What the heck? Attack Site?

TruePaige · Mar 26, 2010

Mike Gayner said:
Eh, I use Chrome and have never had an issue like this. PEBKAC, like 99.99999% of all virus problems.

Don't be a jackass.

A variety of people reporting the same problem...hmm!

It's NOT an anti-virus issue, apparently you have no idea how the attack site database works. It checked the url of a provider (googleanalyticz) and found it to be "Blacklisted".

My rig is clean thank you very much.

EagleKeeper · Mar 27, 2010

Just got the Virus alert and a complaint about Adobe 3D

TruePaige · Mar 27, 2010

Common Courtesy said:
Just got the Virus alert and a complaint about Adobe 3D

:thumbsdown:

Avalon · Mar 27, 2010

Using Chrome as well, got that same popup. Also running Microsoft Security Essentials like some of you out there. It doesn't appear that my machine has been hijacked by a fake redirection virus, as I'm not seeing any of the symptoms. I guess I could run bit defender just to be safe.

IEC · Mar 27, 2010

I only see it come up as blocked by noscript when in Off Topic - have not been able to get googleanalyticsz to show up on other forums.

Lanyap · Mar 27, 2010

Received Adobe message "A 3D data parsing error has occured" then Antivirus Soft started up. I'm running ESET NOD32 v4 and it did not catch it. Used malwarebytes to clean it up. Glad it's not just me...

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxfvxhjh (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxfvxhjh (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

PM650 · Mar 27, 2010

Lanyap said:
Received Adobe message "A 3D data parsing error has occured" then Antivirus Soft started up. I'm running ESET NOD32 v4 and it did not catch it. Used malwarebytes to clean it up. Glad it's not just me...

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxfvxhjh (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxfvxhjh (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

I got the same message - just chalked it up to adobe being extra shitty (have a pdf open). Now I'm running malwarebytes to clean it up - Avira didn't pick anything up after the message, although I didn't get anything else after that. Regedit itsn't showing me having the same infected keys, might be safe.

Suspicious-Teach8788 · Mar 27, 2010

PM650 said:
I got the same message - just chalked it up to adobe being extra shitty (have a pdf open). Now I'm running malwarebytes to clean it up - Avira didn't pick anything up, although I didn't get anything else after the adobe message.

I figured NOD would pick that up like no other. i've NEVER had spyware issues at home since using ESET Smart Security.

Symantec at work doesn't relaly do anything. Viruses, sure, but not spyware.

Recommendations to anyone who's been hit:

1) Reboot into safe mode w/ networking
2) Run Malware Bytes/SuperAntiSpyware/HiJack This. I recommend running at least 2/3 of those. Typically I take the first two. SAS seems to get more than Malware Bytes in my experience, but I can't be certain.

I'm surprised how easy this thing got through Chrome though. I remember when I've gotten spyware before it used to be from IE6 and accidentally clicking YES on a dialogue menu. Interesting about Chrome though... Very interesting...

PM650 · Mar 27, 2010

Bleh. I just loaded a few more atot pages after reading some lengthy threads - got the adobe 3d message again. Malwarebytes didn't pick anything up with a full scan after the first hit, but I'm running it again anyways. No issues with actual malware yet even though Avira doesn't appear to be doing anything...

running ie8 btw

Locut0s · Mar 27, 2010

I've emailed Anand about it.

drnickriviera · Mar 27, 2010

DLeRium said:
I figured NOD would pick that up like no other. i've NEVER had spyware issues at home since using ESET Smart Security.

Symantec at work doesn't relaly do anything. Viruses, sure, but not spyware.

Recommendations to anyone who's been hit:

1) Reboot into safe mode w/ networking
2) Run Malware Bytes/SuperAntiSpyware/HiJack This. I recommend running at least 2/3 of those. Typically I take the first two. SAS seems to get more than Malware Bytes in my experience, but I can't be certain.

I'm surprised how easy this thing got through Chrome though. I remember when I've gotten spyware before it used to be from IE6 and accidentally clicking YES on a dialogue menu. Interesting about Chrome though... Very interesting...

I would also like to note these things enable a proxy. To update your spyware or get to the net you have to turn it off. control panel > internet options > connections tab > lan settings > uncheck proxy

Glad i'm not the only one. That's the last time I try to search for pictures of Mosh's feet! lol. I was reading the UFC thread when it hit me, wonder what specific ad it is.

SpatiallyAware · Mar 27, 2010

WTF I got popped too.

PC has no spyware, running updated nod32.

Booted up, opened FF, went to AT (no other sites/tabs), clicked a/v forums and got a PDF popup with some sort of '3d processing' error with a fake 'Ok' box.

Please get your advertisers under control, WTGDF.

techs · Mar 27, 2010

Just got an exploit warning. Switching to Firefox now.

Tempered81 · Mar 27, 2010

got the same warning on chrome on a few sites. Dunno what it is, but just started yesterday

lxskllr · Mar 27, 2010

I read an article on this recently(can't remember where) that said adservers have been getting hacked at an alarming rate. Legitimate sites all over the web have been serving up malicious ads from various sources. Ya gotta keep your guard up. You can't become complacent....

Spacehead · Mar 27, 2010

pyonir said:
FF with Adblock (enabled though) and have had no warnings or issues.

Same setup but with NoScript also. No problems...so far.

Shlong · Mar 27, 2010

Similar thing happened while browsing Dailytech, some anti-virus software started installing out of the blue. Quickly ended it in task manager and saw Acrobat was open (when it shouldn't have been)... probably an advertisement using an exploit through Acrobat. Removed all instances of the spyware so I'm good now, but users should watch out.

Czar · Mar 27, 2010

http://safebrowsing.clients.google....//www.anandtech.com/video/showdoc.aspx?i=3783

"What happened when Google visited this site?

Of the 25 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-27, and the last time suspicious content was found on this site was on 2010-03-26.

Malicious software includes 2 trojan(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including mjgjo.com/, googleanalyticz.com/, googleanalyticsz.com/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including whoiz.shit.la/.

This site was hosted on 1 network(s) including AS36643 (EICOMM)."

GTaudiophile · Mar 27, 2010

I am getting it on this page now:

http://www.anandtech.com/video/showdoc.aspx?i=3783

ElFenix · Mar 27, 2010

i got the same when i went to cpu-chipsets on the main page.

hacked adservers are a bad thing.

my sister got that fake anti-virus. it took a couple runs of mcafee and malwarebytes, but i think i cleared it all out. if you get it i would unplug myself from the internets asap because it will start trying to download other crap as well.

AnonymouseUser · Mar 27, 2010

Note to self: As soon as you get back to work, uninstall Adobe Acrobat Reader and install Foxit Reader.

Turin39789 · Mar 27, 2010

HeXen · Mar 27, 2010

It could be a Flash malware, many legit websites of course have flash ads that come from some AD company which sometimes tend to get hacked, so any website that presents such an Ad, then all of its users can be suspeptable. Chrome may be detecting some kind of problem like that i suppose, like an Ad trying to do something to get the user to click on it inadvertantly downloading it.

Ryan Smith · Mar 27, 2010

Just to erase all doubts, yes, we know about this. Our IT guys are hard at work on this, but they're still trying to track down the source. If any of you get the error, we'd really like to get the page source code.

DaveSimmons · Mar 27, 2010

I got the Adobe 3D error in Flash here in ATOT last night, but apparently it just crashed without delivering the trojan payload.

If this keeps up I may need to look into adblock

What the heck? Attack Site?

Diamond Member

Discussion Club Moderator<br>Elite Member

Diamond Member

Diamond Member

Elite Member

Elite Member

Senior member

Lifer

Senior member

Lifer

Platinum Member

Lifer

Lifer

Diamond Member

No Lifer

Lifer

Diamond Member

Lifer

Lifer

Elite Member

Diamond Member

Lifer

Diamond Member

The New Boss

Elite Member