-
Be sure to read this post! Beware of scammers. https://www.indianagunowners.com/threads/classifieds-new-online-payment-guidelines-rules-paypal-venmo-zelle-etc.511734/
Virus warning popup
- Thread starter Stainer
- Start date
The #1 community for Gun Owners in Indiana
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
TheEngineer
Expert
I got it too...using Google Chrome
It seems to have gone away though
It seems to have gone away though
With such vague information, it's hard to troubleshoot. We'll need to see the exact URL you're trying to access when you get the popup.
In virtually every case, it's not because of a virus. It's because someone linked a photo from a site that's on Safari or Chrome or Firefox's blacklist. But with tens of thousands of photos linked on INGO and hundreds of thousands of threads, you'll need to be a LOT more specific if you want help.
In virtually every case, it's not because of a virus. It's because someone linked a photo from a site that's on Safari or Chrome or Firefox's blacklist. But with tens of thousands of photos linked on INGO and hundreds of thousands of threads, you'll need to be a LOT more specific if you want help.
Here is the url from the popup I was getting yesterday while logged onto INGO. It's from a company called VoiceFive. Popped up 5 or 6 times. Its not malware or a virus or anything. Just some stupid advertising.
VoiceFive Survey
VoiceFive Survey
Sorry, I dont have that.
Not trying to be argumentative here, but this voicefive popup only came up when the INGO page was up and running. As soon as i closed it, the popups stopped and have not started back up. I've had the IT team run scans and there is no malware on my computer here at work. I did some research and found that this popup happens quite often on other forums.
I'm not sure what causes it, but its worth taking note. remember it happened the exact same time the other forum members were noting their popups. Doubtful that's coincidence.
Not trying to be argumentative here, but this voicefive popup only came up when the INGO page was up and running. As soon as i closed it, the popups stopped and have not started back up. I've had the IT team run scans and there is no malware on my computer here at work. I did some research and found that this popup happens quite often on other forums.
I'm not sure what causes it, but its worth taking note. remember it happened the exact same time the other forum members were noting their popups. Doubtful that's coincidence.
I get the warnings sporadically too. I know whats going on. (I do network engineering/security for a living)
What is happening is the vendor(s) that INGO uses for serving ads is the cause of the alerts. Here is how it works:
1. Bad guy contracts with ad provider to serve ads for his "product". He pays to have his ad shown on 1 out of every 5000 page views. (he has the ability to tweak his ads on his own after the fact and doesnt need to go back through the ad vendor to tweak it)
2. Ads start being served on various websites as expected.
3.Bad guy then changes the ad to redirect to malicious code that tries to infect your PC with malware.
4. Random users start complaining to INGO admins about virus popups but since its only 1 out of every 5000 views its hard to track.
What is happening is the vendor(s) that INGO uses for serving ads is the cause of the alerts. Here is how it works:
1. Bad guy contracts with ad provider to serve ads for his "product". He pays to have his ad shown on 1 out of every 5000 page views. (he has the ability to tweak his ads on his own after the fact and doesnt need to go back through the ad vendor to tweak it)
2. Ads start being served on various websites as expected.
3.Bad guy then changes the ad to redirect to malicious code that tries to infect your PC with malware.
4. Random users start complaining to INGO admins about virus popups but since its only 1 out of every 5000 views its hard to track.
I get the warnings sporadically too. I know whats going on. (I do network engineering/security for a living)
What is happening is the vendor(s) that INGO uses for serving ads is the cause of the alerts. Here is how it works:
1. Bad guy contracts with ad provider to serve ads for his "product". He pays to have his ad shown on 1 out of every 5000 page views. (he has the ability to tweak his ads on his own after the fact and doesnt need to go back through the ad vendor to tweak it)
2. Ads start being served on various websites as expected.
3.Bad guy then changes the ad to redirect to malicious code that tries to infect your PC with malware.
4. Random users start complaining to INGO admins about virus popups but since its only 1 out of every 5000 views its hard to track.
To clarify, this isnt anything INGO can control directly (other than change ad providers) and isnt limited to smaller sites. I get the same crap from major sites like Fox, CNN, etc. Its just the name of the game unfortunately.
I get the warnings sporadically too. I know whats going on. (I do network engineering/security for a living)
What is happening is the vendor(s) that INGO uses for serving ads is the cause of the alerts. Here is how it works:
1. Bad guy contracts with ad provider to serve ads for his "product". He pays to have his ad shown on 1 out of every 5000 page views. (he has the ability to tweak his ads on his own after the fact and doesnt need to go back through the ad vendor to tweak it)
2. Ads start being served on various websites as expected.
3.Bad guy then changes the ad to redirect to malicious code that tries to infect your PC with malware.
4. Random users start complaining to INGO admins about virus popups but since its only 1 out of every 5000 views its hard to track.
I capture them sporadically as well and the info here is essentially correct. It's coming from the ads.
I'm using Firefox and just found a feature where it shows a little more about what goes on in the background. On about 1 out of every 4-8 pages I open on INGO I get "Firefox prevented this page from automatically redirecting to another page". It is just a banner at the top of the page, doesn't prevent the page from loading or anything...just a notice and an option to "allow".
Is this the same thing happening that you guys are talking about?
Is this the same thing happening that you guys are talking about?
ashby koss
Shooter
99.999% of the time this is where these things come from. I've not had a single pop-up regarding INGO and this is across 2 work computer, and 5 home computers. Mixes of Windows, Linux, and Mac.
May not be from INGO, but I got this popup the moment the index page loaded AFTER logging in (I hit the index initially, not logged in, no popup); not sure what difference authentication might make...could be just a fun coincidence.
Using Firefox 20.0.1
Here are the details as reported by Norton...
EDIT: Full URL reported as "76.74.152.32/xvwhyr/ncycxf.php?zid=f8LDYYonhxLC/HCmr6Xukn4wUcz20Vh3hFwAYVH0pqSqE8fIdFD30UNs/coAafgfVLsSCOq0U2m5PmfGGQUsaN3P7eFp9sz7ww39geNAB27sQ9y13Gt7CD9JRpN2/3odI98nWQhYYmnlkxtpJPC6aGCE"
Using Firefox 20.0.1
Here are the details as reported by Norton...
EDIT: Full URL reported as "76.74.152.32/xvwhyr/ncycxf.php?zid=f8LDYYonhxLC/HCmr6Xukn4wUcz20Vh3hFwAYVH0pqSqE8fIdFD30UNs/coAafgfVLsSCOq0U2m5PmfGGQUsaN3P7eFp9sz7ww39geNAB27sQ9y13Gt7CD9JRpN2/3odI98nWQhYYmnlkxtpJPC6aGCE"
Last edited:
I understand...I think cameramonkey hit it on the nose...
The only way to have a chance to trace it back would be to capture the ads on the page when the popup hits...since most folks will come here to report it without thinking to do that, it's unlikely you'd be able to report the potentially offending ad, as the ad rotator will have a different ad even when you try to go back as the authentication is posted to the server again...
If it happens again, I'll try to remember to capture that so you can pass the info to the ad provider, should you choose to do so.
I just received the following alert from Avast while viewing this thread.
Infection Details
[noparse="http://76.74.152.32/xvwhyr/ncycxf.php?zid"]URL:http://76.74.152.32/xvwhyr/ncycxf.php?zid[/noparse]
Process:C:\Program Files\Internet Explorer\iexplore.exe
Infection:URL:Mal
Infection Details
[noparse="http://76.74.152.32/xvwhyr/ncycxf.php?zid"]URL:http://76.74.152.32/xvwhyr/ncycxf.php?zid[/noparse]
Process:C:\Program Files\Internet Explorer\iexplore.exe
Infection:URL:Mal
Same IP as what I posted...Did you happen to notice which banner ad was at the top of the page?
Site Supporter
Members online
- syntax357
- INgunowner
- wtfd661
- indyartisan
- radar8756
- DeagonKennels
- bwframe
- HoosierHunter07
- gassprint1
- ditcherman
- tmschuller
- user11230706
- BehindBlueI's
- Rafterman
- Squid556
- tca1352
- nbunga
- 92064
- Jomibe
- Farmerjon
- lance
- typarker
- Jkwrangler70
- garagegunmaker
- Timjoebillybob
- 6mm
- devildog178
- charley59
- SnoopLoggyDog
- GSPBirdDog
- jsn_mooney
- SEIndSAM
- Tomahawkman
