Chip and Chase said:
lol ad.amgdgt.com is the google adverts and the other adverts certainly not malicious and definitely ok to allow.
Also Google is constantly indexing and checking our site. You can see it's results for malicious software scanning which it does every few days/weeks
http://www.google.com/safebrowsing/diagnostic?site=www.silvertails.net
Thanks mate. Just wanted to be sure, half this $hit is Greek to me.
Technical Coach
Bencher
@Dan
Just reinstalled Adobe Flash Player(to watch videos from the MWSE site) and this seems either the trigger or part of the problem(flash related on Mozilla) as the pop ups came back the next visit to Silvertails.
Uninstalled and the problem goes away.
While using adwcleaner i don't have the option to tick removal for each extension so i assume it is the default setting so i hit clean but it never cleans the two issues it finds.
Manually i can delete both issues, a rescan shows the issue is gone after deleting manually.
Here are the two issues it finds in Mozilla and they only reappeared after reinstalling Adobe Flash Player.
C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\9sto0jkt.default\prefs.js ]
C:\Users\Surfing Account\AppData\Roaming\Mozilla\Firefox\Profiles\0y34eycj.default-1403254580958\prefs.js ]
"Surfing account" is the guest account and "Me" is administrator---- i do not surf the web using the Admin "Me" account so the entry in this area only occurred after allowing Admin rights while installing Adobe Flash Player.
Just reinstalled Adobe Flash Player(to watch videos from the MWSE site) and this seems either the trigger or part of the problem(flash related on Mozilla) as the pop ups came back the next visit to Silvertails.
Uninstalled and the problem goes away.
While using adwcleaner i don't have the option to tick removal for each extension so i assume it is the default setting so i hit clean but it never cleans the two issues it finds.
Manually i can delete both issues, a rescan shows the issue is gone after deleting manually.
Here are the two issues it finds in Mozilla and they only reappeared after reinstalling Adobe Flash Player.
C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\9sto0jkt.default\prefs.js ]
C:\Users\Surfing Account\AppData\Roaming\Mozilla\Firefox\Profiles\0y34eycj.default-1403254580958\prefs.js ]
"Surfing account" is the guest account and "Me" is administrator---- i do not surf the web using the Admin "Me" account so the entry in this area only occurred after allowing Admin rights while installing Adobe Flash Player.
Users who are viewing this thread
Latest posts
| Team | P | W | L | PD | Pts |
|---|---|---|---|---|---|
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
|
0 | 0 | 0 | 0 | 0 |
