Northwest Fishing Reports

OK so I know this is normally a client side thing and I know for a fact that my machine is not infected and I've just run another scan after killing all the IE process and there are none of the baddies listed on my machine.
One click on the main forum page and the complaint here shows up. It says I've caught a bunch of bad things.... Not so.

http://www.washingtonlakes.com/forum/vi ... =7&t=19632

When I try to X out of the pop up, it launches another IE process. Then win 8.1 asks if I want to allow the script to run...... It's trying to install a root kit or something.
Catching this stuff was my livelihood for many years. Best check your code, it's reaching out in an unfriendly manner.

First this pops up:


Then this when you try to X out:



Finally this is the real quarantine:



The listed threats are well known and SC Endpoint is quite familiar with them. It's trying to load something else.

I really don't know what to do here. An infection is an infection. It's not picky. Either we're infected, and everyone should see something going on, or we're not, in which case I'm inclined to blame the client. At the very least I would expect more than 1 or 2 complaints.

Can you reproduce this on another machine/device? Do you think it's only IE/Windows 8 related? I haven't used IE in... when was Chrome released?

- Aaron

Alrighty then. It's IE related. I loaded the forum with IE and received the notice. I'll see what I can find. Just another reason to never ever ever use IE.

firefox ... FTW (for the win)...

Aaron wrote:Alrighty then. It's IE related. I loaded the forum with IE and received the notice. I'll see what I can find. Just another reason to never ever ever use IE.

I would but, when MS pays my salary, they kind of expect us to use IE. For code testing we can use anything but...... If one of the big boys swings through, I don't like answering those kind of questions, right or wrong......

My fear is that it's Banner ad related... coming through from one of the ad networks. My initial quick scan using Malwarebytes came up with nothing. Security Essentials shows nothing. That tells me there's...... nothing.

- Aaron

Aaron wrote:My fear is that it's Banner ad related... coming through from one of the ad networks. My initial quick scan using Malwarebytes came up with nothing. Security Essentials shows nothing. That tells me there's...... nothing.

- Aaron

That is a distinct possibility. On the second pic have a look at the start of the url, definitely not one of yours. =)
I'd almost put money on it being the ADs. Necessary evil but an unpleasant one.

Hewes had the same issue a few weeks back...
if you look at your captured picture of security essentials alert, the red one, the word "MIGHT" is misspelled."migth". that tells me that is not an alert from security essentials..but a fake... it's the Ruskies at it again.. it is red after all!

I haven't rcvd these messages... but have been experiencing some big slow downs on this old computer... Firefox quit working, deleted it.... that sped up chrome, which I'm now using.

I noticed in my processes, when the slow down returns, that a MS "something" cranks way up in CPU usage. Not related to here.... Some other forums I'm on report massive daily attacks... so much so.. one forum recently changed their software package out to run the forum... any way... it's happening all over more intensely.. it seems to me.. CHEERS! Keep your tip up and your line tight! Limits of clams last Tues! Easy pickins!

Anyone still seeing this as of this morning? I've received a few complaints via email about it, but I can no longer reproduce the problem. My hope is that is was in fact being delivered via a banner ad exploit and the publisher of the ad has cleaned their systems. I've done everything I can on my end to find and remove it, but everything we have comes up as clean.

Aaron wrote:Anyone still seeing this as of this morning? I've received a few complaints via email about it, but I can no longer reproduce the problem. My hope is that is was in fact being delivered via a banner ad exploit and the publisher of the ad has cleaned their systems. I've done everything I can on my end to find and remove it, but everything we have comes up as clean.

I had it pop up on me Sunday evening. Nothing this morning. It may be a failure to launch but I kill the thread anyway.

It showed on my work computer last night shortly after 3:00 am and on my home computer at about 9:00 am this morning.
The only way for me to get rid of it is killing the thread and doing a computer reboot.

I've got the same thing, as Bodo's below screen shot. Maybe I will consider a different browser if that is what we are saying will fix the issue? MS doesn't write my checks.

Bodofish wrote:First this pops up:


Then this when you try to X out:



Finally this is the real quarantine:



The listed threats are well known and SC Endpoint is quite familiar with them. It's trying to load something else.

Wa Lakes was infected as I had the same problem at home last night. Got out and scanned my machine and it was clean, its the website.

strider43 wrote:Wa Lakes was infected as I had the same problem at home last night. Got out and scanned my machine and it was clean, its the website.

Pretty sure it's the AD Banners. Aaron scanned all the servers. 3rd Party content, what can ya do......

I just had this happen 5 minutes ago when I tried to login. I just ran the cc cleaner and the malwarebytes last night.

Bodofish wrote:Pretty sure it's the AD Banners. Aaron scanned all the servers. 3rd Party content, what can ya do......

I know what I'd do....

Made a slight change to the AD code this morning. Let me know if it makes any difference.

So far so good! I've been bouncing back and forth between forums and haven't had it pop up yet.

I have had no issues the last 2 days.