[DigitalEl]

Checking out MacNN from work, as usual. I’m on a Windows box using Internet Explorer (don’t ask… I don’t know why we’re still using it here either). About 3 times this morning, my VirusScan popped up with the following:

Redo2[1].htm - JS/Noclose.gen - Trojan
Redo4[1].htm - Exploit-ByteVerify - Trojan
Z[1].htm - JS/Noclose.gen - Trojan

When this happens, a pop-under appears. WTF!? I didn’t think MacNN had pop-ups/pop-unders.

I defected from the Windows world before viruses became widespread and haven’t experienced this before. Is this common? Is it common when surfing MacNN?

Notes: Using Win2000 Professional and IE ver. 6.0 on a well-protected system. It’s very unlikely there’s a virus on this system.

[ghporter]

I'll bet those are from ads-which we have NO control over. If you could post what ads you saw when you got the notices, that would help.

I'm using a Windows machine running Firefox and Symantec AV right now and I haven't seen any intercept messages...maybe it's only on the news part and not the forums.

A minute later...

Nope, nothing when I hit the main site.

[DigitalEl]

Thanks, Glenn. It was right here in the Lounge where it happened. I can tell you what ad it is, b/c it's a reproduceable problem. The ad is for something called "e-researchgroup.com" and asks "Do you shop at Victoria's Secret? Answer now and receive a free $500 gift card." All you have to do is give them your e-mail address.

The a-holes who actually click on this stuff and participate .. thus making it profitable for the scammers and spammers to continue their work .. need to be rounded up and imprisoned in a 1982 library, b/c they obviously can't handle teh Internets.

Looking at my History, the addresses of this stuff are:

206.222.17.187
209.190.16.26
209.190.31.34
ads2.revenue.net

[ghporter]

I guess I lucked out and missed that one. I'll pass it on to the higher ups who can (I hope) get this seen to.

[DigitalEl]

Two weeks later and... It's Back!

Due to the lack of responses from anyone other than a mod, I guess no-one else is seeing this.

My VirusScan software detects "Exploit-ByteVerify" and "JS/Noclose.gen" trojans. It ONLY happens when surfing the MacNN Lounge. I work 12 hour shifts. I'm online ALL day. It only happens here in the Lounge.

The ads that comandeer my POS-PC are for the "Consumer Research Group" and invite me to take a survey. This time it's for a free Target gift card.

Here's the pathname, if that means anything to anyone:

C : \ Documents and Settings\My At Work UsernameLocal Settings\Temporary Internet Files\Content.IE5\G9MB0DYN\redo[1].htm

WTF?

[DigitalEl]

Also just got a "File Download" Windows dialogue box when clicking my MacNN Lounge bookmark. My choices are to Open, Save or Cancel the following:

File name: rsherm-728.js
File type: JScript Script File
From: images.macnn.com

There's a warning "This type of file could harm your computer if it contains malicious code." Of course I hit "Cancel."

[SpaceMonkey]

Yup. I constantly get the "File Download" Windows box when I'm surfing from work. At most it's like every third time I load a page. Very obnoxious.

[©öñFü$íóÑ]

ugh....... If you're at work, get your I.T. guys to fix the thing and to run regular maintenance checks every once in a while.

otherwise, if you're at home, i'd say do the following.....

1. back up all your work and stuff
2. wipe your hard drive (zero all.... -ALL- data)
3. reinstall your OS (windoze)
4. get all the needed security updates (especially XP SP2)
5. get FireFox, install it
6. get Ad-Aware SE, install that
7. get Spybot S&D (Search and Destroy), install that
8. Run Ad-Ware (update it first, then scan) and clear any and all the junk that's found
9. Run Spybot (update it first, then scan) and clear the stuff it finds. Then use that immunization thing that it provides.
10. Go to Windows's "System Restore" thing and create a 'Restore Point'. If anything ever goes wrong in the future, just revert back to this 'pristine', 'uncorrupted' state.

Lastly:
-> Be careful of the sites you visit and be selective with whatever Java and JavaScript options your preferred browser uses.