ATS and Adware/Spyware/Hi-Jackers

OK. This is really annoying, but while browsing ATS... At the newly populer Mayatreia(sp?) thread, ATS infected my computer with something nasty. How do I know it was ATS? While at the thread, the top of my browser alerted me to a download on the page, and my firewall allowed me to block it, or so I thought. Even after blocking it, I've been getting a new popup ad with every ATS page I go to.

BE WARNED!!!! Either ATS's advertising company is intentionally infecting us... or someone is hacking into ATS database servers and doing it themself.

I am incredibly upset, and ready to just quit ATS coming back means I have to deal with nasties being put on the compy, just because the Three Amigo's snooped this low for cash.

Anybody else got this hi-jacker? I hope AdAware will get rid of it. This is incredibly infuriating. This is why I don't go to porn sites.

More information on Exactly what it was that your "firewall" allowed you to block would be most helpful in determining the root cause of your dilemma, though I'm quite certain it was Not a result of anything coming directly from ATS.

I'm on the site for Many hours a day, everyday, and have Never encountered anything the likes of which some speak of.

IE7, AVG Free, and XP's Firewall, and aside from a router, that's all there is between my system and the big bad Internet... w/ Never a problem or issue.

More info would be greatly appreciated.

Hi

Ive been getting a pop up thing as well. Only when I open ATS initially not every new page. The first time it happened it wouldnt let me shut it I had to use task manager. Its a pop up ad is yours the same looking?

Ive run virus and spyware scans, changed my Ie add-ons, emptied all temp files etc as soon as it happens, still is happening a few times. This may be whyt Im not getting repeats like you are if you arent emptying your temp files.

Also my browser has started opening new tabs, heaps of them automatically, its very hard to shut it down as they just keep coming, like a mild virus but I cant find the root of the cause.

Im no IT Guru, Any advice would be Mint.

Anyone else here suffering fromsame symptons?

themuse

Yep. Every time I come to ATS I get a notice from my computer that a 'high risk attack' was blocked. That's been going on for a few weeks now. My computer gives me warnings - high, medium, and low risk. These are all high risk. I'm not a computer person so I don't know anything other than that.

I do spend a lot of time here and never had problems before. Now that you (OP) mention it, in the past week or so I have suddenly been getting A LOT of annoying popups even though I have a popup blocker - so perhaps your (the OP) thoughts on something from here could be to blame. I hadn't thought of that.

I'll watch this thread and see what develops.

Its just tracking cookies.
Some AV Anti Spyware goes overboard with them.
If you set your browser to clear cookies on shutdown then you wont even have them.

Originally posted by LostNemesis

BE WARNED!!!! Either ATS's advertising company is intentionally infecting us... or someone is hacking into ATS database servers and doing it themself.

Im not saying ATS has malware in the adverts it uses (i have never had a problem) but sometimes even "legit" websites can be affected by hidden code through no fault of there own.

as shown in THISarticle from nov 2007;

The malware has been spotted on several legitimate websites, including ones run by The Economist magazine and Major League Baseball, as well as Canada.com, Wired magazine reported on Thursday.

Also, have you done a search because there are two or three threads about this already with a lot of tips and suggestions, one in BB&Qs and one in computer help on BTS.
www.abovetopsecret.com...
www.belowtopsecret.com...
www.belowtopsecret.com...
www.belowtopsecret.com...

[edit on 25/1/2009 by orgyofthedead]

[edit on 25/1/2009 by orgyofthedead]

Originally posted by LostNemesis
BE WARNED!!!! Either ATS's advertising company is intentionally infecting us... or someone is hacking into ATS database servers and doing it themself.

Over the past two weeks, we've had amore than 850,000 visitors to ATS. In that time, we have two threads and one contact email mentioning issues similar to yours. We get a lot of visitors, and a comparatively very-small amount of complaints of this nature.

In the past, 80% (or so) of these types of complaints have been related to firewall/malware scanners incorrectly alerting to cookies from us or our advertisers. Many anti-_____ software companies classify cookies as malware, which is incorrect and intended to make users think the software is constantly doing something.

Another solid 15-18% has been directly related to a member's/user's computer actually being infected with adware/malware from another source. We are a popular site (top-5000 in Quantcast) and many adware makers specifically target pop-ups to popular domains --- in fact, about a year ago, we identified one such malware that included our domain as a specific target for pops.

A small percentage (only two in the past four years that I can recall) have actually been related to an infected advertisement. And once tracked down with the aid of the ad networks, turned out to be an infected machine that was used to create the Flash banner ads (no malicious intent from the advertisers). Also, we only use ad networks that regularly scan creatives for such infections --- it's not impossible for an infected ad to get through, but unlikely.

Another very-small percentage has been related to ATS content, and specifically member avatars with malicous code embedded. Since then, we've taken precautions to ensure that doesn't happen again.

Our servers are scanned daily for potential malware that might be attached in some way. A professional third party computer security firm automatically tests the headers and important code snippets for changes that would indicate an injection of malicious code. If and when such a thing happens, we'd be alerted immediately. This has never happened.


It would be helpful if you could forward your firewall/scanner log to me via U2U. That way I can troubleshoot to determine exactly what happened, as well as the source.

Okay - I signed off and then came back on ATS. This is what came up.
(remember, I'm not computer savy, so I don't know if this helps anyone)

Attacking Computer -
tq.we1woiea.com (76.74.156.142.80)

Attacking URL
tq.we1woiea.com/duwoeiruoiqa/count.php?o=1

Source Address
tq.we1woiea.com (76.74.156.142)

I don't know if this is from something here or not.
It comes up whenever I log in here.
My computer says it is a 'high' security risk.
I don't get this when I go to other sites.

Just FYI for whoever may be interested over in MOD land....

I've been an active member of ATS since November, on two computers. Both my laptop and home PC are running windows vista and I use IE. Both have McAfee installed, but I am a procrastinator, I haven't renewed the subscription on either.

I have the windows firewall on.... I have had NO problems of any kind!

Unless being irritated by redundant posts and random ignorance qualifies?

I don't visit a lot of websites, and occasionally I am alerted that a site may contain malicious scripts and will avoid them, but again, I have had NO problems on ATS.

Originally posted by LostNemesis

Anybody else got this hi-jacker? I hope AdAware will get rid of it. This is incredibly infuriating. This is why I don't go to porn sites.

I started a thread in BTS, it's called something like 'Please help, computer problem' in Chit-Chat because I had a similar issue.

I picked up on what you said about not going into porn sites because I kept getting pornographic sites coming up and gambling sites.

A lot of people tried to help me, for which I'm grateful, but whatever the problem was it made it impossible for me to follow the advice I was given. For example, it wouldn't let me into majorgeek.com.

I got very persistent pop-ups claiming to be microsoft security telling me I'd got infections or trojans, they even had the badge logo on them. So because they were making my computer unusable, I downloaded Microsoft anti-spyware 2009. Apparently, that's a con.

Anyway, my computer eventually froze completely and I've now set myself up with a new computer and a new broadband supplier.

This all happened when I was in Obama/election threads. This isn't something I was particularly interested in, but I'd seen a couple of interesting(and mis-leading) thread titles which I looked into. Once there, I discovered what they were about and read a few posts.

I might be paranoid, but I did wonder if it was the nature of the threads that attracted the problem to me. Usually I potter about it BTS or something like skunkworks and nothing like this happened there.

www.belowtopsecret.com...

Think I've worked out how to provide the link

[edit on 25-1-2009 by berenike]

Originally posted by FlyersFan
Attacking URL
tq.we1woiea.com/duwoeiruoiqa/count.php?o=1

From what I can determine, it's not an attack, but simply the word "attack" is being used by your software for an event disallowed in your security settings.

It appears that an ad from a Soccer Jersey store is attempting to load an ActiveX component that enables streaming of catalog content (pictures of products) within the banner. Some malware scanners set to disallow automatic ActiveX components will classify non-malicious ActiveX events as attacks.

reply to post by LostNemesis


Just now, when I went to the New Defication of Obama thread, as soon as I went into it, my computer webscan virus control, said it just wiped out a virus that had attached itself.
www.abovetopsecret.com...

So I just now had this happen for the first time and then saw this thread went I went back to recent post. But I had to close that ATS thread - as it would not left me leave without closing completely.

Something is happening, as it just did. I should have copied and pasted what it said the virus was.



[edit on 25-1-2009 by questioningall]

All i ever got is the 'LOW RISK' tracking cookie,

which i keep 'fixing', but always returns, I've since stopped being concerned.


on rare events, out of the clear-blue generally, I receive a warning that an Attack was just thwarted, the anti-virus gives me all the info,

but just who do you call?.... the attack most likely was a web-bot PC
that itself was hijacked to attack random users.

recent ATS use has never been a percurser to an Attack to my knowledge...
but just 2 days ago, i did run into a site on a Google Search Page One site
that must have been a Phoney-Duplicate site with Malware/...


usually its a page 6 or deeper in the Google search where these attacks can be found regularly

reply to post by FlyersFan


Hey, just saw your post, that looks "exactly" like what mine said, I recognize the wa bit and everything else looks exactly the same. This occured to my computer, not more than 5 minutes ago.

[edit on 25-1-2009 by questioningall]

To the MODs,

Would it be alright to have them copy their hijackthis logs into this post?

I could look through them to see if their is something on their computers causing this.


If not I would suggest all the posters having a problem go to www.whatthetech.com and ask them for help. They will point you to download certain apps to diagnose your problem.

Just happened.

I had been viewing the "Catlett, VA" thread. Left the computer to answer Nature's call.

Next thing, I hear what appears to be a news report coming from my pc speakers.

I finish my business and investigate.


Somehow (I live alone), the following site has hijacked my computer and diverted me away from ATS and to their site.



[url=http://www.blinkx.com/category/news?adid=10-100-201-300-404&p=1[/url]




There ought to be a law!




[edit on 25-1-2009 by Bhadhidar]

Originally posted by Bhadhidar
Just happened.

I had been viewing the "Catlett, VA" thread. Left the computer to answer Nature's call.

Next thing, I hear what appears to be a news report coming from my pc speakers.

I finish my business and investigate.


Somehow (I live alone), the following site has hijacked my computer and diverted me away from ATS and to their site.



[url=http://www.blinkx.com/category/news?adid=10-100-201-300-404&p=1[/url]




There ought to be a law!

[edit on 25-1-2009 by Bhadhidar]

Go to the following URL and follow the instructions.

www.safer-networking.com...

reply to post by SkepticOverlord


So it's an ad thing that my computer is seeing as an attack?
That makes sense. There are a lot of ads running here.

I'm glad you all understand this stuff. I have no clue and,
as much as I've tried, I can't follow it.

I dont think ATS is doing anything wrong.

I use AVG and I have none of these issues not in the over 1 year I have been here. I would think the people having issues are getting them elsewhere.

Not sure if this is related but starting Fri. I have been unable to get on ATS. No problem with any other site. I have Norton and WIndow's Vista on one computer and Win NT/McAfee on the other. Even disabling firewall I still cannot connect- at library now for limited time..Any ideas?