Issue: Site pop-up contains a rouge spyware program

[Shadow_Knux]

Hello Admins/Mods/Members/what-have-you.

I was browsing The PokeCommunity forums without being logged in, and a pop-up came up that was masquerading as an Anti-virus program. It was called Antivirus Soft, in case you've heard of it. Not thinking, I hit the 'x' on the window. Long story short, my computer is just recovering from an epic virus assault.

Just wanted to give you guys a heads-up, since it came from this site. It could have embedded itself somewhere in the coding. I was on the Tutorials board in the ROM Hacking section.

~S_K

[edit] My apologies, the title is supposed to be rogue not rouge. I don't think viruses have a color, lol.

 

[Alexeon]

Ah, I had a suspicion that the PokéCommunity forums was where I've been getting the Antispyware Soft trojan virus. I myself got it sometime Friday, put my laptop through several scans, and avoided using it myself for a few days...Only reason I'm comfortable being on the forums now is because I've gone and blocked all of Google's Ads. >.>

Just to explain how it all went about, I got the virus three times while browsing the forums. My antivirus software did alert me to the attack, but it didn't seem to stop it soon enough. After the alert, Java opened up, and shortly after, Antispyware Soft popped up, claiming my computer is infected, and showed a fake scan being done on my hard drive. Then it proceeded to block access to various programs and websites, claiming they're infected, all while continuously giving more fake infection popups, as well as opening up certain...inappropriate websites via Internet Explorer.

A quick System Restore and/or a scan with various malware detection programs will fix this, but this is still quite a problem. Hope this can be looked into~

 

[The Corrupt Plague]

If You have the Adblock Plus add on for Firefox, You don't have to deal with any virus ads. I have it enabled on every site because I don't want to take any chances.

 

[The Corrupt Plague]

But what about the ads that are at the top of every page you visit on this site? I've been getting a few "inappropriate" ads from Google. Apparently, someone is hi-jacking my internet.

Apparently so. The reason why I recommended Adblock Plus is because it is supposed to block those so you can't see them. If you do have it, then is it on? Also, did you mention porn ads? Those are usually a sign of adware, which is another type of virus.

 

[Shadow_Knux]

Thanks for the info, downloading Adblock Plus now.

As a fair trade for the knowledge of this add-on, here is how I rid myself of the Antivirus Soft virus:
1. Start windows in Safe Mode (sorry Mac users)
2. Disable the use of LAN proxies (this was enabled to prevent IE from going anywhere other than the Antivirus Soft homepage)
3. Clear temporary Internet files folder
4. Run Malwarebytes' Anti Malware virus scanner
5. Viola!

These steps are described in more detail in my link in the first post.

 

[Rukario]

First off, you DID NOT CATCH that virus from PC or one of the Google ads. (there are NO POPUPS at all) and all files are scanned.

Most likely you were already infected and the popups are a result of that. (run a good av/anti-malware app)

IF YOU SEE A POPUP or VIRUS-LADEN AD ANYWHERE ON PC, SCREENCAP IT, GET THE URL IF POSSIBLE and ANY and ALL INFO YOU CAN ON IT >> PC PAGE LINK, A VIEW SOURCE OF THE PC PAGE (saved as txt) ETC.

 

[Team_SJK]

Thanks for the info, downloading Adblock Plus now.

As a fair trade for the knowledge of this add-on, here is how I rid myself of the Antivirus Soft virus:
1. Start windows in Safe Mode (sorry Mac users)
2. Disable the use of LAN proxies (this was enabled to prevent IE from going anywhere other than the Antivirus Soft homepage)
3. Clear temporary Internet files folder
4. Run Malwarebytes' Anti Malware virus scanner
5. Viola!

These steps are described in more detail in my link in the first post.

There is hope for Mac users. I have been using a program called MacScan to make short work of spyware. MacScan is capable of removing spyware, tracking cookies (explained here on Wikipedia), key loggers, and other types of malware. Combined with Sophos Antivirus, you'll feel safer about using your Mac.

 

[Shadow_Knux]

First off, you DID NOT CATCH that virus from PC or one of the Google ads. (there are NO POPUPS at all) and all files are scanned.

Most likely you were already infected and the popups are a result of that. (run a good av/anti-malware app)

IF YOU SEE A POPUP or VIRUS-LADEN AD ANYWHERE ON PC, SCREENCAP IT, GET THE URL IF POSSIBLE and ANY and ALL INFO YOU CAN ON IT >> PC PAGE LINK, A VIEW SOURCE OF THE PC PAGE (saved as txt) ETC.

Sorry, but I did catch it from this site. Another user claims the same thing. I dislike arguing, but this website was the only site I was on when I caught it, and I had not used this computer 2 days prior to the infection. This computer is also my secondary computer, meaning I do not use it as much for the Internet and such. Sorry, it was from PC.

If it helps, this is the thread that the pop-up came up on:
https://www.pokecommunity.com/showthread.php?t=208429

[edit] Also, it wasn't exactly a normal pop-up. This did not come up in a separate Firefox window or tab, but rather it was locked onto this web page. Like, when you scrolled down, the pop-up scrolled down as well. Does that make sense?

 

[Alexeon]

Sorry if I gave the impression that I'm blaming PC. Just stating that I do believe I received the virus while I was viewing these forums. And I wouldn't speak out about it if it didn't happen multiple times, only when I came here, and not while going to any of the other sites I frequent.

But yea, the one Google Ad (and I mean the banner ad at the top of the page) that I do remember seeing one time I got the virus was an ad about something like "The Death of the PC". I searched about that, and I did see other cases of such an ad and accompanying virus problems. Though, to be honest, not enough examples for me to be sure of myself here. -_-

Each time I got the virus, I restored and scanned heavily, and I did remove the problems entirely. But since I'm almost always unsure of myself, I'll go ahead and remove my Google Ad block so that I may perhaps run into the virus once more, and possibly provide more details for you.

 

[Manganum]

Whaa-? I didn't think the Google ads up top would be able to send viruses...

 

[The Corrupt Plague]

There are a few bad eggs that manage to slip through. Before I started blocking all ads, I used to see ads for a fake Pokemon game called Pokemon World Online, which was a known Zango carrier.

 

[Rukario]

Sorry, but I did catch it from this site. Another user claims the same thing. I dislike arguing, but this website was the only site I was on when I caught it, and I had not used this computer 2 days prior to the infection. This computer is also my secondary computer, meaning I do not use it as much for the Internet and such. Sorry, it was from PC.

If it helps, this is the thread that the pop-up came up on:
https://www.pokecommunity.com/showthread.php?t=208429

[edit] Also, it wasn't exactly a normal pop-up. This did not come up in a separate Firefox window or tab, but rather it was locked onto this web page. Like, when you scrolled down, the pop-up scrolled down as well. Does that make sense?

It wasn't from here. we do not allow any kinds of intrusive, popup, scrolling ads at all. Google ads do not exhibit that kind of behavior as well. they are fixed on the page at the locations we set, only.

ALSO, don't confuse an ad for a shady product (i.e. zango, pc speed up crapware, etc.) as a virus giving ad.. you have to GET the product offered to become infected.. simply viewing the ads won't hurt anything for the most part (as someone said, there is always a chance a bad one gets thru)

It HAS to be some something else. so other source or previous infection that triggered on a keyword in that thread.

Like I said before, pc's files are scanned for malware, viruses, code modifications, and the like..
IF you see something bad, not quite right, popups, intrusive or scrolling ads, i need you to get a screen shot, and the page you were on's html code from view source.

 

[sab]

nothing i've seen so far, but there is always a chance that something might have slipped up. also is there a good adblocker for enternet explorer like adblock?

 

[Peeky Chew]

Is this the sort of add that you mean?

You should never click them, even if you think they've done nothing, they have.

 

[JakeyBoy]

No, I think they mean the one's that actually try to make you believe they are different windows. Usually they shake rapidly to get your attention, and all that. Like this one. Hitting the "x" just takes you to the same destination anyway. Thinking about looking for it myself.

 

[Rukario]

No, I think they mean the one's that actually try to make you believe they are different windows. Usually they shake rapidly to get your attention, and all that. Like this one. Hitting the "x" just takes you to the same destination anyway. Thinking about looking for it myself.

those will get you if you click them / install the 'product' not view.

PC DOESN'T SERVE that size add. ever. so if you saw it, it wasn't from here.

 

[Shadow_Knux]

It wasn't from here. we do not allow any kinds of intrusive, popup, scrolling ads at all. Google ads do not exhibit that kind of behavior as well. they are fixed on the page at the locations we set, only.

ALSO, don't confuse an ad for a shady product (i.e. zango, pc speed up crapware, etc.) as a virus giving ad.. you have to GET the product offered to become infected.. simply viewing the ads won't hurt anything for the most part (as someone said, there is always a chance a bad one gets thru)

This is not necessarily true. The virus makes you think you have a dangerous bug in order to get you to buy the product. From there, things may either get worse or actually improve for a bit. The worse part comes from clicking the ad. I admit that clicking on it was my own fault, but I'm certain that it came from here. I only want to help make PC safer...
Also, the virus could have been hiding in a faux-Google ad in order to trick you guys and the users.

@JakeyBoy: You're right, it looked like a different window. The actual picture is in the link in my original post. It was a really convincing one.https://www.pokecommunity.com/member.php?u=129937