Malware or Adware at sign in

I once had such problems, too, some years ago and I got very angry at some site owners.
When it happened on to many websites, I realized that it must have been something on my PC.

You should look for Browser Helper Objects (BHO). These objects start in the background of your browser and are not recognized as virus.

The little program bgodemon (freeware) finds them and you can enable them.

Hope that helps the one or the other.

reply to post by easynow


Easynow:

Download "Adaware" from www.lavasoft.com and run it, it's free and it finds the adware that appears to be doing this to you. The typical "spyware/malware" programs often miss adware nasties that do exactly what is happening to you.

I had the same thing back in 2007 and Adaware was the only program that got rid of it.

Springer...

reply to post by Springer


thanks for the advice Springer, i appreciate that.

i did download the ad- aware program and it did not pick anything up

[atsimg]http://files.abovetopsecret.com/images/member/9dc84d297e48.png[/atsimg]


i had that program for a long time but i stopped using it because i found that SuperAntiSpyware picked up everything the lavasoft program did and more.

anyways, i downloaded Malwarebytes and it did pick up four problems...

[atsimg]http://files.abovetopsecret.com/images/member/683c5614518b.png[/atsimg]

i have no idea where my computer got these and of course i did remove these bugs after taking that screenshot. this time when i navigated to ATS i did not have the pop up problem. the problem i was having did not happen everytime and i am hoping by removing that malware...it won't happen anymore. if it does i will let you know.

thanks for your help

reply to post by Springer


yikes , after i posted the above reply to you , i logged off and went to my homepage (yahoo) and then navigated back to ATS and i got this again...












i am going to run the Malwarebytes program again and try and quarrantine anything that shows up. not sure what else to do

[edit on 8-9-2009 by easynow]

ok i ran another scan with the malwarebytes program and it found nothing this time. the entries it picked up on the first scan are already in quarantine.

when i navigated to ATS after that second scan...bamm ! same thing, i got the "erins blog" and then it morphes into the "are you sure you want to navigate away from this page" popup.

so i am back where i started

Easynow, you are going to get a popup when using IE and navigating to ATS when not logged in, it is not malware, everytime I run ccleaner, it removes the cookies for ATS and causes me to have to log back in, I always get the screensaver ad while trying to log in. Annoying; yes, just part of the ad revenue system used by the ad server for ATS.

Those that do not get any popups while navigating ATS and not logged in are usualy running an ad-blocker(which is not supposed to be used by the T&C) or are using another browser with an add-in to prevent them. IE's popup blocker is totaly lame. There are also a few settings that can be modified to prevent this from happening as well; but you will also find that the same mods can also prevent you from seeing web pages in their entirety, so are usually not worth the effort.

Because of the T&C of ATS, it is the only website in which I get popups from while not logged in, otherwise I do not get popups at all.

reply to post by damwel


It is ATS...I have been having the same problem. Spent 3 hours scanning my computer last night and came up clean. The only time I get them is when I am on ATS.

Pappa_Bear, yeah, we all know about the NORMAL ad's that support ATS and I am fine with those as most are. Its when they try to trick you into clicking yes and it looks like a windows message that it becomes a problem.

When I was younger (about 13-12yrs ago), I clicked yes "to close this ad" and spyware/malware installed on my computer, then pop ups would pop up on EVERY site at intervals. So now when I see that type of trick and its on a site I care about, I won't just let it go!

If you see this AD and think its legit, click it and tell me if its safe...then scan your computer for malware. If it is legit, you just helped ATS, if not, you will get to test your AV and spyware programs YAAY.

BTW grantsmoney is a scam even if it appears as a legit pop-up
www.msnbc.msn.com...

reply to post by XL5


I think you misunderstood what I was trying to say, I don't click on popups, never have, never will, I use alt-f4 to close them, the fact remains that the popup is generated by previous surfing habits, locale/region, etc; if you are not logged in, and you bring up ATS log- in page, you can get an annoying popup if you use IE and is not an indication that you have malware if that is the only popup that you are seeing. It's that simple. So please tell me where i have condoned or suggested anyone click on a popup, or that the popup would be safe to click on.

Please read more carefully.

reply to post by easynow


Yeah, I am getting those same fake news site adds on ATS. I have complained about them before, as at least one of them was a known scam add for Easy Google Profit (AKA. Google Money Tree, Google Treasure Chest, Etc...). I am sure these are from the same scam company as they have the exact same look to them. If you get their “free kit” (you have to pay shipping on it), they start removing money from whatever source you used to pay the shipping from, and you of course never receive the “kit”. There is a bunch of hidden text and terms on those screens often written with the font color set to the same color as the screen background. The company is already under investigation in several states, including being persecuted for fraud in Texas. I posted about this in the complaints forum, but it was obviously never paid any attention to.

AUSTIN – Attorney General Greg Abbott today charged two Utah-based defendants with operating a fraudulent work-at-home scheme. The state’s enforcement action names Infusion Media Inc. and Jonathan D. Eborn, whose “GoogleMoneyTree.com” promised six-figure earnings for conducting specialized Google and Yahoo Internet searches.
According to investigators, the defendants promised big payouts in order to convince Web users to spend $3.88 on shipping and handling for a “free kit” that supposedly would show them how to make money from home. Those who purchased the kit were later surprised to discover they were being charged $72 a month by the defendants.
Internet users encountered the defendants’ Google and Facebook advertisements, which linked to blogs that were created to promote their work-at-home offer. The blogs included “testimonials” that touted their products and led viewers to believe that previously unemployed users were earning high salaries conducting Internet searches. According to the blogs, interested parties need only acquire a “free kit,” which was available through GoogleMoneyTree’s “sign-up” page.
Individuals who requested the kit were required to provide substantial personal information, including their name, address, telephone number, email address, and credit card payment information, which was supposed to be used to pay the $3.88 “shipping and handling” fee. Customers believed they were only obligated to pay the “refundable” processing fee and were not aware there would be additional charges to their credit cards.
According to the state’s enforcement action, GoogleMoneyTree failed to clearly inform purchasers that they had been enrolled in monthly memberships and had only seven days to cancel their trial membership. Purchasers who failed to cancel within seven days were automatically charged $72 on their credit card statements each month. In addition to the unexpected credit card charges, customer complaints obtained by state investigators indicate that GoogleMoneyTree failed to actually send the “free kit” and refused to honor customer refunds.
The state is seeking an injunction, civil penalties of up to $20,000 per violation of the Texas Deceptive Trade Practices Act, as well as restitution for purchasers. Texans who believe they have been misled by similar business practices may file complaints with the Office of the Attorney General toll-free at (800) 252-8011 or file complaints online at www.texasattorneygeneral.gov.

You would think that someone here would at least look into why they are hosting an add for a fraudulent business, but alas...

Pappa_Bear, I did read and understand what you typed. We know the AD's we get before we log in are normal and are not malware/spyware. However, there is a sneaky AD that ALSO pops up and says "are you sure you want to navigate away from this page". It looks like a windows message at first and has the yes/no at the bottom, this AD is what we have a problem with as it seems to be tricking you using a fake windows popup. This AD probably redirects you to a site that loads all kinds of bad stuff on your computer or just loads stuff as soon as you click it.

You have seen the screen shots AND read all three pages right?

Easynow was acused and or convinced by others that he had spyware/malware and thats the reason for the BAD AD. Most knew that was a BAD AD, but thought he already had adware and it was his fault. IMO people just seem to read the title and then go into "defend ATS mode" and throw out logic.

I'm sure if the AD linked to porn and or kink and 5 or more people got it, the reaction from the out siders would have been different, them again, maybe not. People have a hard time reading the part "only on ATS", malware/adware does not only hit one website.

I did a little google-search and found a few other forums, where they have the same problem lately.

And indeed it seems to be a problem with the ad-company, but not the administrator's fault.

Seems they solved it at this site: sectalk forum