TechSpot

Bad website ads?

Inactive
By Wendig0
Apr 1, 2010
  1. I've noticed within the last month, that certain websites I frequent to amuse myself, such as ebaumsworld.com and playlist.com, randomly forward me to
    removed link of hijack site, which tells me my computer is infected with malware and viruses. Now, I'm not stupid enough to click anywhere on that webpage. I've been in IT for years now, and anytime I see a popup site like that I close IE or Firefox (it happens to both) through windows task manager. (I should also mention that my workstation isn't the only one affected this way. I set up 3 other workstations from scratch, and set these websites to the home page of all 3 - same results)

    I also go through the virus/malware removal steps listed here anytime that happens as well. I have Avast Professional installed on my system, and it is very good at detecting/thwarting threats to my system, though none are ever found with malwarebytes, cc cleaner, super antispyware, adaware or avast other than cookies which I remove regularly. I know my systems are clean.

    Since these are the only websites that are affected (that I have found), I've come to the conclusion that these sites have been hijacked with malicious advertisements. I contacted the admins of both sites and they did find malicious ads on the site. They notified me that they promptly removed them. I cleared the browsing histories, cookies, cache, and all the other temp files from my browsers, then ran the test again. All 4 computers were fine for about 4 days, then on the following day the problems reappeared.

    I advise anyone that visits these sites to use caution. Don't be a victim if a random website tells you that viruses and other malware is found on your system, it's a lie. Right click on your task bar, open task manager, and close your browser.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,156   +264

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I think I can clear this up for you- and anyone else who reads it.

    First, I am removing the hyperlink for the site you left. Leaving a link to a sit that you have found to be 'bad' is not advisable. Someone might click on that site.

    Second, you may have encountered malicious ads- they're all over. But there are browser settings that can block the sites, the ads and the Cookies.

    Third, the site you left belongs to one in the Netherlands that we frequently see in a DNS Changer malware infection:
    inetnum: 85.12.44.128 - 85.12.44.255
    netname: XS-24
    descr: XS-24 international ltd
    country: nl
    So your search is hijacked to go to that site. It can be fixed and can usually be seen in running Malwarebytes and/or HijackThis.

    If you would like help[ in correcting this, please follow the steps in out Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the 3 logs for review and I'll help you remove the hijacker and hopefully prevent it in the future. The logs should confirm what I suspect. I'll have you remove the entries, do a DNS flush and reset your router. Most likely they will also turn up other malware entries.

    What you don't realize is that by the time you see the pop-up advising you of malware, it will already be on the system.

    Your call.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.