advertisingfeed.com scam

Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and
from there a screen tells me I have a problem and have to download
something, etc. An obvious trick if one is not a newbie.

Each time I have been in a totally reliable site and I get back to it
just by right clicking the Back arrow (in Firefox) and going back two
steps. This time I noted was was in between and it was
advertisingfeed.com.

Googling gives hits but no overall strategy. (There was a suggestion
to empty my cache and cookies and I did empty my cache.)

Should I write to the good site(s) that I started in so that maybe they
can stop letting this group "advertise" in their advertising? I've been
to the latest one many times and this has happened no more than 4 times
-- I don't remember where I had been on other occasions.

Or is there really nothing helpful I can do?

As long as they don't change the format of their malicious page,a white
box on a black screen with overly demanding instructions, I'm not likely
to make a mistake.


If I did make a mistake, maybe my finger was having a spasm**, I suppose
the best thing to do is unplug the back of the desktop computer???? If
that is good for a desktop, how do you make it turn off immediately on a
laptop?


**I used to try to play the piano, and there are places where your hand
is suppose to rock back and forth using alternately your little finger
and your thumb. Once I learned to do that, it was almost hard to stop!

In alt.comp.os.windows-10, on Thu, 10 Jan 2019 17:06:26 -0500, micky
wrote:

Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and
from there a screen tells me I have a problem and have to download
something, etc. An obvious trick if one is not a newbie.

Each time I have been in a totally reliable site and I get back to it
just by right clicking the Back arrow (in Firefox) and going back two
steps. This time I noted was was in between and it was
advertisingfeed.com.

Googling gives hits but no overall strategy. (There was a suggestion
to empty my cache and cookies and I did empty my cache.)

Should I write to the good site(s) that I started in so that maybe they
can stop letting this group "advertise" in their advertising? I've been
to the latest one many times and this has happened no more than 4 times
-- I don't remember where I had been on other occasions.

Or is there really nothing helpful I can do?

As long as they don't change the format of their malicious page,a white
box on a black screen with overly demanding instructions, I'm not likely
to make a mistake.


If I did make a mistake, maybe my finger was having a spasm**, I suppose
the best thing to do is unplug the back of the desktop computer???? If
that is good for a desktop, how do you make it turn off immediately on a
laptop?

BTW, I was on the phone and the good website was sitting there fine for
quite a while before the bad screen appeared. Is it possible for an
advertising section of a webpage to redirect the page to the malware?

Or is there html in the webpage itself that did this? If that's the
case, the owner of the webpage should surely be notified.


Also I meant to include that on one page when the complainer attempted
to include the url for advertisingfeed, his software wouldn't let him.


Then I found this at
https://slickdeals.net/f/12104452-sd...-malware-again

Quote from doublewood
Hey implode. Thanks for reporting this. We've blocked this URL from serving on Slickdeals

Can I block this url from running on my computer,and the other two
listed below? Apparently the url names don't cause the antivirus to
alert, even if maybe the final website or the download would? So I'd
like to stop this before it gets close.

Something about the HOSTS file?

and we've also scaled up our new scanning tool which also blocks bad ads before they're rendered. It's been quiet for a while so I think this is a temporary flare up that our new tool will help out with significantly.
And this morning as of 1!:04 CST

Code:

hzzps://www2.betterupdatedealflash.icu/?5fd4as6=FDyXk_w3218F4teTQPXVeg1gDLGYG8jK0k3UjhzCW clqcXxl2n8zr2RPBrVrtcuXV5pKQT85MtteGJnpXExxPA..&ci d=15393602092904050915153663175189135&pubid=180638 7-3979200730-0&v_id=-

Code:

hzzps://advertisingfeed.com/click?node=16&time=1539360180&id=62&pid=8&fid=8&si d=13342&rank=0&ad=eyJ0aXRsZSI6IiIsInVybCI6IiJ9

Code:

hzzp://nextoptim.com/script/packcpm.php?csid=1806387&md=1&s1=13342&stamat=m%7C %2C%2Cg3J-4iMmtGU3BP9GH0dEdHP3xP.86c%2Cm4w5Q8tNcpETiWOjm4sJG Or4KDFatga51POZ9CKgyT8GxyfnpuAVrNv7lr1k7k-SDYYF9VjpN41_4aXgxpaKfnCDgEmVrS7kLGFyzednCVxo0K4aG G0b1M-Hz9pJLyoreql81oIpe3jSwH2erEVTVQNCwNPL0nZxzvgPwZ_U_ y-panlaB0Ngv2Xs__CeNOJRVG_yuHciCODpOFLD3IbGo68xLTuRn CkTPPYm9iwWey-zeKJbRBnvcEvy-vv14qjtPZdfpA8abBLJOXHHxAQ_XpdskkJ6sMO63sOmPSUpQoo TRtzprCXanJJ-G6iYXHELhxLcCLXOqotAxnHlZCxQIP8DDAhxY2qMxl5xo9qJzm WuQbYsoF7DdJy5NS0DpTYMfH7Zopr8CLoqIbaXxGj65pFI1QLs RAe6O4yAnJu0.


It transferred very quickly though the three sites above....
Last edited by implode October 12, 2018 at 10:11 AM.

So mine too might going through those 3 sites but not leaving a record
for me?

On Thu, 10 Jan 2019 17:30:08 -0500, micky
wrote:


Can I block this url from running on my computer,and the other two
listed below? Apparently the url names don't cause the antivirus to
alert, even if maybe the final website or the download would? So I'd
like to stop this before it gets close.

Something about the HOSTS file?


Yes, you can block any sites you want in the hosts file. Put this
entry in the hosts file:

0.0.0.0 adrunnr.com

changing adrunnr.com to whatever URL you want to block.

micky wrote:
Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and
from there a screen tells me I have a problem and have to download
something, etc. An obvious trick if one is not a newbie.

Each time I have been in a totally reliable site and I get back to it
just by right clicking the Back arrow (in Firefox) and going back two
steps. This time I noted was was in between and it was
advertisingfeed.com.

Googling gives hits but no overall strategy. (There was a suggestion
to empty my cache and cookies and I did empty my cache.)

Should I write to the good site(s) that I started in so that maybe they
can stop letting this group "advertise" in their advertising? I've been
to the latest one many times and this has happened no more than 4 times
-- I don't remember where I had been on other occasions.

Or is there really nothing helpful I can do?

As long as they don't change the format of their malicious page,a white
box on a black screen with overly demanding instructions, I'm not likely
to make a mistake.


If I did make a mistake, maybe my finger was having a spasm**, I suppose
the best thing to do is unplug the back of the desktop computer???? If
that is good for a desktop, how do you make it turn off immediately on a
laptop?


**I used to try to play the piano, and there are places where your hand
is suppose to rock back and forth using alternately your little finger
and your thumb. Once I learned to do that, it was almost hard to stop!

That's probably resident on the machine now.

If you're going to be generating advertising revenue by
"replacing adverts" on the fly, you want that to be a
permanent fixture on the machine. Not something that only
loads when Yahoo News loads. It only makes sense to have
such an attack "burrow into" the computer.

Try to find a thread with matching symptoms.

https://www.bleepingcomputer.com/for...nfected/page-2

Adwcleaner used to be an independent tool, but it
was bought by Malwarebytes. It can do a scan for adware.
Maybe what you've got is classed as adware. If that
doesn't highlight anything, maybe an on-demand scan with
Malwarebytes itself might figure it out.

https://www.bleepingcomputer.com/download/adwcleaner/

Some browser attacks involve the addition of a few lines
to prefs.js on the browser. As an example of how they
can keep stuff between sessions. Adwcleaner examines the
contents of that file, for the presence of lines that don't
belong. Or at least, that's one of the things it used to do.

I'm no good at malware, but if there's anything I've learned,
it's that exploits are never simple. There's the "attack"
and there is the "backup system". You cure the "attack" and
the "backup system" restores it. Guaranteed to cause hair loss.

When a tool actually cures the problem, absolutely nobody
corrects the registry entry that kicks off the backup system.
If you see "cannot find abcdwxyz.exe" or the like, there's
a startup item that the AV removed, which can no longer be
found and executed. It's up to the user to remove the
registry entry that keeps asking for abcdwxyz (and this
is not always easy to do, as sometimes TrustedInstaller
owns the registry key).

Paul

"Ken Blake" wrote


Something about the HOSTS file?

|
Yes, you can block any sites you want in the hosts file. Put this
entry in the hosts file:

0.0.0.0 adrunnr.com
|

I've mentioned Acrylic DNS proxy here before, which
allows wildcards. The normal HOSTS file does not allow
wildcards and I don't think it will block the top domain.
In other words, if you use HOSTS you need to add any
relevant subdomain:

www.ads.com
ads.ads.com
etc.

I don't think it will block ads.com.

In some cases there are only one or two subdomains.
In other cases the subdomains are endless, generated
randomly.

In alt.comp.os.windows-10, on Thu, 10 Jan 2019 18:42:44 -0500, Paul
wrote:

micky wrote:
Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and
from there a screen tells me I have a problem and have to download
something, etc. An obvious trick if one is not a newbie.

Each time I have been in a totally reliable site and I get back to it
just by right clicking the Back arrow (in Firefox) and going back two
steps. This time I noted was was in between and it was
advertisingfeed.com.

Googling gives hits but no overall strategy. (There was a suggestion
to empty my cache and cookies and I did empty my cache.)

Should I write to the good site(s) that I started in so that maybe they
can stop letting this group "advertise" in their advertising? I've been
to the latest one many times and this has happened no more than 4 times
-- I don't remember where I had been on other occasions.

Or is there really nothing helpful I can do?

As long as they don't change the format of their malicious page,a white
box on a black screen with overly demanding instructions, I'm not likely
to make a mistake.


If I did make a mistake, maybe my finger was having a spasm**, I suppose
the best thing to do is unplug the back of the desktop computer???? If
that is good for a desktop, how do you make it turn off immediately on a
laptop?


**I used to try to play the piano, and there are places where your hand
is suppose to rock back and forth using alternately your little finger
and your thumb. Once I learned to do that, it was almost hard to stop!

That's probably resident on the machine now.

If you're going to be generating advertising revenue by
"replacing adverts" on the fly, you want that to be a
permanent fixture on the machine. Not something that only
loads when Yahoo News loads. It only makes sense to have
such an attack "burrow into" the computer.

Try to find a thread with matching symptoms.

https://www.bleepingcomputer.com/for...nfected/page-2

Sounds creepy.

Adwcleaner used to be an independent tool, but it
was bought by Malwarebytes. It can do a scan for adware.
Maybe what you've got is classed as adware. If that
doesn't highlight anything, maybe an on-demand scan with
Malwarebytes itself might figure it out.

I did that. See below.

https://www.bleepingcomputer.com/download/adwcleaner/

Some browser attacks involve the addition of a few lines
to prefs.js on the browser. As an example of how they
can keep stuff between sessions. Adwcleaner examines the
contents of that file, for the presence of lines that don't
belong. Or at least, that's one of the things it used to do.

I'm no good at malware, but if there's anything I've learned,
it's that exploits are never simple. There's the "attack"
and there is the "backup system". You cure the "attack" and
the "backup system" restores it. Guaranteed to cause hair loss.

When a tool actually cures the problem, absolutely nobody
corrects the registry entry that kicks off the backup system.
If you see "cannot find abcdwxyz.exe" or the like, there's
a startup item that the AV removed, which can no longer be
found and executed. It's up to the user to remove the
registry entry that keeps asking for abcdwxyz (and this
is not always easy to do, as sometimes TrustedInstaller
owns the registry key).

Paul

Thanks, and thanks Ken, and Mayayana.

I decided to scan the computer with Malwarebytes and when it started it,
it told me the last scan was about 5 weeks ago, and I remember that the
last time I had this malicious webpage. So if it's only every 5 weeks,
I can tolerate that for a while.

I got new definitions and scanned 333,333 or so objects and it found
nothing wrong. Now I remember that last time it did find some things
but none I thought was the cause of the screen described here. I
deleted all of them and they're not back.

It also suggested I dl the new version of the free version, and I did
that first, and it turns out now I have 2 free weeks of the pro version.
I think it's $40 for one computer per year. Is it worth it, if not for
me, for you guys?

micky wrote:
In alt.comp.os.windows-10, on Thu, 10 Jan 2019 18:42:44 -0500, Paul
wrote:

micky wrote:
Three or 4 times, I've gotten "redirected" to advertisingfeed.com, and
from there a screen tells me I have a problem and have to download
something, etc. An obvious trick if one is not a newbie.

Each time I have been in a totally reliable site and I get back to it
just by right clicking the Back arrow (in Firefox) and going back two
steps. This time I noted was was in between and it was
advertisingfeed.com.

Googling gives hits but no overall strategy. (There was a suggestion
to empty my cache and cookies and I did empty my cache.)

Should I write to the good site(s) that I started in so that maybe they
can stop letting this group "advertise" in their advertising? I've been
to the latest one many times and this has happened no more than 4 times
-- I don't remember where I had been on other occasions.

Or is there really nothing helpful I can do?

As long as they don't change the format of their malicious page,a white
box on a black screen with overly demanding instructions, I'm not likely
to make a mistake.


If I did make a mistake, maybe my finger was having a spasm**, I suppose
the best thing to do is unplug the back of the desktop computer???? If
that is good for a desktop, how do you make it turn off immediately on a
laptop?


**I used to try to play the piano, and there are places where your hand
is suppose to rock back and forth using alternately your little finger
and your thumb. Once I learned to do that, it was almost hard to stop!
That's probably resident on the machine now.

If you're going to be generating advertising revenue by
"replacing adverts" on the fly, you want that to be a
permanent fixture on the machine. Not something that only
loads when Yahoo News loads. It only makes sense to have
such an attack "burrow into" the computer.

Try to find a thread with matching symptoms.

https://www.bleepingcomputer.com/for...nfected/page-2

Sounds creepy.

Adwcleaner used to be an independent tool, but it
was bought by Malwarebytes. It can do a scan for adware.
Maybe what you've got is classed as adware. If that
doesn't highlight anything, maybe an on-demand scan with
Malwarebytes itself might figure it out.

I did that. See below.

https://www.bleepingcomputer.com/download/adwcleaner/

Some browser attacks involve the addition of a few lines
to prefs.js on the browser. As an example of how they
can keep stuff between sessions. Adwcleaner examines the
contents of that file, for the presence of lines that don't
belong. Or at least, that's one of the things it used to do.

I'm no good at malware, but if there's anything I've learned,
it's that exploits are never simple. There's the "attack"
and there is the "backup system". You cure the "attack" and
the "backup system" restores it. Guaranteed to cause hair loss.

When a tool actually cures the problem, absolutely nobody
corrects the registry entry that kicks off the backup system.
If you see "cannot find abcdwxyz.exe" or the like, there's
a startup item that the AV removed, which can no longer be
found and executed. It's up to the user to remove the
registry entry that keeps asking for abcdwxyz (and this
is not always easy to do, as sometimes TrustedInstaller
owns the registry key).

Paul

Thanks, and thanks Ken, and Mayayana.

I decided to scan the computer with Malwarebytes and when it started it,
it told me the last scan was about 5 weeks ago, and I remember that the
last time I had this malicious webpage. So if it's only every 5 weeks,
I can tolerate that for a while.

I got new definitions and scanned 333,333 or so objects and it found
nothing wrong. Now I remember that last time it did find some things
but none I thought was the cause of the screen described here. I
deleted all of them and they're not back.

It also suggested I dl the new version of the free version, and I did
that first, and it turns out now I have 2 free weeks of the pro version.
I think it's $40 for one computer per year. Is it worth it, if not for
me, for you guys?

As long as the Pro Trial reverts to the On Demand Scanner,
I wouldn't be too upset.

https://support.malwarebytes.com/docs/DOC-1033

*******

Maybe eventually you'll figure out what "class"
this "advertisingfeed" pest is in. It's hard to believe this
is just "leakage" from an advertising attack. (Someone buys a
block of ads, and injects this crap into it.)

https://niketalk.com/threads/redirec...-virus.675186/

"I found a temporary solution to combat the annoying redirect
ads on mobile.

If you have an Android device and you're using Chrome browser,
copy and paste this link into your broswer:

chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture
"

The keyword there is "sameorigin". You'd want an equivalent
kind of thing with the browser you're currently using, so
that random redirection isn't possible. Maybe its called
an "Origin Policy" or something.

accessibility.blockautorefresh true

https://www.thewindowsclub.com/stop-...chrome-firefox

Somehow blockautorefresh just doesn't sound fancy enough.
There's got to be some other setting for this sort of thing.

Paul