Omega Owners Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to OOF

Pages: [1] 2  All   Go Down

Author Topic: OOF Adware  (Read 3505 times)

0 Members and 1 Guest are viewing this topic.

zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
OOF Adware
« on: 15 November 2014, 15:55:17 »

Suspect its my end, only happens on OOF (advert below OOF Logo), cant seem to find what it is?, Malwarebytes found nothing.

Only happened when I posted a Pic earlier, click Image in new Post, small pop up appeared, very similar to the one saying 'you have a new message', but said 'enter image URL', thought strange so cancelled it, tried again same thing, thought OOF must have had an update in some form, entered Photobucket URL Pic, posted Post all was well.

Ever since then had this, anyone else having similar issues.

« Last Edit: 15 November 2014, 15:59:18 by zirk »
Logged

Andy H

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Auckland
  • Posts: 5533
    • Mazda MPV
    • View Profile
Re: OOF Adware
« Reply #1 on: 15 November 2014, 16:27:31 »

What do you get if you right click on the offending text and pick "show image properties"?
Logged
"Deja Moo - The feeling that you've heard this bull somewhere before."

zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
Re: OOF Adware
« Reply #2 on: 15 November 2014, 16:37:02 »

Its not an image, its a rolling text banner, its not a pop up as such but somehow embedded in the top section of the top OOF box.

Right click, doesn't seem to tell me much, suppose i could inspect it, but without knowing what should be ther on the oof page, wont really help me.  :-\
Logged

AndyRoid

  • Senior Member
  • ****
  • Offline Offline
  • Hants
  • Posts: 713
    • View Profile
Re: OOF Adware
« Reply #3 on: 15 November 2014, 16:47:31 »

but without knowing what should be ther on the oof page, wont really help me.  :-\

Here you go


zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
Re: OOF Adware
« Reply #4 on: 15 November 2014, 17:05:46 »

Thanks, but what I meant was, right click, inspect element, then what to expect under the text source of the oof page.
Logged

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 107100
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: OOF Adware
« Reply #5 on: 15 November 2014, 17:27:07 »

S'not our end. Does it happen in alternate browsers? If not, suspect browser hijack. If so, suspect poisoned DNS cache or more general malware
Logged
Grumpy old man

zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
Re: OOF Adware
« Reply #6 on: 15 November 2014, 17:30:50 »

S'not our end. Does it happen in alternate browsers? If not, suspect browser hijack. If so, suspect poisoned DNS cache or more general malware
Have it on IE (although it took a couple of page refreshes to show up), just check FF now but seems slow loading.
Logged

zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
Re: OOF Adware
« Reply #7 on: 15 November 2014, 17:34:41 »

Can someone copy and paste the text (under inspect element) of the OOF Front page for me.

Seem to have some some links on mine, that I dont think should be there.
Logged

Entwood

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • North Wiltshire
  • Posts: 19566
  • My Old 3.2 V6 Elite (LPG)
    • Audi A6 Allroad 3.0 DTI
    • View Profile
Re: OOF Adware
« Reply #8 on: 15 November 2014, 17:40:34 »

It won't let me copy/paste .. so heres a screen capture of mine ..

Logged

zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
Re: OOF Adware
« Reply #9 on: 15 November 2014, 17:57:39 »

Thanks, mine slightly differnt, but about 10 lines down after

<img class="floatright" id="smflogo" src="http://images.omegaowners.com/forum/smf2000/Themes/core/images/smflogo.gif" alt="Simple Machines Forum">

have something linking to surefish.com (also wont let me copy it)

Gonna try another MW scan but in safe mode.  :-\
Logged

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 107100
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: OOF Adware
« Reply #10 on: 15 November 2014, 18:09:37 »

Thanks, mine slightly differnt, but about 10 lines down after

<img class="floatright" id="smflogo" src="http://images.omegaowners.com/forum/smf2000/Themes/core/images/smflogo.gif" alt="Simple Machines Forum">

have something linking to surefish.com (also wont let me copy it)

Gonna try another MW scan but in safe mode.  :-\
That is a valid image. images.omegaowners.com is the server that provides all static elements on the page.
Logged
Grumpy old man

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 107100
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: OOF Adware
« Reply #11 on: 15 November 2014, 18:09:56 »

ah, sorry, 10 lines below that...
Logged
Grumpy old man

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 107100
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: OOF Adware
« Reply #12 on: 15 November 2014, 18:11:54 »

From View Source:

Code: [Select]
<img class="floatright" id="smflogo" src="http://images.omegaowners.com/forum/smf2000/Themes/core/images/smflogo.gif" alt="Simple Machines Forum" />
<h1 id="forum_name">
<img src="http://images.omegaowners.com/forum/smf2000/ooflogo.png" alt="Omega Owners Forum" />
</h1>
</div>
<ul id="greeting_section" class="reset titlebg2">
<li id="time" class="smalltext floatright">
15 November 2014, 18:10:00
<img id="upshrink" src="http://images.omegaowners.com/forum/smf2000/Themes/core/images/upshrink.gif" alt="*" title="Shrink or expand the header." align="bottom" style="display: none;" />
</li>
<li id="name">Hello <em>TheBoy</em></li>
</ul>
<div id="user_section" class="bordercolor" style="display: none;">
<div class="windowbg2 clearfix">
<div id="myavatar"><img src="http://theboy.omegaowners.com/oofpics/avatar/TBE.JPG" alt="" class="avatar" /></div>
<ul class="reset">
<li><a href="http://www.omegaowners.com/forum/index.php?action=unread">Show unread posts since last visit.</a></li>
<li><a href="http://www.omegaowners.com/forum/index.php?action=unreadreplies">Show new replies to your posts.</a></li>
<li>Total time logged in: 120 days, 5 hours and 21 minutes.
</li>
<li><a href="http://www.omegaowners.com/forum/index.php?action=moderate;area=reports">There are currently 8 moderator reports open.</a></li>


HTH
Logged
Grumpy old man

zirk

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Epping Forest
  • Posts: 11443
  • 3.2 Manual Special Saloon ReMapped and LPG'd and
    • 3.2 Manual Special Estate
    • View Profile
Re: OOF Adware
« Reply #13 on: 15 November 2014, 18:53:33 »

Thanks all, ok done (I hope).  ;)

Turned to be a embedded link that quiet fancied parking itself under the OOF Logo, part of visadd virus family apparently.  :-\

No idea how it got there, along with the other crap it planted all over the place, but did manage to disable my MS Essentials as well.
Logged

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 107100
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: OOF Adware
« Reply #14 on: 15 November 2014, 19:16:57 »

Thanks all, ok done (I hope).  ;)

Turned to be a embedded link that quiet fancied parking itself under the OOF Logo, part of visadd virus family apparently.  :-\

No idea how it got there, along with the other crap it planted all over the place, but did manage to disable my MS Essentials as well.
tut tut.

As you know, safe mode, full scans, and even offline scans if you have the capabilities. Might be worth checking for rootkits as well.

Personally, on the rare occasions I believe I've been compromised, I burn and build.
Logged
Grumpy old man
Pages: [1] 2  All   Go Up
 

Page created in 0.019 seconds with 21 queries.