[X] My Assistant

Excuse me, I'm a long time visitor of this site, even if I don't post very often.

Recently, the site began linking advertisements all over the place, I suppose to help with funding, hey, that's cool.

However, the 'Antivirus.net' trojan is lurking amongst those pop-ups now, and without fail finds it's way on my computer, to fuck my shit up and force me to delete everything in order to get rid of it. I see it right there, in fact, but I had to risk getting it on my computer again to tell you all. It's become a serious detriment to my visiting, and unfortunately, I might have to say goodbye permanently if it's never fixed by the admins, or someone else.

Thank you for reading this, if you did.

Can you post some more details? Like, how you know for certain it's from here? What ad was up when your notification came up, etc?

Oh, I instantly delete pop-ups, so I have no idea what they might have been, possibly 'LiveJasmin', or some such. I went to my beloved 'Smudge' section as I always do, went through the list...about the time that I clicked one of the pictures, in one of the picture galleries, that triggered the two pop-ups, and like clockwork, this little cuntbag appeared in my little 'icon list', you know, near my clock, and near the 'internet connection' icon? It never freakin' fails, man. I've been running Malwarebytes for 3 hours and 30 minutes now, I freaked out and decided to scan ALL my drives, not just the few it suggested to me.

God I hate this computer.

You know that just loading a file can cause malware infections, right? Same with just right clicking in Windows Explorer or even just showing the icons. I suggest you PM me your Hijackthis log. Just make the log - DON'T fix anything yet. It just lists all nondefault programs that start up on your PC.
[free.antivirus.com] http://free.antivirus.com/clean-up-tools/
[en.wikipedia.org] http://en.wikipedia.org/wiki/HijackThis

If that can't run, go get a copy of the "Trinity Rescue Kit" boot cd. Better yet, make it anyways just in case.
If you have trouble booting it, PM me and I'll arrange a backup form of communication or something. There's instructions on the site on how to use it. It works even if the PC won't boot to Windows or safe mode won't work!
trinityhome.org

::EDIT:: Oh, BTW it has a self-contained version of Malware Bytes' scanner in case some file/setting refuses to be deleted/fixed.

This post has been edited by lovehcomics: Feb 3 2011, 08:20

Or, possibly, the name of the infected file. It might be possible to source it and have the ad disabled.

I use Firefox, and I don't download anything, as my computer is for some reason, incapable of viewing whatever it is I downloaded.

I'll try downloading Hijackthis, hold on.

Currently looking into this. I've suspended the ad zone in question until I head back from the advertiser.

I hate to jump in and start pointing fingers, but I hope this helps. I just spent the entire day removing this TLD3 rootkit from my computer which I believe came from visiting the g.e-hentai gallery around yesterday.

So if you're having any issues with a physical memory dump BSOD on Windows startup, you should see if it's being caused by this rootkit.

I hate to jump in and start pointing fingers, but I hope this helps. I just spent the entire day removing this TLD3 rootkit from my computer which I believe came from visiting the g.e-hentai gallery around yesterday.

So if you're having any issues with a physical memory dump BSOD on Windows startup, you should see if it's being caused by this rootkit.

Few questions out of curiosity:

1. What browser do you use?
2. Does this malware need some user actions for infection to happen?

Few questions out of curiosity:

1. What browser do you use?
2. Does this malware need some user actions for infection to happen?

1: I'm using an outdated version of Firefox, 3.5.4
2: I don't know exactly, but on two occasions I got a blue screen of death simply by opening the g.e-hentai gallery

My ads are blocked but I've been experiencing jam ups and load failures quite consistently the last two days.

Oddly no problem here even on the tower that uses plain vanilla Mozilla. Of course, the laptop running locked-down scripting and such has never got this issue, either.

If only we could remember the thing we saw right before the infection... It's most likely a Flash bug infecting machines. (IMG:[invalid] style_emoticons/default/sad.gif)

::EDIT::
Oh! That makes sense. My laptop has Flash block, NoScript, and such with FF 3.6.x. The tower is running latest Flash patch. Might be something else but this seems possible.

All your scripting languages such as Flash or Java absolutely need to be updated.

This post has been edited by lovehcomics: Feb 3 2011, 23:40

We really go as far as possible to ensure that the advertisers don't put up any crap on the slots we provide, but unless you keep your stuff up to date, you really can get owned anywhere. A few weeks back, I happened to be looking over the shoulder of a friend who was browsing some crap at a seemingly legitimate site when some ad fired up a Java plugin and installed a bunch of crap with zero input. It took all of three seconds, so unless you happened to have your finger on the power switch, there was no stopping it. Looking at it later, the Java install was about two versions out of date (it was 6u21 or something), and that was enough.

You really need to be fully patched up on ALL the following:

- OS
- Browser
- All browser plugins (Flash, Java etc) - you can use the [www.mozilla.com] Browser Plugin Checker to be sure
- ANYTHING that can be started without input from the browser, typically media players, PDF readers and so on

And if you're not, well.. start updating, you lazy git.

If you're really paranoid or just tired of having to deal with stuff like this, there are additional precautions you can take.

Use Firefox with NoScript and AdBlockPlus
Run your browser in Sandboxie

"6u21"
Well, there are also sometimes regressive bugs that bring back old issues but this might have been a "0-day" exploit. It's why I say screw it and don't allow scripts or Flash/Java/... to work by default. Funny thing is some sites blame you for blocking their ads even if you just block cross-site scripting. Yes, I allow Google keyword ads but not some random site. Gee, they wonder why people do that.

Just staying up to date on everything and running a clean system (Routinely check your startups and services, keep good habits, etc) goes a long way, almost more than any other precaution. In fact, if you had impeccable habits, you could probably do fine without even an antivir/firewall. I think at least one of these ads tried to pull something funky, though; it was one of those "Grow your dick longer" ads, I think, and those are really an eyesore. Honestly it's not the viruses and such, that's easy enough to avoid, it's that I didn't come here to look at some guy's dick on a banner ad.

Yeah, those damn advertisers. This has got to be illegal someplace. ima check the USC sometime and see if it's got anything to say.

Except Google [news.cnet.com] isn't immune, either. It's hard to avoid when all of them have a potential to screw up. But unfortunately, it's not like we have much of a choice.

Yeah, I know... Even Google has problems sometimes. Why I'm considering why they're killing the golden goose? It seems that marketers can sell absolutely worthless stuff (costwise) for insane profit (say, caller ID), then why can't they just sell something indirectly, that's gray market? Say, gray imports for "bargain" prices that are still 300% markup? A careful ad can tempt people with a following upsale without triggering DMCA notices. Meh, guess they're just lazy or I'm just evil. And no, I'm not recommending someone do that. :/


US laws are worthless in Russia.


This post has been edited by lovehcomics: Feb 5 2011, 20:10

They certainly are worthless in Russia, but our ISPs are the ones letting the traffic through.

Yeah, no easy solution. Take them away, people lose money. Keep them, users get irate.

I would like to add that I too, enjoy this site frequently, but recently I have had to deal with Antivirus.NET infecting my computer. I don't know of any particular area, but I have a few more details.

Firstly, it is a very annoying program and will basically tell you to fuck off if you try to open ANYTHING. However, I discovered that adjusting your startup programs found with Run >msconfig, the virus does not load and will not bother you. With that in mind, I just had the virus pop-up again 5 minutes ago, and I immediately disabled it again.