Thread: Virus from this site or very rare coincidence?

So, two days ago I only had this site open and facebook open for about two minutes. Then suddenly spyware popped up titled XP internet security 2012 and was one of those types of spyware that blocka you from opening programs and wants your credit card info. I removed the spyware using methods found online. Then yesterday i went back to sarelliteguys with about 4 other sites opened at the same time, but all trusted sites i visit on a daily basis and have not had any trouble with since the following incident. This time i got a weird error from adobe reader which wasnt even open, and had to click ok 3 times for 3 dialog boxes. Never seen that error before and havent made any chabges to adobe reader. Could it have been malware trying to get into my pc through adobe?
So it seems rather odd that satguys was open both times when i received the spyware and the weird adobe occurence. So whats the deal? Has anyone else experiencex this lately? Maybe its from one of those ztupid rotating ads since it took a minite or two to happen each time. Please tell me what is happening becauze i refuse to visit thte site on my pc until i hear if it is the cause of the malware. Right now im on my phone so please excuse all the typos.

It's coincidence. If it were a problem you wouldn't be the only one after it. Those anti-virus/malware gotchas can be unbeleivably difficult to remove. They appear to be gone after removal processes and reappear a week later. To be sure , wipe the drive.

From what you said so far, I'd say you been "FaceBooked" Now there's a nasty site full of e-mines.

Do you have an antivirus running on your computer? In addition to running antivirus, make sure you are up-to-date on all patches and updates. It is critical these days, not only to run Windows update, but also to update any browser plug-ins/add-ons. Particularly, Java, Adobe Flash, Adobe Reader, etc. A lot of viruses are getting through security holes that are being found in those plug-ins all the time. Adobe has been releasing patches and updates almost monthly. Go to Adobe.com and install the latest versions directly from there.

Once your computer is compromised you will start getting strange pop-up ads no matter what site you visit. Don't assume that it's coming from the sites you have open at the moment. Most likely it has nothing to do with them.

Sent from my iPhone using SatelliteGuys

You're on one of the most carefully monitored and maintained (quality, content, safety, not necessarily in that order) and may actually find being here may be the best HELP you could get for your problem! Don't be afraid to ask as you work your way through it! There are members here for most every "tech" need and interest.

All syndicated ads that run here are screened and deamed to be safe by the ad agencies who serve them.

We actually have fired ad agencies for letting crap get through.

With that said my wife got hit last week while her browser was left open on Facebook. Looks like it got in through a rouge flash ad on Facebook. She. Would have got it if she kept her flash player up to date.

Now she knows.

Another site that I like to read (
Right of Middle

) has reported again a problem with the web site Download.com which is part of CNET. If you've downloaded from them lately you might have gotten something from them. Some might find the site interesting and the article he posts.


Download.com Problems




Many years ago, when the Internet was still a fraction of what it is today, download.com was the place to go to find interesting or useful freeware and shareware. I haven’t visited it much lately because I prefer to go directly to the website of the developer, or perhaps use Sourceforge when possible/necessary. After C|Net purchased Download.com, it just didn’t have the same “feeling” and frankly, I was skeptical of the process.
One of my most favorite tools in my toolbox is
Nmap


. Anyone who knows anything about the art of digital security knows what Nmap is and what it can do. I’ve been an Nmap user for… well, a long time. But again, I go directly to Fyodor’s website so I know that I’m getting the most up to date release, and to avoid any potential shenanigans from middleman sites like Download.com.
As it turns out, I was right to be suspicious of Download.com. If you use them, you should be wary of them too. They profess to be free of malware and adware, but as Fyodor recently discovered, that is absolutely not the case. It turns out C|Net installs (or tries to install) a number of other “goodies” on your system when you use them to get software. This sent Fyodor over the edge yesterday, and the word has spread across the Internet like wildfire. He has a
great write-up on his site


about the situation, which is far from over.
C|Net should be ashamed of themselves. Professing to be free of malware might be true if you’re only referring to things like the latest virus, Trojan, or worm. But I’m willing to bet that none of you reading this would unknowingly permit your Internet search settings to be changed. Nor would any of you be willing to have other ad-related software, toolbars, or add-ons put on your system simply because you chose to get your software from Download.com.
For my part, I will no longer visit anything related to C|Net until they clean up their act. There are many people out there who are simply not aware of what happens when you blindly click “Yes” to the boxes that pop up during an installation routine, and the very last thing that any company should do is prey on that. Especially a company that is as old and (used to be trusted) like C|Net.
Stay away from Download.com, folks. Your PC and your favorite PC repair technician will thank you.

I have on two occasions had my antivirus software inform me of a blocked intrusion attempt while on this site. This time, just a few minutes ago it happened for the second time and is why I found this thread. The only other site I had open this time was the Dtv firmware watcher site. I have a suspicion it invloves an ad stream hack.

The attacking ip was 72.51.44.40 I've pasted the info below that i found on this ip. ***** I have not clicked on the three domains listed as being hosted on this ip, caution advised******

IP Location


IP Address:72.51.44.40City:Los AngelesState/Region:CaliforniaCountry:United StatesZIP Code:90001Latitude/Longitude:34.052°, -118.244°Time Zone:America/Los AngelesCurrent Time:8:48 PM on Dec. 11, 2011


Host Details


IP Address:72.51.44.40IP Block Start:72.51.32.0IP Block End:72.51.47.255Reverse DNS:miscomma4.specialweboffer.infoHost/ISP:Peer 1 Network Inc.
Domains Hosted on IP 72.51.44.40 (3)
goldenmile (dot) net
hospitalityonthepark (dot) net
rowntreeenterprises (dot) net




Host Analysis:

IP address 72.51.44.40 is located within an IP block ranging from 72.51.32.0 to 72.51.47.255 with CIDR 72.51.32.0/20 and netmask 255.255.240.0. According to a DNS lookup, the host name attributable to this IP is miscomma4.specialweboffer.info. Other information about this IP block suggests that users of 72.51.44.40 are in the vicinity of Los Angeles, CA, USA, located at 34.05223° latitude, -118.24368° longitude (indicated on the map to the right), and are users of an ISP called Peer 1 Network Inc.. The ZIP code from this locale is 90001, and the time zone is America/Los Angeles.
We have further analyzed this IP address and found that several domains name are currently mapped to it, such as hospitalityonthepark (dot) net, goldenmile (dot) net, and rowntreeenterprises (dot) net. This suggests that the IP address is being used by a server (rather than an end user) to vend web pages or other on-line content.

I would say that your system has already been infected as I come to this site everyday and never has my antivirus software detected anything nor has my firewall send me a alarm and I get alarms that sites from Japan to Russia have done a port scan. So I'd say you need to recheck you software or your system for traces of that web site, because it wasn't from here.

Yeah well, being in computers and in the biz for 15+ years, I can say it's not originating from my computer. Its either tied to this site or the firmware tracker site. Both times its happened, I've had those two sites open. Do what you want. I provided the info for anyone who wants to look into it, but it sounds like i wasted my time.