What the heck? Attack Site?

[FelixDeCat]

...

 

[gigahertz20]

I'm getting the same thing using Firefox:

 

[TheVrolok]

Just got the warning myself. Anyone know what the "attack" is supposed to be? Anything we should be scanning for?

 

[Slacker]

Avast gave me a warning about a blocked trojan, I am using firefox.

3/27/2010 3:35:05 PM "h t t p : // storesigma. c o m/cgi-bin/ids.h t m l [L] JS: Prontexi-AI [Trj] (0)

(deleted some characters so the link wouldnt parse)
^ didnt work so i added spaces to the com and html parts

 

[goog40]

The fake antivirus installed itself without any prompts on my computer on IE8 last night. I was wondering where it came from. Had to reboot into safe mode to remove the registry entries and delete some files. It also changed the proxy setting in the registry so that IE and Chrome couldn't load any pages after I rebooted, but FF still worked fine. Today while running another scan with Malware-Bytes, AVG picked up that a PDF file in my cache was infected.

 

[TheVrolok]

The fake antivirus installed itself without any prompts on my computer on IE8 last night. I was wondering where it came from. Had to reboot into safe mode to remove the registry entries and delete some files. It also changed the proxy setting in the registry so that IE and Chrome couldn't load any pages after I rebooted, but FF still worked fine. Today while running another scan with Malware-Bytes, AVG picked up that a PDF file in my cache was infected.

Any memory of what the registry entries were? Would be nice to get some info on whatever is trying to be installed.

Registry proxy settings are:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy"=dword:00000001
"ProxyEnable"=dword:00000001
"ProxyHttp1.1"=dword:00000000
"ProxyServer"="http://ProxyServername:80"
"ProxyOverride"="<local>"

 

[skull]

Can anyone see the source code? When I get the reported attack page message I hit ignore. Then view source and it justs shows the warning. I'm running firefox in linux.

 

[IGBT]

had the same response. using AVG/full and Firefox.

 

[Red Squirrel]

I get the same thing when I click on an article, ex:

http://www.anandtech.com/video/showdoc.aspx?i=3783

This is a firefox feature, and not a fake screen, so it's not client side spyware or anything of that sort. Means someone reported the url to firefox as an attack site, so either someone did maliciously, or there was actually a hacked page or something.

 

[Interitus]

I laughed a little when "Attack Site" came up on the Fermi article.

But yes, I get these too. Haven't found anything bad yet after scanning though.

 

[goog40]

Any memory of what the registry entries were? Would be nice to get some info on whatever is trying to be installed.

Registry proxy settings are:

I believe this is what was installed:

http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html

The program that was set to run on startup was [random]ftav.exe

It doesn't let you run any .exe or open the task manager once its running, so you have to boot into safe mode in order to edit the registry so that it doesn't start up with Windows.

 

[Jodell88]

Can anyone see the source code? When I get the reported attack page message I hit ignore. Then view source and it justs shows the warning. I'm running firefox in linux.

Same here

 

[pyonir]

Same setup but with NoScript also. No problems...so far.

I have NoScript installed also...but didn't mention that. When going to the pages people are reporting they see it...google analyticsz still doesn't show up in my NoScript list...so I assumed it was being blocked by ABP. Either way, people should install NoScript if they have FF.

 

[daw123]

Avast gave me a warning about a blocked trojan, I am using firefox.

3/27/2010 3:35:05 PM "h t t p : // storesigma. c o m/cgi-bin/ids.h t m l [L] JS: Prontexi-AI [Trj] (0)

(deleted some characters so the link wouldnt parse)
^ didnt work so i added spaces to the com and html parts

Ditto with me; Avast has blocked a trojan several times. I'm using IE8.

 

[TruePaige]

Glad to see some good responses and that it got attention from some of the higher ups.

Thanks for contributing guys! I'm sure they'll resolve it soon. Nice to have tips for further protection for the members here.

Even with NoScript though I am pretty sure you can get the attack site message in Firefox, since Firefox was parsing the domain you were going to directly, before anything loads, and seeing it marked.

 

[JEDIYoda]

PEBKAC?? You're probably infected if your browser didn't detect it. Running FF 3.6.2 on Linux from 2 different distros with ADblock warn of it. Same with Win7 on FF

There is no truth in what you are saying.
The fact is not all anti virus programs are created equal.
17 posts and your telling someone they are probably infected...not likely!!

 

[Matthiasa]

Avast gave me a warning about a blocked trojan, I am using firefox.

3/27/2010 3:35:05 PM "h t t p : // storesigma. c o m/cgi-bin/ids.h t m l [L] JS: Prontexi-AI [Trj] (0)

(deleted some characters so the link wouldnt parse)
^ didnt work so i added spaces to the com and html parts

Thats what I had detected as well.

 

[0roo0roo]

please don't tell us to go into forum issues and lock this thread.
no one surfs forum issues for kicks.

 

[Matthiasa]

please don't tell us to go into forum issues and lock this thread.
no one surfs forum issues for kicks.

This already has official approval.

 

[0roo0roo]

This already has official approval.

yea but as happens on at the thread title is lame and uninformative so i didn't click on it until the other threads got locked

 

[pyonir]

Even with NoScript though I am pretty sure you can get the attack site message in Firefox, since Firefox was parsing the domain you were going to directly, before anything loads, and seeing it marked.

Yes, you still get the attack site message when going to the NVidia review on the homepage. But I ignored the warning, went to the article and had no problems at all. analyticsz still didn't show up in my NoScript list (just the normal google-analytics did, but I have that blocked anyway). I went to the article before it was reported as an attack site, when you all were having issues, and no warnings or problems came up. So FF, ABP and NoScript is working if anyone is really worried about getting attacked/infected.

 

[Raduque]

I guess they pulled the ad? I've got no issues here in any browser.

 

[JEDIYoda]

Yes, you still get the attack site message when going to the NVidia review on the homepage. But I ignored the warning, went to the article and had no problems at all. analyticsz still didn't show up in my NoScript list (just the normal google-analytics did, but I have that blocked anyway). I went to the article before it was reported as an attack site, when you all were having issues, and no warnings or problems came up. So FF, ABP and NoScript is working if anyone is really worried about getting attacked/infected.

no issues here iether.

 

[I Saw OJ]

What a pain in the ass.

 

[GodlessAstronomer]

Why is AT using some dodgy ad agency that can inject bad code into the page? Just use Google for your ads like everyone else FFS.