If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
advertisingfeed.com scam
Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and
from there a screen tells me I have a problem and have to download something, etc. An obvious trick if one is not a newbie. Each time I have been in a totally reliable site and I get back to it just by right clicking the Back arrow (in Firefox) and going back two steps. This time I noted was was in between and it was advertisingfeed.com. Googling gives hits but no overall strategy. (There was a suggestion to empty my cache and cookies and I did empty my cache.) Should I write to the good site(s) that I started in so that maybe they can stop letting this group "advertise" in their advertising? I've been to the latest one many times and this has happened no more than 4 times -- I don't remember where I had been on other occasions. Or is there really nothing helpful I can do? As long as they don't change the format of their malicious page,a white box on a black screen with overly demanding instructions, I'm not likely to make a mistake. If I did make a mistake, maybe my finger was having a spasm**, I suppose the best thing to do is unplug the back of the desktop computer???? If that is good for a desktop, how do you make it turn off immediately on a laptop? **I used to try to play the piano, and there are places where your hand is suppose to rock back and forth using alternately your little finger and your thumb. Once I learned to do that, it was almost hard to stop! |
Ads |
#2
|
|||
|
|||
advertisingfeed.com scam
In alt.comp.os.windows-10, on Thu, 10 Jan 2019 17:06:26 -0500, micky
wrote: Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and from there a screen tells me I have a problem and have to download something, etc. An obvious trick if one is not a newbie. Each time I have been in a totally reliable site and I get back to it just by right clicking the Back arrow (in Firefox) and going back two steps. This time I noted was was in between and it was advertisingfeed.com. Googling gives hits but no overall strategy. (There was a suggestion to empty my cache and cookies and I did empty my cache.) Should I write to the good site(s) that I started in so that maybe they can stop letting this group "advertise" in their advertising? I've been to the latest one many times and this has happened no more than 4 times -- I don't remember where I had been on other occasions. Or is there really nothing helpful I can do? As long as they don't change the format of their malicious page,a white box on a black screen with overly demanding instructions, I'm not likely to make a mistake. If I did make a mistake, maybe my finger was having a spasm**, I suppose the best thing to do is unplug the back of the desktop computer???? If that is good for a desktop, how do you make it turn off immediately on a laptop? BTW, I was on the phone and the good website was sitting there fine for quite a while before the bad screen appeared. Is it possible for an advertising section of a webpage to redirect the page to the malware? Or is there html in the webpage itself that did this? If that's the case, the owner of the webpage should surely be notified. Also I meant to include that on one page when the complainer attempted to include the url for advertisingfeed, his software wouldn't let him. Then I found this at https://slickdeals.net/f/12104452-sd...-malware-again Quote from doublewood Hey implode. Thanks for reporting this. We've blocked this URL from serving on Slickdeals Can I block this url from running on my computer,and the other two listed below? Apparently the url names don't cause the antivirus to alert, even if maybe the final website or the download would? So I'd like to stop this before it gets close. Something about the HOSTS file? and we've also scaled up our new scanning tool which also blocks bad ads before they're rendered. It's been quiet for a while so I think this is a temporary flare up that our new tool will help out with significantly. And this morning as of 1!:04 CST Code: hzzps://www2.betterupdatedealflash.icu/?5fd4as6=FDyXk_w3218F4teTQPXVeg1gDLGYG8jK0k3UjhzCW clqcXxl2n8zr2RPBrVrtcuXV5pKQT85MtteGJnpXExxPA..&ci d=15393602092904050915153663175189135&pubid=180638 7-3979200730-0&v_id=- Code: hzzps://advertisingfeed.com/click?node=16&time=1539360180&id=62&pid=8&fid=8&si d=13342&rank=0&ad=eyJ0aXRsZSI6IiIsInVybCI6IiJ9 Code: hzzp://nextoptim.com/script/packcpm.php?csid=1806387&md=1&s1=13342&stamat=m%7C %2C%2Cg3J-4iMmtGU3BP9GH0dEdHP3xP.86c%2Cm4w5Q8tNcpETiWOjm4sJG Or4KDFatga51POZ9CKgyT8GxyfnpuAVrNv7lr1k7k-SDYYF9VjpN41_4aXgxpaKfnCDgEmVrS7kLGFyzednCVxo0K4aG G0b1M-Hz9pJLyoreql81oIpe3jSwH2erEVTVQNCwNPL0nZxzvgPwZ_U_ y-panlaB0Ngv2Xs__CeNOJRVG_yuHciCODpOFLD3IbGo68xLTuRn CkTPPYm9iwWey-zeKJbRBnvcEvy-vv14qjtPZdfpA8abBLJOXHHxAQ_XpdskkJ6sMO63sOmPSUpQoo TRtzprCXanJJ-G6iYXHELhxLcCLXOqotAxnHlZCxQIP8DDAhxY2qMxl5xo9qJzm WuQbYsoF7DdJy5NS0DpTYMfH7Zopr8CLoqIbaXxGj65pFI1QLs RAe6O4yAnJu0. It transferred very quickly though the three sites above.... Last edited by implode October 12, 2018 at 10:11 AM. So mine too might going through those 3 sites but not leaving a record for me? |
#3
|
|||
|
|||
advertisingfeed.com scam
On Thu, 10 Jan 2019 17:30:08 -0500, micky
wrote: Can I block this url from running on my computer,and the other two listed below? Apparently the url names don't cause the antivirus to alert, even if maybe the final website or the download would? So I'd like to stop this before it gets close. Something about the HOSTS file? Yes, you can block any sites you want in the hosts file. Put this entry in the hosts file: 0.0.0.0 adrunnr.com changing adrunnr.com to whatever URL you want to block. |
#4
|
|||
|
|||
advertisingfeed.com scam
micky wrote:
Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and from there a screen tells me I have a problem and have to download something, etc. An obvious trick if one is not a newbie. Each time I have been in a totally reliable site and I get back to it just by right clicking the Back arrow (in Firefox) and going back two steps. This time I noted was was in between and it was advertisingfeed.com. Googling gives hits but no overall strategy. (There was a suggestion to empty my cache and cookies and I did empty my cache.) Should I write to the good site(s) that I started in so that maybe they can stop letting this group "advertise" in their advertising? I've been to the latest one many times and this has happened no more than 4 times -- I don't remember where I had been on other occasions. Or is there really nothing helpful I can do? As long as they don't change the format of their malicious page,a white box on a black screen with overly demanding instructions, I'm not likely to make a mistake. If I did make a mistake, maybe my finger was having a spasm**, I suppose the best thing to do is unplug the back of the desktop computer???? If that is good for a desktop, how do you make it turn off immediately on a laptop? **I used to try to play the piano, and there are places where your hand is suppose to rock back and forth using alternately your little finger and your thumb. Once I learned to do that, it was almost hard to stop! That's probably resident on the machine now. If you're going to be generating advertising revenue by "replacing adverts" on the fly, you want that to be a permanent fixture on the machine. Not something that only loads when Yahoo News loads. It only makes sense to have such an attack "burrow into" the computer. Try to find a thread with matching symptoms. https://www.bleepingcomputer.com/for...nfected/page-2 Adwcleaner used to be an independent tool, but it was bought by Malwarebytes. It can do a scan for adware. Maybe what you've got is classed as adware. If that doesn't highlight anything, maybe an on-demand scan with Malwarebytes itself might figure it out. https://www.bleepingcomputer.com/download/adwcleaner/ Some browser attacks involve the addition of a few lines to prefs.js on the browser. As an example of how they can keep stuff between sessions. Adwcleaner examines the contents of that file, for the presence of lines that don't belong. Or at least, that's one of the things it used to do. I'm no good at malware, but if there's anything I've learned, it's that exploits are never simple. There's the "attack" and there is the "backup system". You cure the "attack" and the "backup system" restores it. Guaranteed to cause hair loss. When a tool actually cures the problem, absolutely nobody corrects the registry entry that kicks off the backup system. If you see "cannot find abcdwxyz.exe" or the like, there's a startup item that the AV removed, which can no longer be found and executed. It's up to the user to remove the registry entry that keeps asking for abcdwxyz (and this is not always easy to do, as sometimes TrustedInstaller owns the registry key). Paul |
#5
|
|||
|
|||
advertisingfeed.com scam
"Ken Blake" wrote
Something about the HOSTS file? | Yes, you can block any sites you want in the hosts file. Put this entry in the hosts file: 0.0.0.0 adrunnr.com | I've mentioned Acrylic DNS proxy here before, which allows wildcards. The normal HOSTS file does not allow wildcards and I don't think it will block the top domain. In other words, if you use HOSTS you need to add any relevant subdomain: www.ads.com ads.ads.com etc. I don't think it will block ads.com. In some cases there are only one or two subdomains. In other cases the subdomains are endless, generated randomly. |
#6
|
|||
|
|||
advertisingfeed.com scam
In alt.comp.os.windows-10, on Thu, 10 Jan 2019 18:42:44 -0500, Paul
wrote: micky wrote: Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and from there a screen tells me I have a problem and have to download something, etc. An obvious trick if one is not a newbie. Each time I have been in a totally reliable site and I get back to it just by right clicking the Back arrow (in Firefox) and going back two steps. This time I noted was was in between and it was advertisingfeed.com. Googling gives hits but no overall strategy. (There was a suggestion to empty my cache and cookies and I did empty my cache.) Should I write to the good site(s) that I started in so that maybe they can stop letting this group "advertise" in their advertising? I've been to the latest one many times and this has happened no more than 4 times -- I don't remember where I had been on other occasions. Or is there really nothing helpful I can do? As long as they don't change the format of their malicious page,a white box on a black screen with overly demanding instructions, I'm not likely to make a mistake. If I did make a mistake, maybe my finger was having a spasm**, I suppose the best thing to do is unplug the back of the desktop computer???? If that is good for a desktop, how do you make it turn off immediately on a laptop? **I used to try to play the piano, and there are places where your hand is suppose to rock back and forth using alternately your little finger and your thumb. Once I learned to do that, it was almost hard to stop! That's probably resident on the machine now. If you're going to be generating advertising revenue by "replacing adverts" on the fly, you want that to be a permanent fixture on the machine. Not something that only loads when Yahoo News loads. It only makes sense to have such an attack "burrow into" the computer. Try to find a thread with matching symptoms. https://www.bleepingcomputer.com/for...nfected/page-2 Sounds creepy. Adwcleaner used to be an independent tool, but it was bought by Malwarebytes. It can do a scan for adware. Maybe what you've got is classed as adware. If that doesn't highlight anything, maybe an on-demand scan with Malwarebytes itself might figure it out. I did that. See below. https://www.bleepingcomputer.com/download/adwcleaner/ Some browser attacks involve the addition of a few lines to prefs.js on the browser. As an example of how they can keep stuff between sessions. Adwcleaner examines the contents of that file, for the presence of lines that don't belong. Or at least, that's one of the things it used to do. I'm no good at malware, but if there's anything I've learned, it's that exploits are never simple. There's the "attack" and there is the "backup system". You cure the "attack" and the "backup system" restores it. Guaranteed to cause hair loss. When a tool actually cures the problem, absolutely nobody corrects the registry entry that kicks off the backup system. If you see "cannot find abcdwxyz.exe" or the like, there's a startup item that the AV removed, which can no longer be found and executed. It's up to the user to remove the registry entry that keeps asking for abcdwxyz (and this is not always easy to do, as sometimes TrustedInstaller owns the registry key). Paul Thanks, and thanks Ken, and Mayayana. I decided to scan the computer with Malwarebytes and when it started it, it told me the last scan was about 5 weeks ago, and I remember that the last time I had this malicious webpage. So if it's only every 5 weeks, I can tolerate that for a while. I got new definitions and scanned 333,333 or so objects and it found nothing wrong. Now I remember that last time it did find some things but none I thought was the cause of the screen described here. I deleted all of them and they're not back. It also suggested I dl the new version of the free version, and I did that first, and it turns out now I have 2 free weeks of the pro version. I think it's $40 for one computer per year. Is it worth it, if not for me, for you guys? |
#7
|
|||
|
|||
advertisingfeed.com scam
micky wrote:
In alt.comp.os.windows-10, on Thu, 10 Jan 2019 18:42:44 -0500, Paul wrote: micky wrote: Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and from there a screen tells me I have a problem and have to download something, etc. An obvious trick if one is not a newbie. Each time I have been in a totally reliable site and I get back to it just by right clicking the Back arrow (in Firefox) and going back two steps. This time I noted was was in between and it was advertisingfeed.com. Googling gives hits but no overall strategy. (There was a suggestion to empty my cache and cookies and I did empty my cache.) Should I write to the good site(s) that I started in so that maybe they can stop letting this group "advertise" in their advertising? I've been to the latest one many times and this has happened no more than 4 times -- I don't remember where I had been on other occasions. Or is there really nothing helpful I can do? As long as they don't change the format of their malicious page,a white box on a black screen with overly demanding instructions, I'm not likely to make a mistake. If I did make a mistake, maybe my finger was having a spasm**, I suppose the best thing to do is unplug the back of the desktop computer???? If that is good for a desktop, how do you make it turn off immediately on a laptop? **I used to try to play the piano, and there are places where your hand is suppose to rock back and forth using alternately your little finger and your thumb. Once I learned to do that, it was almost hard to stop! That's probably resident on the machine now. If you're going to be generating advertising revenue by "replacing adverts" on the fly, you want that to be a permanent fixture on the machine. Not something that only loads when Yahoo News loads. It only makes sense to have such an attack "burrow into" the computer. Try to find a thread with matching symptoms. https://www.bleepingcomputer.com/for...nfected/page-2 Sounds creepy. Adwcleaner used to be an independent tool, but it was bought by Malwarebytes. It can do a scan for adware. Maybe what you've got is classed as adware. If that doesn't highlight anything, maybe an on-demand scan with Malwarebytes itself might figure it out. I did that. See below. https://www.bleepingcomputer.com/download/adwcleaner/ Some browser attacks involve the addition of a few lines to prefs.js on the browser. As an example of how they can keep stuff between sessions. Adwcleaner examines the contents of that file, for the presence of lines that don't belong. Or at least, that's one of the things it used to do. I'm no good at malware, but if there's anything I've learned, it's that exploits are never simple. There's the "attack" and there is the "backup system". You cure the "attack" and the "backup system" restores it. Guaranteed to cause hair loss. When a tool actually cures the problem, absolutely nobody corrects the registry entry that kicks off the backup system. If you see "cannot find abcdwxyz.exe" or the like, there's a startup item that the AV removed, which can no longer be found and executed. It's up to the user to remove the registry entry that keeps asking for abcdwxyz (and this is not always easy to do, as sometimes TrustedInstaller owns the registry key). Paul Thanks, and thanks Ken, and Mayayana. I decided to scan the computer with Malwarebytes and when it started it, it told me the last scan was about 5 weeks ago, and I remember that the last time I had this malicious webpage. So if it's only every 5 weeks, I can tolerate that for a while. I got new definitions and scanned 333,333 or so objects and it found nothing wrong. Now I remember that last time it did find some things but none I thought was the cause of the screen described here. I deleted all of them and they're not back. It also suggested I dl the new version of the free version, and I did that first, and it turns out now I have 2 free weeks of the pro version. I think it's $40 for one computer per year. Is it worth it, if not for me, for you guys? As long as the Pro Trial reverts to the On Demand Scanner, I wouldn't be too upset. https://support.malwarebytes.com/docs/DOC-1033 ******* Maybe eventually you'll figure out what "class" this "advertisingfeed" pest is in. It's hard to believe this is just "leakage" from an advertising attack. (Someone buys a block of ads, and injects this crap into it.) https://niketalk.com/threads/redirec...-virus.675186/ "I found a temporary solution to combat the annoying redirect ads on mobile. If you have an Android device and you're using Chrome browser, copy and paste this link into your broswer: chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture " The keyword there is "sameorigin". You'd want an equivalent kind of thing with the browser you're currently using, so that random redirection isn't possible. Maybe its called an "Origin Policy" or something. accessibility.blockautorefresh true https://www.thewindowsclub.com/stop-...chrome-firefox Somehow blockautorefresh just doesn't sound fancy enough. There's got to be some other setting for this sort of thing. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|