I was viewing a flash in IE7, since I've got enough tabs open in firefox that doing anything complicated with flash will crash it.

A flash banner ad opened a popup, which was bad enough, but then I got a popup outside of the browser, then a new icon in the system tray, then errors whenever I tried to open programs, as well as UAC elevation requests from the trojan.

It would close the task manager as soon as I opened it, so I had to log out and back in to catch it before it was running. Poking around in msconfig revealed its startup entry (in AppData/Local/[random string of letters]) which I nuked.

This box seems to be clean, but now I can't type a password on it until I reformat it.

Thanks, e621.

If you want me to disable adblock in firefox, perhaps you should try not infecting your users with spyware?

Why you have decided that e621 gave you a malware? If you are running system without antivirus, any of those million porn sites that you visit could do so.

Also, e621 is not using popups for ads

Also, you should be ashamed of yourself

Jazz said:
Why you have decided that e621 gave you a malware? If you are running system without antivirus, any of those million porn sites that you visit could do so.

Also, e621 is not using popups for ads

Also, you should be ashamed of yourself

This.

It technically is possible (but probably unlikely) for the ad to open a popup since the actual content of the ad isn't controlled by e621.

If you know which ad you think did it, you should contact one of the admins and tell them which one it was so they can look into it.

However it was probably something else that happened to happen while you were browsing the site.

Update: According to at least one other user an ad is doing something, so beware for the time being.

well, time to turn adblock back on, i love you e621, even with all your shinanigans, which is why i added this sit to the exception, but if theirs a risk, im not taking it.

Jazz said:
Why you have decided that e621 gave you a malware?

One tab open, to e621. Ad loads, popups appear, system infected. The causality seems plain.

If you are running system without antivirus

Antivirus? Have you not been paying attention for the last four years?

http://www.zdnet.com.au/signature-based-antivirus-is-dead-get-over-it-339288527.htm

Modern malware uses code obfuscation and randomly generated executable names to circumvent signature based antivirus, which is all antivirus.

Antivirus is broken. It doesn't work, and it hasn't worked for years.

olddoom said:
One tab open, to e621. Ad loads, popups appear, system infected. The causality seems plain.

Antivirus? Have you not been paying attention for the last four years?

http://www.zdnet.com.au/signature-based-antivirus-is-dead-get-over-it-339288527.htm

Modern malware uses code obfuscation and randomly generated executable names to circumvent signature based antivirus, which is all antivirus.

Antivirus is broken. It doesn't work, and it hasn't worked for years.

I think you haven't tried Kaspersky.

Fox2K9 said:
I think you haven't tried Kaspersky.

From kaspersky.com:

Kaspersky Anti-Virus offers signature-based protection from all known types of threats including viruses, worms, Trojans and bots.

signature-based

olddoom said:
WORDS WORDS WORDS

I think you're just continuing to prove yourself an idiot. O NOES MY BROWSER IS OPEN TO THE SITE IT MUST BE THIS O NOES. Even if you would open it to Google or FuckMeSideways.com, it'll do the same thing. Door's that way. ->

olddoom said:
Modern malware uses code obfuscation and randomly generated executable names to circumvent signature based antivirus, which is all antivirus.

Not all antivirus are plain signature-based, for a long time there is heuristic analysis also

Get over it, you're running system without any protection and could get virus everywhere.

I stuck it in virustotal.

http://www.virustotal.com/analisis/9b8d9ce38afafc8ac4b6c4a939913cc6849dca144ffa5aa05e26a9f28ea41486-1273733097

It did match a couple signatures, though Avast, AVG, Kaspersky, and Symantec would have missed it

olddoom said:
I stuck it in virustotal.

http://www.virustotal.com/analisis/9b8d9ce38afafc8ac4b6c4a939913cc6849dca144ffa5aa05e26a9f28ea41486-1273733097

It did match a couple signatures, though Avast, AVG, Kaspersky, and Symantec would have missed it

So you're not using any kind of protection? its like saying: You can't survive long in a fire with a fire suit, so why use it at all?

I turned AdBlock off for a bit, and clicked refresh a whole bunch of times. All I saw were ads like "Find a girl and fuck her tonite" and stuff. I will NEVER click on those, so I figured since I've gone through the full ad cycle of the site and haven't seen anything I'll ever click on, I'll just leave ABP on. Except BadDragon, but I already watch them on FA anyway.

Silent-Hunter said:
I turned AdBlock off for a bit, and clicked refresh a whole bunch of times. All I saw were ads like "Find a girl and fuck her tonite" and stuff. I will NEVER click on those, so I figured since I've gone through the full ad cycle of the site and haven't seen anything I'll ever click on, I'll just leave ABP on. Except BadDragon, but I already watch them on FA anyway.

Have fun being banned.

Silent-Hunter said:
I turned AdBlock off for a bit, and clicked refresh a whole bunch of times. All I saw were ads like "Find a girl and fuck her tonite" and stuff. I will NEVER click on those, so I figured since I've gone through the full ad cycle of the site and haven't seen anything I'll ever click on, I'll just leave ABP on. Except BadDragon, but I already watch them on FA anyway.

You are a terrible person and should feel bad about existing.

olddoom said:
SPYWARE AHHH

First off, you've got spyware, yes. It did not come from this site. If you think that popup spam is coming from this site, and not your malware infected, unprotected computer, you really need to learn to use a computer before getting on these newfangled internets.

Seriously, if you were any more full of shit, it would be coming out your ears. We don't even have any flash ads in our rotation. I know you're new here and all, being that your account is a week old, but come on now. Sorry buddy, but the problem is your spyware infested machine, not our site.

mellis said:
First off, you've got spyware, yes. It did not come from this site. If you think that popup spam is coming from this site, and not your malware infected, unprotected computer, you really need to learn to use a computer before getting on these newfangled internets.

Seriously, if you were any more full of shit, it would be coming out your ears. We don't even have any flash ads in our rotation. I know you're new here and all, being that your account is a week old, but come on now. Sorry buddy, but the problem is your spyware infested machine, not our site.

This. In fact, I'm betting trolls are spamming the 'e621 = virus' campaign.

Xaniseth said:
This. In fact, I'm betting trolls are spamming the 'e621 = virus' campaign.

godmotherfucking facepalm, please don't throw the troll card around, makes everyone sound stupid.

olddoom said:
since I've got enough tabs open in firefox that doing anything complicated with flash will crash it.

you shure non of those did it?

olddoom said:
I was viewing a flash in IE7

<em>*ahem* Well, there's your problem right there. IE7 has lots of vulnerabilities that have been fixed in IE8.

I imagine you got hit with something like this:
http://securitylabs.websense.com/content/Alerts/3061.aspx

Sorry I couldn't be of much help, I'm not some kind of computer-genius
-------------------

EDIT: Quit being assholes and quit assuming everyone is an e621-hating lying asshole that is trying to bash the site. He probably doesn't know where it came from, or doesn't know much about how viruses and such work.
It came up while he was surfing on here, so he just assumed it came from this site. For example: If a virus I was not aware of decided to suddenly pop up on YouTube, I would assume it came from YouTube. Then I would ask around, and do research and see if there was any problem with YouTube being infected with some kind of script...if not, then I would come to the conclusion that it was from my machine and not from YT...

On a poorly-protected windows PC running IE7, trying to pinpoint exactly where a specific virus or bit of spyware came from is like trying to figure out which raindrop made you wet when you went out in a thunderstorm with no umbrella.

Just use Norton. I've never had a virus alert from this site because there aren't any here.

norton is pretty heavy and at times stupid, but i agre, it works, like setting up a nail with a sandle

WolfieWolfie1992 said:
It came up while he was surfing on here, so he just assumed it came from this site.

Assumption was made in quite impolite way "Hey you did it on purpose. And I'll keep using adblock on your site for that" still telling that his machine is actualy a Petri dish for viruses.

If you're in need of a decent anti-virus, just snag Avast (http://www.avast.com/). It's free, and it's better than 90% of ones you'd actually have to pay for. Combine that with ZoneAlarm's Home Edition (http://www.zonealarm.com/), and you should be protected from any Spyware or Trojan's that you're likely to find. For extra protection, use Firefox and NoScript (http://noscript.net/), though you'll need to allow e621's ads.

olddoom said:
Antivirus? Have you not been paying attention for the last four years?

http://www.zdnet.com.au/signature-based-antivirus-is-dead-get-over-it-339288527.htm

Modern malware uses code obfuscation and randomly generated executable names to circumvent signature based antivirus, which is all antivirus.

Antivirus is broken. It doesn't work, and it hasn't worked for years.

Modern? Old viruses still exist ya know... Even if virus-protection is "broken" is there not any reason to use it anyways? β\

Personally, I don't think that you should trust any antivirus programs that you have to download. I buy mine from the store, so I know that it's legit.

Shatari is right.

Avast + Zone Alarm + Bit defender. As for the browser use Opera.

And northon is shit, takes too much resources.

Ultima_Weapon said:
Personally, I don't think that you should trust any antivirus programs that you have to download. I buy mine from the store, so I know that it's legit.

<em>What is this "buy" you speak off?</em> xD

Don't turn this thread into software holy war

Jazz said:
Don't turn this thread into software holy war

Thats how conversations go Jazzy man.

Ultima_Weapon said:
Personally, I don't think that you should trust any antivirus programs that you have to download. I buy mine from the store, so I know that it's legit.

<em>But you have money to spend $60 a year on antivirus. I don't, so...yharr-harr-fiddle-de-de, you know the rest.</em>

Ultima_Weapon said:
Personally, I don't think that you should trust any antivirus programs that you have to download. I buy mine from the store, so I know that it's legit.

You can buy ZoneAlarm and Avast on CDs, but those are the Business Editions. It's identical to the Home Editions; you're simply not supposed to use the free versions on office computers.

Further, you'd be better off looking up reviews and using the ones that are the highest rated by people who know what's important. In that case, ZoneAlarm and Avast are about as good as you're going to get.

Jazz said:
Don't turn this thread into software holy war

Jazz has the right idea.

what software works for you, awesome sauce. i think i'll give some of the programs mentioned a try, avg works nice, but i'm a bit unsecure now that i read that article.

WolfieWolfie1992 said:
<em>$60 a year on antivirus</em>

That's cheap as hell. I wish I could get a new X360 for $60. If you get allowance, or have a job, then $60 is nothing. You could always just sell plasma and sperm.

Ultima_Weapon said:
That's cheap as hell. I wish I could get a new X360 for $60. If you get allowance, or have a job, then $60 is nothing. You could always just sell plasma and sperm.

I was reading this half asleep, and 'plasma and sperm' ripped me out of it. Out of context it made for some truly odd Star Trek mental images.

Ultima_Weapon said:
That's cheap as hell. I wish I could get a new X360 for $60. If you get allowance, or have a job, then $60 is nothing. You could always just sell plasma and sperm.

Why not just sell your lung and a kidney. You will have anti virus protection till hell freezes over.

Ultima_Weapon said:
That's cheap as hell. I wish I could get a new X360 for $60. If you get allowance, or have a job, then $60 is nothing. You could always just sell plasma and sperm.

<em>It's called being smart with your money. I'd rather not spend $60 a year on antivirus when there are other more important things that need to be paid. Especially when there are plenty of legitimate free antivirus programs out there. End of discussion, KTHNXBAI</em>

<em>How is that the end of discussion when that wasn't the original topic to begin with? Has the original ad been found? if so the url would be much appreciate it so it can be added to adblock for future protection</em>

foxyfoxy1990 said:
<em>How is that the end of discussion when that wasn't the original topic to begin with? Has the original ad been found? if so the url would be much appreciate it so it can be added to adblock for future protection</em>

Workin' on it. I have an on-access scanner running as we speak.

http://img.recursodorsriper.com/img?UT4VKHJlCAMJX0FVHXUDKFIRYhZ7AQwISVwWEnYTUBsLR1Q/SFkBDChpfB1eABc=

This specific ad seems to trigger some sort of drive-by download whenever it comes up on e621, sad to say. (Tho it doesn't appear the link itself has any malware attached to it, also it might only work for me as that looks like a session cookie.)

Sadly the above mentioned ad seems to have been hijacked by some sort of PHP stealer.

Two processes start running as soon as the ad loads, A3Dsomethingorother.exe and java.exe, also some sort of apparently random file gets downloaded.

Second time this has happened for me, very sad to say, both times with the same banner ad from The Adult Toy Shoppe (Spring Fling!)

I have never saw such an add here on e621.

I examined the ad and it doesn't seem to be anything EXCEPT a simple jpeg..

theres ways to mount shit on jpegs

foxyfoxy1990 said:
theres ways to mount shit on jpegs

Oh, come on, tell us :))

http://lmgtfy.com/?q=join+exe+jpeg

foxyfoxy1990 said:
http://lmgtfy.com/?q=join+exe+jpeg

No, sorry, spamdex pages and five years old proof-of-concept exploit for IE, This is not serious.

You basically can't execute program when viewing image, except serious program flaws.

I let our ad provider know but I doubt anything'll come from it, frankly.

Valence said:
In browsing the site, my browser, lolifox 0.3.6, informed me that it wanted to install a missing plugin as one of the posts loaded. No harm happened to my computer, since nothing happened, but I thought it was noteworthy. Here's an IRC log with more information.

[14:31] <Valence_Desumo> okay, something is happening
[14:32] <Valence_Desumo> it wants me to install a 'missing plugin'
[14:34] <Valence_Desumo> e621, I mean
[14:34] <Valence_Desumo> it could be that ad fuss
[14:34] <Valence_Desumo> hold on
[14:34] <Valence_Desumo> http://i664.photobucket.com/albums/vv10/Ultimaximus/lolifoxad.png
[14:36] <Valence_Desumo> http://i664.photobucket.com/albums/vv10/Ultimaximus/advert.png
[14:36] <Valence_Desumo> clicking 'OK' to the Adobe error just sends it away
[14:36] <Valence_Desumo> I'd rather not install the plug-in, however
[14:39] <Valence_Desumo> Is there anything I should do about it?
[14:39] <Valence_Desumo> Need the source or something?
[14:44] <Valence_Desumo> In any case, here's the source
[14:44] <Valence_Desumo> http://e621.pastebin.com/AW18WHXy
[14:45] <Valence_Desumo> ad links to http://click.tripdamswilful.com/click?dRkCW3dIARUJX0FDSTQMXwEAYGd4AxISGQgOEQJDAVxXBwYlDAZHQCB1f3IRQjZJAWZHBUNAE1tFMVUbX0AkPzVAXB8AHFYOUx1Z
[14:45] <Valence_Desumo> dunno about actually going there..
[14:46] <Valence_Desumo> If that's it, then I guess I'll be on my merry fapping way then
[14:46] <Valence_Desumo> I'll be posting this log in the forum..

Scanned the website, doesn't seem malicious, and my on-access didn't pop anything. Also, lol @ lolifox.

It's possible to mount things... but the ability to do so now is dying slowly... If it happens again, to anyone reading this thread... send a link to the image, WITH A WARNING, to an administrator. and let them have a look :)

(Note from running my own websites... Never post viral links.. even with warnings.. other users will click it no matter what.)

i got the same Trojan when i popped in here, cleaned it, came back, ad reinstalled it as soon as i came back, had to clean it again. third time it tried to install from e621, i managed to kill java and Firefox before it finished.

what installed the Trojan was an advertisement using java 1.6, it installed a java applet in the background, which the Trojan used to get into my system.

looks similar to the old spy falcon Trojan, and the advert they were linking in the previous posts appears to be the one that does it every time.

Why the hell do you use gayfox? Use Opera damn it, and you will never have this problems, or report fake alarms.

Fox2K9 said:
Why the hell do you use gayfox? Use Opera damn it, and you will never have this problems, or report fake alarms.

Um.. if it was a java applet... it would of just worked around Opera :/

well its your own fault for using internet explorer "the worst browser on the net"
firefox never crashed for me and i always have a bunch of tabs open

and for the people before me: you know you can disable java in the browser right?

Fox2K9 said:
Why the hell do you use gayfox? Use Opera damn it, and you will never have this problems, or report fake alarms.

why use something flashy when you can use something that works

A follow-up, immediately upon opening two tabs in lolifox to posts, AVG came up:
http://i664.photobucket.com/albums/vv10/Ultimaximus/AVGe621.png

Not sure which tab it came from, so here's info on both:
http://click.wrothspacywaked.com/click?ATgfLWdXVBoJX0FDSTQMXwEAYGd4AxISGQgOEQJEBVxfBgYlDAZHQCB1f3IRQjZJAWZHBUNAHVZONUMWHVc/PQ==
http://d.adroll.com/r/XB4DK2XV25CEDBZPQIUW5F/SGWZAGC2SJCGTJGKIB22MV/c05b56b06092a4288afa869443f5824e.re?clickurl=http%253A%252F%252Fclick.adbrite.com%252Fmb%252Fclick.php%253Fsid%253D1347083%2526banner_id%253D13453616%2526variation_id%253D1751792%2526uts%253D1275137528%2526keyword_id%253D1474020%2526ab%253D168362035%2526sscup%253Dec359130fc5f316c765b5c65e9cc494a%2526sscra%253Db753d357c6850d256a9e65be53be00c2%2526ub%253D1196457877%2526guid%253Dbe03f7f2-267f-426b-8a4c-8506f4329bc3%2526odc%253Dvrx%2526rs%253Dtp%2526tgt%253Dhttp%25253A%25252F%25252Fwww.adbrite.com%25252Fmb%25252Fcommerce%25252Fpurchase_form.php%25253Fother_product_id%25253D1347083%2526sc%253D%2526adt%253D1%2526bg%253D12646792%2526rhash%253D36eb9b3d501fe4a5b678380740617095%2526zeid%253DcrystalBall2%2526nsscup%253D84ea4b2d6f7e2fde04333279e363a073%2526bkw%253D%2526r%253D
http://e621.pastebin.com/fvUG1A76

fartpaw_firekidney said:
why use something flashy when you can use something that works

Yes, exactly! Thats why i keep telling people, use Opera not LameFox.

Which knows to crash when you install too much USELESS plugins.

why use crapera when you can use winfox

i rather use an engine that works than a flashy engine that dies on me

i think a simpler rule would be "don't use a browser you don't know how to operate," but that's just me and my preference to avoid lame neologisms.

eh, i've used both, know how to use them, prefer firefox for stability and usability

Damn it, the real reason this thread is open in not 'hurr durr my browser preference is better then yours herp derp.' There is some stupid ad installing shit no one wants. It doesn't matter if it's Firefox, IE, Opera or fucking Netscape Navigator 1.3. Happened to me as well but I've purposefully shut out Java from working unless I manually open that shit. So thank you, op. Oh, and I had e621 open and only e621 open at the time, so it was this website.

Christ on a cracker.

how do you know you didn't already have it?

P.S. in my personal opinion, in which no one probably cares about, firefox is better than opera =)

i browse with a command line

So far as i saw, it happened only to users who use FireFox and InternetExplorer.

Fail browsers if you ask me.

But let it be, i wont argue about this nonsense and get blocked AGAIN! :/

null0100 said:
i browse with a command line

Lynx for the win!

[12:51] <ZV> Bad news. Malware.
[12:51] <ZV> One of the ads you're running is a drive-by download.
[12:51] <ZV> Getting a screenshot
[12:54] <ZV> http://img535.imageshack.us/img535/5721/e621mw.png
[13:05] <Quench> Someone actually provided useful info :O
[13:19] <ZV> I also have links to the ad
[13:19] <ZV> If needed

EDIT: Wait a minute. Previous ad attack on myself:

Valence said:
A follow-up, immediately upon opening two tabs in lolifox to posts, AVG came up:

Not sure which tab it came from, so here's info on both:
*more links*

As well as:

Minalkra said:
The ZeneRX ad is the one that is doing it for me.

I'd say it's a safe bet this is what is causing the issue, and hopefully the only one.

Fox2K9 said:
So far as i saw, it happened only to users who use FireFox and InternetExplorer.

Fail browsers if you ask me.

But let it be, i wont argue about this nonsense and get blocked AGAIN! :/

not to extend the argument, but to be fair firefox and IE have a lot more users then opera -.-

luvdaporn said:
not to extend the argument, but to be fair firefox and IE have a lot more users then opera -.-

But all those people (1 billion IE) are exposed to treats that Opera keeps you safe from.

I personally love Opera because it does not install some retarded add on bars and such stuff (one more reason why it has less n00b users but more pro ones), it is also much faster than FF on start up and browsing. When it crashes (im not saying it never crashes xD ) you can recover in just about 10 seconds with 10 tabs open. In FF you just get a sorry message and it restarts with a blank screen. Also Opera has more built in functions than FF and IE.
Also i know people like FF because of its plug in add ons, but seriously, why do you even need those?
Im guessing i just want functionality and fast browsing with out some Bandoo smiley's xD

Fox2K9 said:
But let it be, i wont argue about this nonsense and get blocked AGAIN! :/

I see.

I'm not planning on arguing, but I'd like to correct you on something. FireFox <i>does</i> save your tabs and let you restore them when it crashes. Hell, even if something <i>else</i> crashes and the computer locks up or reboots, you can still restore your tabs after you start FireFox. It's been been like that for years.

acct0283476 said:
I see.

I'm not planning on arguing, but I'd like to correct you on something. FireFox <i>does</i> save your tabs and let you restore them when it crashes. Hell, even if something <i>else</i> crashes and the computer locks up or reboots, you can still restore your tabs after you start FireFox. It's been been like that for years.

Its not how I noticed... It crashes and I was not able to restore a thing.

Fox2K9 said:
Its not how I noticed... It crashes and I was not able to restore a thing.

you should probably base your firefox argument on a more modern build than an antique, all those features are in firefox

fartpaw_firekidney said:
you should probably base your firefox argument on a more modern build than an antique, all those features are in firefox

That happened 3 months ago. If thats an antique version than really.

Fox2K9 said:
That happened 3 months ago. If thats an antique version than really.

Did you manually quit it? That's the only way Firefox would lose your tabs.

Marbles said:
Did you manually quit it? That's the only way Firefox would lose your tabs.

It crashed all of a sudden.