Question Malware problem

mom of six · Oct 29, 2014

For the last couple of weeks I have been having trouble with a virus or worm redirecting me to an Adobe Flash Player pro upgrade page. I know that it is junk but despite running scans and deleting unwanted files from the computer it keeps popping up. 99% of the time it pops up when I am viewing threads on CHAT. It happened today but my malware blocker caught it.

Are any of the ads that run on the page malware feeders? Like when you unknowingly run your mouse over the ad it gives it them freedom to download things to your computer?

Anyone else having this problem?

SafeDad · Oct 29, 2014

The server is confirmed clear of any malware or malicious scripts. It is possible, but unlikely, that a rogue ad made it through the network somehow, but the ad networks here are all very reputable with reputable advertisers. No pop-ups, pop-unders or other aggressive ads are allowed. The only thing that is allowed are ads that start a video or audio clip after you hold the mouse over them for a few seconds. Those videos should appear in the ad here at car-seat.org, though, not redirect you elsewhere.

Most cases in the past have been malware related. Some are browser add-ons, which may be overlooked by security software as something you intentionally installed. Others miss it altogether so you may have to find something with manual instructions to remove it. First, you may find some ideas on what to look for and how to remove it with this google search:

https://www.google.com/search?q=adobe+flash+upgrade+redirect

Here are some other threads on the topic in general:

http://www.car-seat.org/showthread.php?t=260293

http://www.car-seat.org/showthread.php?t=261474

If anyone does notice this happen when a particular advertisement is present, please post where the ad was located, a screenshot if possible, and also where you were redirected. If you do find the culprit, please post, as this affects members from time to time.

mom of six · Oct 29, 2014

Thanks, Darren.

I am just banging my head with this one. Every time we think we got it we are good for a couple of days then it pops up again. Some suggest that the worm is actually in the router but we don't have the brand of routers that seem to be affected.

The page popped up once in pinterest but usually it is when I am visiting car-seat.org. GRRR.

SafeDad · Oct 29, 2014

Some of these are very insidious. They are programmed to only affect a few or even one of your most visited sites, making it seem like it is the website that is affected. And they don't do it all the time, either. I had to add a second anti-virus (malwarebytes) to remove one of them because Norton's didn't even recognize it.

Sometimes you have to find one of those help pages and manually delete it or take other steps because the security suites don't have it on their radar.

SnoGurl · Nov 1, 2014

I think this happened to me today-- It's likely my computer, but thought it worth while to let you know. After I posted a reply to a thread in Canadian and International, a big red page came up warning me of a 'phishing attack ahead'. I pressed 'back to safety' and it returned me. It took me back to the page for a moment, then redirected me to a page to upgrade Adobe Flashplayer. I exited, and my virus software popped up telling me it had just blocked a 'web attack' of a 'malicious file'.

Admin · Nov 1, 2014

Thanks- so you hadn't taken any other action besides clicking the post or quick reply button? Didn't click an ad or anything else?

Sounds like a virus or other local malware, but I'm going to put in an ad network block for javaupdated.com just the same.

SnoGurl · Nov 1, 2014

No, just hit the reply button, and that showed up. It hasn't happened since, and i'm running full system scans because it more then likely is local, but as it was within a few days of OP, I figured it was worth mentioning.

Admin · Nov 2, 2014

Could well be one of those insidious browser addons or advertising malware. If it happens again, try another security scan, many offer free ones online. I couldn't find anything in a google search of that particular landing page, but it does sound like phishing malware.

LuvBug · Nov 5, 2014

This is the first time I've visited car-seat.org in almost a year. It is also a week or so past me completely reformatting my computer with win7.

Upon loading the site I received this redirection immediately and I closed it. Retried. Unlikely anything came of it, but definitely on your end somewhere. I do believe from one of the ads running.

Just wanted to confirm.

Admin · Nov 6, 2014

If anyone else has this happen, please try to take screenshots of any ads on the page you are viewing. That would allow me to start blocking some networks or advertisers if it is related to an ad. The server scans keep coming up clean, so I'd guess it has to be a rogue advertisement if it is on the content here.

Admin · Nov 6, 2014

I will also note that I see all ads and have not yet experienced this on any of my devices. It could well be an advertisement that is targeted by region or browsing history, so I would not normally see it.

Some routers are also prone to being hacked, so it can be at the user's side but not related to their O/S or Browser.

http://www.thesafemac.com/eliminating-browser-redirects-and-advertisements/

I am putting in a support request, but if it is advertisement related, support will not be able to find anything. I would definitely need as many reports and screenshots as possible! Hopefully, these ads appear on other websites as well, so Google will soon turn up some patterns.

Admin · Nov 6, 2014

Host did a full scan a few hours ago and all was clean. 3rd party scan results can be done here:

http://sitecheck.sucuri.net/results/www.car-seat.org/

It's definitely possible it is related to a rogue advertisement, but unlikely. More information like screenshots would be very helpful to determine that if anyone sees this redirect.

DabOfLoven · Nov 12, 2014

I just had this happen to me. Upon logging onto the carseat forum. It happened the other day and I thought it was legit until my Antivirus caught it... Here's a screen shot....

I come back to so I can type more. I know my computer is clean. I keep my antivirus up to date and my computer scanned. I've always taken great care in keeping it clean. If you read at the bottom of my screen shot it even says it's not affiliated with Adobe. This screen popped up just as I was opening the boards. I hadn't had a chance to click anything before it popped up. And this is the only site it's happened on.

My phone has a mind of its own, if you're seeing this I'm on it. Sent from Tapatalk.

DabOfLoven · Nov 12, 2014

Here's a screen shot from my computer of my Antivirus where it was caught on the 3rd. Not sure if it's helpful or not.

My phone has a mind of its own, if you're seeing this I'm on it. Sent from Tapatalk.

Admin · Nov 12, 2014

Thank you very much! Hopefully this will help others remove the malware from their computers

Looks like AVG is a good antivirus!

DabOfLoven · Nov 12, 2014

Admin said:
Thank you very much! Hopefully this will help others remove the malware from their computers Looks like AVG is a good antivirus!

But it's coming from this forum though. And reappeared tonight so I think yall still have something going on. It may be embedded in an advertisement causing it.

My phone has a mind of its own, if you're seeing this I'm on it. Sent from Tapatalk.

Admin · Nov 13, 2014

It has to be an advertisement then, since all the malware scans are clean. Any idea if a particular ad is appearing when it happens?

DabOfLoven · Nov 13, 2014

Sadly no, I was looking away talking to dh while it was loading. Tonight when I get on my computer I'll keep testing it and see if I can figure out which one it is.

My phone has a mind of its own, if you're seeing this I'm on it. Sent from Tapatalk.

mom of six · Nov 17, 2014

My hard drive died over the weekend and my husband just finished doing a clean install onto a new hard drive. I though I would hop over to car-seat.org to celebrate the fact that that flash player ad thing was not going to come up again because my computer is clean and pure. What do you know, FIRST THING it pops up!!!!

The tricky thing about screen shots is that the valuable information is what is present just before the Flash Player thing pops up but once it has popped up you cannot go back and see what was just there. The BACK button is inactive. I have to close the tab and reopen another one.

I also get it on the car seat blog. RARELY do I get it anywhere else. Once or twice while surfing around on Pinterest. Lately, on CSO it is 100% occurrence. But it seems that once it has happened I can click around to my hearts content and it will not happen again.

Hope this can be figured out.

mom of six · Nov 17, 2014

Just happened again when I went over to Carseat blog to read about belt oaths. As soon as the page loads, BAM this thing pops up. No time for a screen shot.

Annoying.

Question Malware problem

Active member

CPSDarren - Admin

Active member

CPSDarren - Admin

New member

Attachments

Admin - Webmaster

New member

Admin - Webmaster

New member

Admin - Webmaster

Admin - Webmaster

Admin - Webmaster

New member

New member

Admin - Webmaster

New member

Admin - Webmaster

New member

Active member

Active member

Car-Seat.Org Facebook Group

Sponsors

Forum statistics