Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 14-06-2015, 20:22   #1
Registered User
 
ErikFinn's Avatar

Join Date: Feb 2011
Location: Malaysia, Thailand
Boat: Beneteau Oceanis 430
Posts: 832
Is this advertising coming from CF or do I have a virus/adware?

Hi folks,

recently I have experienced a sudden increase in unwanted pop upps. This despite I have a good internet security paid subscription, a pop up blocker, and Ghostery, ScriptBlock and AdBlockSuper extensions on my Chrome browser.

Just now I had a pop up from this address while browsing CF (do not go there in case it spreads adware/malware, I list it for "scientific" reasons only, with spaces added in) :

http: // onclickads .net / afu . php?zoneid = 296236 (my ScriptBlock stops that from executing but I get this popup new tab with the above URL)

Does anyone recognize this site? are they a CF partner for example? Can I stop these popups somehow? I'm concerned about ill effects such as virus/malware/adware and so far Trend, my internet security provider, has not been able to resolve this despite talking with their helpdesk.

Cheers
__________________

__________________
ErikFinn is online now   Reply With Quote
Old 14-06-2015, 21:57   #2
Moderator
 
sailorchic34's Avatar

Cruisers Forum Supporter

Join Date: Feb 2011
Location: SF Bay Area
Boat: Islander 34
Posts: 4,812
Re: Is this advertising coming from CF or do I have a virus/adware?

That is not coming from CF. I would recommend clearing your cache and cookies in chrome and make sure your adblock and ghosty are up to date and on. Sometimes chrome or an app turns them off too, just for fun.

I might also suggest running malwarebytes and superantispyware. First MWB then SAS, full scan with updates. Both are available free.
__________________

__________________
sailorchic34 is offline   Reply With Quote
Old 15-06-2015, 01:27   #3
Registered User
 
ErikFinn's Avatar

Join Date: Feb 2011
Location: Malaysia, Thailand
Boat: Beneteau Oceanis 430
Posts: 832
Re: Is this advertising coming from CF or do I have a virus/adware?

Quote:
Originally Posted by sailorchic34 View Post
That is not coming from CF. I would recommend clearing your cache and cookies in chrome and make sure your adblock and ghosty are up to date and on. Sometimes chrome or an app turns them off too, just for fun.

I might also suggest running malwarebytes and superantispyware. First MWB then SAS, full scan with updates. Both are available free.
Thank you sailorchic, very helpful and kind advice and I appreciate it
__________________
ErikFinn is online now   Reply With Quote
Old 15-06-2015, 15:01   #4
Registered User
 
Cormorant's Avatar

Join Date: Jan 2009
Location: Catskill Mountains when not cruising
Boat: 31' homebuilt Michalak-designed Cormorant "Sea Fever"
Posts: 2,073
Re: Is this advertising coming from CF or do I have a virus/adware?

For really deep malware, try Combofix.
__________________
Cormorant is online now   Reply With Quote
Old 20-06-2015, 21:31   #5
Registered User
 
ErikFinn's Avatar

Join Date: Feb 2011
Location: Malaysia, Thailand
Boat: Beneteau Oceanis 430
Posts: 832
Re: Is this advertising coming from CF or do I have a virus/adware?

Quote:
Originally Posted by Cormorant View Post
For really deep malware, try Combofix.
Thanks for the tip Cormorant.

I've been travelling for 4 days so have not been able to work on this issue so much recently.
But what I have done (in addition to Trends's previous suggested tasks) is the following:
-Ran Malwarebytes
-Ran Superantispyware
(Combofix also suggested, but it seems like a potentially pretty big gun after I read a few googled links, so I'm disregarding that for now)

Despite completing the above, I still just now got a pop-up, from this URL:

http:// www. totaladperformance .com/ad /display .php?r=316091 (DO NOT GO THERE, MAY BE MALICIOUS)

I googled "Totaladperformance" and few of the links had something that caught my eye:

Chrome keeps opening tabs with the adres www.totaladperformance.com : techsupport

at the bottom there is this instruction:
"Go into settings, chrome://settings/ , in the "on startup" area there is a radio button that says something like open a set page or pages. With a link that will open a small dialog box. In that dialog box remove everything in there except the stuff you want to open.
This should be looked at as well as running your favorite ad cleaning software and malwarebytes."

I had a link in the above described location and I deleted it just now, still need to use the chrome browser to see if there is any change.

Also found another link which sounds promising:

Remove totaladperformance.com Pop Up Ads | The FreeFixer Blog

at about 2/3 down the page there is a commnet by "Tomi":
"Hey,
all you have to do to get rid of totaladperformance is uninstall Chrome extension called Adblock Super. Thatís it.
Bye"

So that would imply that my Adblock Super extension is the source of the problem. But it is a bit strange since that extension is supposed to block ads, not increase them... I will try that a bit later, after some testing first.

So at the moment I'm thinking that maybe I don't have an infection, hopefully, maybe it's just in chrome settings or it's the Adblock Super...

Cheers

PS, trying to proceed cautiosly, as in most cases what one reads in the internet one has no way to determine the credibility of the source. Someone saying they are legitimate maybe the exact opposite. For example, there are antivirus scans which actually install viruses/malware, and so on..
__________________
ErikFinn is online now   Reply With Quote
Old 20-06-2015, 23:11   #6
Registered User
 
ErikFinn's Avatar

Join Date: Feb 2011
Location: Malaysia, Thailand
Boat: Beneteau Oceanis 430
Posts: 832
Re: Is this advertising coming from CF or do I have a virus/adware?

Quick update after some research:
Possibly my Adblock Super 2.7.4 installed from the official Chrome Shop was either rogue and/or malicious. Found these two links touching on the subject (there are others but posting these two for now) which made me more suspicious:



Chrome app store has a rogue Adblock Plus entry under apps!

After viewing and reading these I went to my Chrome's extensions and looked at my official Chrome Shop installed Adblock Super 2.7.4.

To my surprise, when clicked on Details-View in store, it could not be found. This let me to believe the app was either malicious or rogue and I removed it. If I'm correct and this is indeed the case, it is quite troubling to realize that malware can be spread from the official Chrome store, and furthermore, my paid and uptodate Trend Internet Security subscription never ever had a clue.

These findings are not conclusive yet and I'll keep on testing and observing.. Hoping issue is resolved but on the other hand there doesn't seem to be any software that would undisputedly confirm my computer is 100% not infected.
__________________
ErikFinn is online now   Reply With Quote
Old 20-06-2015, 23:57   #7
Registered User

Join Date: Jul 2013
Location: San Diego, CA
Posts: 3,157
Re: Is this advertising coming from CF or do I have a virus/adware?

I use Ad Block Plus, I'm not even sure Ad Block Super is a valid ad blocker.

Some of this malware stuff is pretty tenacious, a couple of times I've had to restore back to a previous known good point and breathe a sigh of relief I had a good restore point.

You're also right to be wary of advice on the net, some kids think it's funny to give the opposite advice to what you should be doing, or they just don't know what they're talking about.
__________________
socaldmax is offline   Reply With Quote
Old 31-10-2015, 07:50   #8
Registered User
 
Ribbit's Avatar

Join Date: Oct 2015
Posts: 655
Re: Is this advertising coming from CF or do I have a virus/adware?

Chrome isn't very secure and has quite a number of issues. I frequently use the SRWare Iron developed version of Chrome which has most of the Chrome insecurities and other faults fixed (it's free, which helps, but check regularly to see if there is an updated version available, as development is ongoing).

I've been trying out Microsoft Edge recently (haha!), and have been finding that if a site is https compliant with good Security Certificates, then there are few issues. Issues which just about all seem to be caused by advertisers (though an extremely bad source of problems is that DISQUS blog commenting facility that way too many places use - lack of security seems to be their whole reason for existence). I do wish CF was https compliant with good Security Certificates, because I have been getting between about 250 to 450 mal/spyware from the advertisers here, on each visit.

Superantispyware sorts them out quickly enough, but you never know when a really 'bad one' will get in (I had 5 Trojans get in from one visit to a newspaper site that uses DISQUS, for example /sigh).
__________________
Ribbit is offline   Reply With Quote
Old 29-11-2015, 19:54   #9
Registered User

Join Date: Nov 2015
Posts: 9
Re: Is this advertising coming from CF or do I have a virus/adware?

Quote:
Originally Posted by ErikFinn View Post
Hi folks,

recently I have experienced a sudden increase in unwanted pop upps. This despite I have a good internet security paid subscription, a pop up blocker, and Ghostery, ScriptBlock and AdBlockSuper extensions on my Chrome browser.

Just now I had a pop up from this address while browsing CF (do not go there in case it spreads adware/malware, I list it for "scientific" reasons only, with spaces added in) :

http: // onclickads .net / afu . php?zoneid = 296236 (my ScriptBlock stops that from executing but I get this popup new tab with the above URL)

Does anyone recognize this site? are they a CF partner for example? Can I stop these popups somehow? I'm concerned about ill effects such as virus/malware/adware and so far Trend, my internet security provider, has not been able to resolve this despite talking with their helpdesk.

Cheers
I'm not sure if it's the same ad I visited but on the same day in yhe same country that I visited a site and made a purchase of a brain stimulate and right after a charge was made to my account . I recieved a call from fraud protection @the institute I bank at had to cancel my card due to a fraudulent purchase attempt so please use caution.
Fair Winds
Windhunter
__________________
Windhunter is offline   Reply With Quote
Old 24-11-2016, 19:10   #10
Registered User

Join Date: Nov 2016
Posts: 1
Re: Is this advertising coming from CF or do I have a virus/adware?

Actually, this blank page http://onclickads.net/ is not a safe domain. Onlickads.net has been detected as a dangerous browser hijacker that may damge your computer and endanger your privacy security since this suspicious website is supported by advertisements. Without removing the malware from computer, your webpage may be bomboarded with lots of annoying pop up ads. Malware or adware program can't be detected and removed by the common antivirus software. I suggest you to scan your system by a real-time anti-malware tool like Malwarebytes, Plumbytes Anti-Malware, SuperAntiSpyware,TDSSKiller, etc. Good luck to you!
__________________

__________________
ElsaJenny is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dangerous Virus Affecting Sailors atoll Off Topic Forum 24 13-09-2011 10:22
Fake Windows Virus Protection! Chief Engineer Off Topic Forum 19 18-07-2009 08:05
New Virus warning Talbot Marine Electronics 3 22-04-2006 15:49



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 04:36.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.