The Briefing Room
General Category => Science, Technology and Knowledge => Computers => Topic started by: 240B on April 27, 2018, 02:25:14 pm
-
I cannot verify this because it is only a witness of one, me. But for the last week whenever I visited DM weird stuff happened.
In the first case, when I closed out I found something like 5 pop-unders under my browser, Chome. And they all had the same theme, "You have been infected with XYZ virus. You must download ACMEVirusFixer.exe IMMEDIATELY!" Ok, I guess. No big deal. I've seen that before. So, I rebooted.
Then again the next day, the DailyMail site went away and was replace by a site saying, "You have at least 7 viruses on your system! You MUST download XYZvirusfixer NOW! Or call 1 8-- 7787980." Again, I rebooted and all was well. I checked my own antivirus software. It had just run a scan and found nothing.
Yesterday, it got much more aggressive. Again the site supplanted DailyMail and it was one of big font flashing red background things that most of us have probably have seen. It was basically the same theme with a twist. This one said that my computer system has been 33% corrupted by RansomWare!!! Do not close this browser! Do not restart your computer! This particular scam was selling PCRepairTool.exe. So they did a change-up. They were not selling fake antivirus stuff anymore (which is likely a virus itself). Now they were telling me that my computer was severely damaged and they were going to fix it. You know, for a modest fee, of course.
So left the browser as it was. Ran a full-scan with my antivirus tool. It found zero viruses detected. All of these incidents happened only on the DailyMail site. I must look at 20 or more sites a day. And the only single one that pulled these obvious scams was DailyMail/dailymail.co.uk.
Yea. That was it for me. Even though I could easily tell these were amature scams from the 1990s and were benign, still it pissed me off. Deleted DailyMail from from my bookmarks and will try again in month or two when they get their shit together. Either DailyMail's server has been corrupted by somebody from Nigeria, or DailyMail is doing this themselves. Either way, I'm gone.
-
Hmmm I was just there and I go there several times a day and haven't seen anything like this...very odd.
-
Hmmm I was just there and I go there several times a day and haven't seen anything like this...very odd.
@mystery-ak
That's what I thought. I don't know? I can't figure why it would pick me? Well, good luck to you Myst. But for whatever reason I can't go there for the time being.
I wonder if it is a system configuration issue with my Windows, or maybe a browser configuration setup triggers it. I was very consistent. Like you I go there all the time. I enjoy the site. For two years, no problem. For the last couple of weeks, not quite, but almost every visit it would happen. It just started.
There is not a thing wrong with my computer. My firewalls, and my antivirus are fully engaged.
But thanks for your response. The reason I posted was to find out if this was just me, or if it was everyone.
I'll reboot my router next. Maybe someone got in there. But why only one very specific site? Confused?
What is going on?
-
@mystery-ak
Are you using Windows 10 with Chrome?
-
@mystery-ak
That's what I thought. I don't know? I can't figure why it would pick me? Well, good luck to you Myst. But for whatever reason I can't go there for the time being.
I wonder if it is a system configuration issue with my Windows, or maybe a browser configuration setup triggers it. I was very consistent. Like you I go there all the time. I enjoy the site. For two years, no problem. For the last couple of weeks, not quite, but almost every visit it would happen. It just started.
There is not a thing wrong with my computer. My firewalls, and my antivirus are fully engaged.
But thanks for your response. The reason I posted was to find out if this was just me, or if it was everyone.
I'll reboot my router next. Maybe someone got in there. But why only one very specific site? Confused?
What is going on?
Wish I could help..maybe some of the computer gurus around here will know..I will keep this bumped so they can see it.
-
@mystery-ak
Are you using Windows 10 with Chrome?
Windows 7 with Firefox....
-
@mystery-ak
Are you using Windows 10 with Chrome?
Extensions are your friend....
I'm currently running all of these in my Chrome and Firefox
uBlock Origin, Ghostery, AdBlock Plus, Privacy Badger.
Can never be too safe
-
I think DailyMail may have a virus
Did the Daily Mail sit too close to the Village Voice and get the HIV?
-
There is not a thing wrong with my computer. My firewalls, and my antivirus are fully engaged.
@240B
That depends entirely upon which AV and FW you are using.It would HIGHLY benefit you to have a standby bug-getter onboard.
DL Emsisoft's EEK (https://www.emsisoft.com/en/software/eek/) set it up on a thumb or leave it in the root of your drive, keep it updated, and use it to check up on your other one.
Run a scan with EEK, and if that comes up empty too, then it may well be a driveby at daily mail. But it could just as easy be a strain of FAKE-AV/FAKE-CRYPTO in your machine.
-
Windows 7 with Firefox....
LOL. Windows 7? That is so Myspace!
Me, I have Vista with Chrome. Both no longer supported. I live dangerously!
-
Extensions are your friend....
I'm currently running all of these in my Chrome and Firefox
uBlock Origin, Ghostery, AdBlock Plus, Privacy Badger.
If she runs those on Windows 7 It will take a week for TBR to load.
-
LOL. Windows 7? That is so Myspace!
Me, I have Vista with Chrome. Both no longer supported. I live dangerously!
I hate change...if it ain't broke don't fix it....btw my internet is very fast.
-
@240B
That depends entirely upon which AV and FW you are using.It would HIGHLY benefit you to have a standby bug-getter onboard.
DL Emsisoft's EEK (https://www.emsisoft.com/en/software/eek/) set it up on a thumb or leave it in the root of your drive, keep it updated, and use it to check up on your other one.
Run a scan with EEK, and if that comes up empty too, then it may well be a driveby at daily mail. But it could just as easy be a strain of FAKE-AV/FAKE-CRYPTO in your machine.
EEK is a top notch tool.
-
@mystery-ak
That's what I thought. I don't know? I can't figure why it would pick me? Well, good luck to you Myst. But for whatever reason I can't go there for the time being.
I wonder if it is a system configuration issue with my Windows, or maybe a browser configuration setup triggers it. I was very consistent. Like you I go there all the time. I enjoy the site. For two years, no problem. For the last couple of weeks, not quite, but almost every visit it would happen. It just started.
There is not a thing wrong with my computer. My firewalls, and my antivirus are fully engaged.
But thanks for your response. The reason I posted was to find out if this was just me, or if it was everyone.
I'll reboot my router next. Maybe someone got in there. But why only one very specific site? Confused?
What is going on?
Sounds like you have a browser hijacker virus. Malwarebytes (free ver) would probably find it. I use that and Microsoft Security Essentials (MSE) and I haven't had a problem. MSE has caught a few critters and removed, but so far so good and DM page load is slow and jerky, but otherwise, it's readable.
-
Extensions are your friend....
I'm currently running all of these in my Chrome and Firefox
uBlock Origin, Ghostery, AdBlock Plus, Privacy Badger.
Can never be too safe
I will do that. Because these things did look so freakin stupid. Like they are some kind AD popup which is posing as a virus popup. Yea. So maybe an adblocker will fix it. Thanks.
-
That's Malware, not a virus. That's why the virus software can't find it. The Malwarebytes suggestion was spot on.
-
Windows 7 with Firefox....
You and my brother would get along fine. He still has a working Tandy-1000. - lol
-
EEK is a top notch tool.
Yep. That and Kaspersky's AVPTool are my main go-to cleaners.
-
That's Malware, not a virus. That's why the virus software can't find it. The Malwarebytes suggestion was spot on.
@Restored
That's good info. But why would only affect one single site?
My AV says that it checks for virus/spyware/and other malicious software.
-
You and my brother would get along fine. He still has a working Tandy-1000. - lol
Hey now.... do I detect a snidely bit of discrimination there? Windows 7 is the best Microsoft has had to offer in decades, IMO. I plan to keep using it as long as humanly (and/or other) possible!
-
Hey now.... do I detect a snidely bit of discrimination there? Windows 7 is the best Microsoft has had to offer in decades, IMO. I plan to keep using it as long as humanly (and/or other) possible!
Not at all. The Tandy is just for fun/novelty. He has a real computer as well.
-
Hey now.... do I detect a snidely bit of discrimination there? Windows 7 is the best Microsoft has had to offer in decades, IMO. I plan to keep using it as long as humanly (and/or other) possible!
888high58888
-
Remember, everyone hated Windows 7 when it came out.
And you have an important update today.
-
Just ran EEK. The result said that I had the cleanest SSD it has ever seen.
Really, it said all clean. So, no malware, no virus, no spyware.
This is all just too hard to believe. Maybe it was just some kind of freak thing. Now, after all this. I want to see it again.
I'm going try DMail again and screenshot if it pops up.
-
Not at all. The Tandy is just for fun/novelty. He has a real computer as well.
Lol! Just pokin at ya.
-
Just ran EEK. The result said that I had the cleanest SSD it has ever seen.
Really, it said all clean. So, no malware, no virus, no spyware.
This is all just too hard to believe. Maybe it was just some kind of freak thing. Now, after all this. I want to see it again.
I'm going try DMail again and screenshot if it pops up.
Ok, just for S&Gs.... download the free version here and run it. See if it comes up with something and let us know.
https://www.malwarebytes.com/ (https://www.malwarebytes.com/)
-
Just ran EEK. The result said that I had the cleanest SSD it has ever seen.
Really, it said all clean. So, no malware, no virus, no spyware.
This is all just too hard to believe. Maybe it was just some kind of freak thing. Now, after all this. I want to see it again.
I'm going try DMail again and screenshot if it pops up.
If you are clean, then take steps against more trouble... one good adblocker and one good script blocker will help tremendously... @guitar4jesus layered approach is bulletproof - but might be a lot to learn... Ad-Block Plus and NoScript is all I use, and would certainly be better than nothing. Likewise Ublock and Ghostery... It is more important to know how to use them than to have many...
Use Firefox (or derivative) or chrome, and stay away from IE for surfing...
-
Ok, just for S&Gs.... download the free version here and run it. See if it comes up with something and let us know.
https://www.malwarebytes.com/ (https://www.malwarebytes.com/)
Ok, alright. Why not?
-
If you are clean, then take steps against more trouble... one good adblocker and one good script blocker will help tremendously... @guitar4jesus layered approach is bulletproof - but might be a lot to learn... Ad-Block Plus and NoScript is all I use, and would certainly be better than nothing. Likewise Ublock and Ghostery... It is more important to know how to use them than to have many...
I am in process of doing that now.
-
Ok, alright. Why not?
Their other product, AdBlock Plus is also good for removing browser based PUPs. It's also free and, as a plus, does not install on your computer it is just run once and done.
-
Their other product, AdBlock Plus is also good for removing browser based PUPs. It's also free and, as a plus, does not install on your computer it is just run once and done.
Just did that along with all the others which were recommended.
-
Ok, just for S&Gs.... download the free version here and run it. See if it comes up with something and let us know.
https://www.malwarebytes.com/ (https://www.malwarebytes.com/)
I will bump Malwarebytes too - another great tool... but I would only use the free version and shut down it's resident stuff... Just using it as an on-demand scanner on occasion.
-
@XenaLee @roamer_1
I ran malwarebytes and it found 252 malware files on my computer. But all the hits came from extensions folders. So it picked up the definition files of the other malware programs on my computer.
See? Too many cooks do spoil the soup. The various malware programs are clashing with each other so...something gotta go.
Also, I have opened DailyMail.co.uk and I am going to leave it open all day. Just to see if I can get those things to hit again.
Thank you all for your help. Whatever caused this, I don't know, but you guys have made my computer much better with all the extensions and the EEK. So...overall...it was worth it. Thanks.
-
I will bump Malwarebytes too - another great tool... but I would only use the free version and shut down it's resident stuff... Just using it as an on-demand scanner on occasion.
That's all I use it for. I've been using MSE for 'active' protection and.... so far, so good.
-
Their other product, AdBlock Plus is also good for removing browser based PUPs. It's also free and, as a plus, does not install on your computer it is just run once and done.
I meant to say ADWCleaner, not AdBlock Plus... smh... Trying to spin too many plates at once over here... :whistle:
-
I ran malwarebytes and it found 252 malware files on my computer. But all the hits came from extensions folders. So it picked up the definition files of the other malware programs on my computer.
I don't know a single legit anti-spy/ad/virus that inhabits the extensions folder... certainly none that carry their defs there. Maybe you should publish that log (edited to remove personal info)... I am not all that concerned - I doubt that EEK would miss that many.
See? Too many cooks do spoil the soup. The various malware programs are clashing with each other so...something gotta go.
TRUE. I have ONE AV running, one ad-blocker and one script blocker in one browser. But I do have several tools at the ready and maintained onboard... without conflict. Both EEK and Malwarebytes can be rigged to be on-demand only (EEK is on-demand only).
Another good tool is CCLeaner (https://www.ccleaner.com/ccleaner/download), which will dump all your on-board caches with one button. Use the free version. I always run it before scans just to eliminate anything in temp directories... which may be happening :shrug:
Thanks.
np. Happy to be of service. :beer:
-
That's all I use it for. I've been using MSE for 'active' protection and.... so far, so good.
That's right... I run Kaspersky... but as a service tech, I tend to need more protection as I have a whole bunch of machines coming through my LAN. Better safe, and all that.
-
That's right... I run Kaspersky... but as a service tech, I tend to need more protection as I have a whole bunch of machines coming through my LAN. Better safe, and all that.
I thought Kaspersky was real trouble?
-
I thought Kaspersky was real trouble?
meh. I don't buy it. still the single best antivirus on the planet. I will probably have to take a decision when my subscription runs out this fall - But I will likely re-up.
-
The saga continues. Just got a system alert from Windows declaring that Malwarbytes and Emsisoft are in conflict (which I already knew). It said pick one and delete the other. It is cool that Windows 10 would be that sort of AI ish.
Also, I've been on DailyMail all day and so far the bug has not shown up. But that doesn't mean anything definitive because it doesn't happen every day. I'll know by Monday if it is really gone. Thanks again everybody.
-
Also, I found this. I am reassured that I'm not going completely crazy. The PC Repair Tool popup seems to be a well known issue. This website said that I may have been infected with something called 'adware'.
How to remove PC Repair Tool pop up ads [Chrome, Firefox, IE, Edge]
September 10, 2017 No Comment
Have you become that your web-browser randomly shows PC Repair Tool – “How to Fix Problems with Windows†page, instead of the one you want to see? It’s a sign that you have an installed adware (sometimes named ‘ad-supported’ software) on your machine. The ‘ad supported’ software is a part of harmful software that made to display lots of annoying popups including misleading ads offering install an questionable software like this “PC Repair Toolâ€. Follow the step by step tutorial below ASAP. It will clear your PC system from ad supported software that generates a lot of popup ads in the Chrome, Firefox, IE or Microsoft Edge browser and thereby remove “PC Repair Tool†pop-ups from your computer.
http://www.myantispyware.com/2017/09/10/how-to-remove-pc-repair-tool-pop-up-ads-chrome-firefox-ie-edge/#chromereset
I don't know if this is the cause or not, but it could be. At least I know that what I am seeing are real things.
-
Also, I found this. I am reassured that I'm not going completely crazy. The PC Repair Tool popup seems to be a well known issue. This website said that I may have been infected with something called 'adware'.
[...]
I don't know if this is the cause or not, but it could be. At least I know that what I am seeing are real things.
@240B
Well, yes. Many kinds of FAKE AV/FAKE CRYPTO infect the browser. Malwarebytes finding infection in your extensions can be legit - That is how browser infections work - like an extension.
-
And as for conflict, don't run malwarebytes and EEK at the same time.
-
@roamer_1
Based on research and what the extensions you told me about are telling me, I'm pretty sure it was all a simple matter. DailyMail may be a kind of 'dirty site' in the sense that they are doing a lot of stuff that users don't know about. There is a lot going on in the background when you visit that site. It is at least possible that even DailyMail does not know what these unscrupulous advertisers are doing.
My browser was not infected, because the issue only happened on DM and no other site. So these may be ads that are on DM site and the reason I saw them while others did not is because I did not have an Ad Blocker installed.
I am confident with the help of everyone and the work I've done to prevent ads and tracking today, that I will not see those popups again. It was most likely some kind of stupid ad on DM that was mimicking a virus checker.
In summary, I think you fixed it. LOL We shall see over the next few days.
-
@240B
good enough. glad it's sorted.
:beer:
-
I'm gonna get rocks thrown at me for sayin' this, but...
... Get a Mac.
Then you don't have to worry about such things any more.
31 years a Mac user, never had a "virus" at all.
And I don't even use any anti-virus software.
That's because there are NO Mac "viruses" out there "in the wild".
I don't "restrict myself" as to where I go or what links I click.
I visit the "pirate sites" and don't give a hoot about it.
I open just about any attachment I want -- I couldn't care less.
I do run the free MalwareBytes Anti-Malware app now and then.
And once it actually -found something- and removed it.
One instance in 31 years.
The best way to handle those "your computer is infected!" popups is to force-quit the browser you're running (you can do that in Windows, right?).
Then empty your browser caches and reopen it.
If you're going somewhere dodgy, use either the Epic Privacy Browser (they have that for the PC, too, I believe), or TOR.
Epic will "hide your IP address" from the website to which you're connected.
I think TOR can do even more, but I've only used it a little. Don't really need it.
One can be a Mac OS fan without being a fanbois for Apple (I'm not).
Great OS, even if the company is leftist and looney.
Unfortunately Apple -- which became big through the Mac and its peripherals (like the iPod) -- seems to be neglecting the Mac side of their business these days, as the largest share of their revenue these days comes from the iPhone (which I don't own or want).
I hope they don't finally decide to exit the computer-building business.
I could never adjust to a Windows PC -- ugh!
-
I'm gonna get rocks thrown at me for sayin' this, but...
... Get a Mac.
I had a couple Mac Pros. I liked them quite a lot, but they fell to the same problem that it seems all computers get: A required upgrade that made it run so slow there just wasn't any more hope for it and I had to let the last one go. A replacement was too expensive, being a Mac, so I'm back to a Lenovo.
-
Daily Mail, Jerusalem Post slow my computer down, make it hang or go slow. I don't think there is any real problem with the Daily Mail.
-
Mac fan girl since 94.
But as for the other questions, I'm pinging @Hopalong Ginsberg because he knows more about computers than anyone I know.
-
Freya wrote:
"But as for the other questions, I'm pinging @Hopalong Ginsberg because he knows more about computers than anyone I know."
Forget Hopalong.
If you have a "Mac problem", I can probably solve it! ;)
-
Mac fan girl since 94.
But as for the other questions, I'm pinging @Hopalong Ginsberg because he knows more about computers than anyone I know.
@Freya @Fishrrman
Fishrrman knows a lot about Macs, please give someone else a chance.
-
This thread is a bit unkind to the Daily Mail... but otoh, any publicity is good publicity.
-
Freya wrote:
"But as for the other questions, I'm pinging @Hopalong Ginsberg because he knows more about computers than anyone I know."
Forget Hopalong.
If you have a "Mac problem", I can probably solve it! ;)
He knows PCs. I haven't been. On one since the late 90s
-
@Freya @Fishrrman
Fishrrman knows a lot about Macs, please give someone else a chance.
Is fisherman swordmaker?
-
Is fisherman swordmaker?
That would be great. Swordmaker knew everything about Macs. Got me out of a couple jams.
-
Mac fan girl since 94.
But as for the other questions, I'm pinging @Hopalong Ginsberg because he knows more about computers than anyone I know.
I'm not familiar with Macs. On my PC I always use Adblock Plus with Chrome, and have not had problems with DM. A bit slow to load at times, but that's probably because they have so much crap on their pages.
-
I'm not Swordmaker -- he's above my pay grade.
I'll defer to Hopalong insofar as PCs are concerned. I'm a Mac guy exclusively.