It looks to be completely random. All of our servers look clean. If anyone get's the redirect on a specific link every single time they visit it please post the link. At this time we're looking at a malicious ad being served from one of our 3rd party ad servers.
Originally posted by botrytis Google ads use java and java script for the ads. Java is one big virus waiting to happen. There is no write once, run anywhere system. If you have older versions of JAVA, just uninstall them (keep java up to date) or do what I did, uninstall java and never look back.
There is a lot of spoofing, etc that can be done in JAVA script so that is what is happening. I had this on other forums I belong to. Not the forums fault, it is Google that is not doing it's job.
Java and JavaScript are 100% unrelated to each other. It's only the names that are similar.
Judging from your post, it's Java that you have a problem with, not Javascript.
Actually, it was both. You see many ads (such as Google ads) do use javascript which can be used for nefarious reasons - like calling on a java program to download a payload - this happens when you get the redirection virus.
It's something in one of the ads, but I can't tell which one yet.
Some information:
You will only infect your PC if you a) allow the download of the file api_Downloader.exe ~and~ b) allow the file api_Downloader.exe to run
That will infect your system. As far as I can tell right now, the malicious ad will attempt to auto-download the file, but i don't think it is able to run the file remotely - you would actually have to click on it to run it.
Originally posted by psychobgr I'm using Kaspersky Internet Security and it keeps blocking some malware on mmorpg.com I gather its a dodgy advert or something has got onto the site. Kasperky stops it straight away as it happens each time I open any page from mmorpg.com.
Originally posted by Meddle Are the folks running adblock seeing this issue at all or not?
You could always have your team brute force to find it.
Firefox with noscript, start with nothing blocked, check scripts on the page and click stuff till you get redirected.
Block one script, keep clicking links till you get redirected, if you dont get redirected after 5-10 mins you found the script, if it happens again block another.
Originally posted by Meddle It looks to be completely random. All of our servers look clean. If anyone get's the redirect on a specific link every single time they visit it please post the link. At this time we're looking at a malicious ad being served from one of our 3rd party ad servers.
I was consistently getting it when trying to check this thread earlier today if that helps.
Thank you for the reports. We think we narrowed it down to the 200x200 ad on the left side of the forums that pretty much only ran through a network - meaning we don't have direct control of the ads. We have removed the ad entirely.
If you see this redirect anymore please let us know ASAP - feel free to email me directly at admin(at)mmorpg.com
Thank you,
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
The automatic redirect to PCKeeper only happened to me once so far 2 days ago. I'm using an up-to-date Chrome version without any blocking applets.
"I used to think the worst thing in life was to be all alone. It's not. The worst thing in life is to end up with people who make you feel all alone." Robin Williams
Since you turned those ads off this site is as fast as Speedy Gonzalez when downloading/updating.
"I used to think the worst thing in life was to be all alone. It's not. The worst thing in life is to end up with people who make you feel all alone." Robin Williams
Comments
- MMORPG.COM Staff -
Actually, it was both. You see many ads (such as Google ads) do use javascript which can be used for nefarious reasons - like calling on a java program to download a payload - this happens when you get the redirection virus.
So, it is both actually.
Admin Name: Mart Vajda
Admin Organization:
Admin Street: Hodoninska 15
Admin City: Holic
Admin State/Province:
Admin Postal Code: 90851
Admin Country: Slovak Republic
Admin Phone: +421.901234567
Admin Fax:
Admin Email: *** Email address is removed for privacy ***
Tech Name: Mart Vajda
Tech Organization:
Tech Street: Hodoninska 15
Tech City: Holic
Tech State/Province:
Tech Postal Code: 90851
Tech Country: Slovak Republic
Tech Phone: +421.901234567
Tech Fax:
Tech Email: *** Email address is removed for privacy ***
His site redirects to www.anyfiledownloader.com - don't go there! It's a company in Panama:
Technical Contact
Fundacion Private Whois
Domain Administrator
Email:*** Email address is removed for privacy ***
Attn: anyfiledownloader.com
Aptds. 0850-00056
Zona 15 Panama
Panama
Tel: +507.65995877
(you _could_ phone them but it's gonna be a long-distance call)
The software was written by Escolade Solutions LTD. Be sure to thank them too!
It's something in one of the ads, but I can't tell which one yet.
Some information:
You will only infect your PC if you
a) allow the download of the file api_Downloader.exe
~and~
b) allow the file api_Downloader.exe to run
That will infect your system. As far as I can tell right now, the malicious ad will attempt to auto-download the file, but i don't think it is able to run the file remotely - you would actually have to click on it to run it.
I did come across this if anyone should need it:
http://saviourforcomputer.blogspot.com/2013/03/how-to-remove-anyfiledownloadercom.html
It's not great, but gives you some additional information if anyone should accidently run the file.
Same..with almost every re-fresh.
And this is why I always use ad block plus and no script.
FUncom putting the FU in fun since 1993.
- MMORPG.COM Staff -
You could always have your team brute force to find it.
Firefox with noscript, start with nothing blocked, check scripts on the page and click stuff till you get redirected.
Block one script, keep clicking links till you get redirected, if you dont get redirected after 5-10 mins you found the script, if it happens again block another.
FUncom putting the FU in fun since 1993.
I can confirm that this does not happen with AdBlock turned on. I get it as soon as I turn it off again, so it's definitely caused by one of the ads.
-Also confirming.
Adblock Plus on chrome is stopping the problem. Turning it off and.... Its back.
I was consistently getting it when trying to check this thread earlier today if that helps.
Hello all,
Thank you for the reports. We think we narrowed it down to the 200x200 ad on the left side of the forums that pretty much only ran through a network - meaning we don't have direct control of the ads. We have removed the ad entirely.
If you see this redirect anymore please let us know ASAP - feel free to email me directly at admin(at)mmorpg.com
Thank you,
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
Since you turned those ads off this site is as fast as Speedy Gonzalez when downloading/updating.