tware

iTrader: (12)

ad feeds should have been cut on Friday until they could track down the offender. heads should roll for this (or at least the ad network). 4 hours is understandable, 4 days can't be excused. It's happened to the biggest net properties, but it rarely goes on for more than a few minutes or hours at most. I hope IB demands some accountability from whomever approved these malicious ads. While I believe it's the ultimate responsibility for everyone to protect their own machines and practice safe browsing, this isnt the type of place you'd expect to have to sandbox your browser to visit.

I feel bad for anyone who had their work machine exploited. Again, ultimately, it's your responsibility for your own machine at work, but I bet alot of people have some explaining to do that they really shouldn't have had to worry about.

nismo*son

iTrader: (3)

got the virus twice yesterday, both times when I was in the fitness section. Sent 2hr getting rid of it.

phreaktor

iTrader: (22)

Like I said before, if you get this on your PC at work, your IT department may be getting flag emails if you keep coming to the site and the restricted ad keeps popping up under the phishing or virus category. It looks like you are trying to access the malicious site. This could get you in BIG trouble, particulary if they confiscate your PC for forensics.

tware

iTrader: (12)

I hope that people who are reporting repeat infections late today are really just seeing the same infection. It can't possibly be still lurking around... I'd really like to think that.

Out of respect for the site, I generally wouldn't visit with an Ad Blocker and noscript. But I'm not sure there's a safe option until we hear how this happened and how it should be prevented in the future.

I wonder if anyone got this will fully patched flash? no flash installed? I've been blocking flash (although it is installed) for weeks. a complete PITA, but I'm not sure when it will be safe to run Flash again.

Driven1

iTrader: (2)

4days? Viruses thru the ads were reported back on Feb 26th in another thread I believe.

Honestly, it's kinda sad that until "bigger" names and mods entered into the equation nothing seemed to be getting done about it.

Even a warning would have been nice...instead of hiding a little thread in the "Feedback" section where maybe 20% of the people go?

Mike@Blackline

iTrader: (37)

ARE YOU SERIOUS? that is from this site? i got it randomly yesterday and if this site is the reason for this nearly-impossible-to-delete ****, then we'll put our vendorship on hold until its resolved. i spent hours yesterday trying to shake XP defender and cant. truly ridiculous that its coming from this site, whether its from an ad feed or whatever.

This computer sees 3 websites and 3 alone, so it probably is here.....*super face palm*

IIQuickSilverII

iTrader: (13)

yah getting rid of the stupid vista 2010 defender was a bit tricky on my other vista laptop at home, there is no simple "just install and run this program", i had to play with the registry manually, i wasnt sure the fix.reg was gonig to do it...... the one i am using now was well protected (win7)......still

this is BS and i hope to hear more from the staff on this.

tware

iTrader: (12)

seriously, I posted wayyyy up on the first page, this can be knocked out in a matter of minutes, if not seconds. Head over to the malwarebytes site, then contact us, then forums. Or use my links. down the page there are instructions to remove just about every infection out there right now. They tell you how to get Process Explorer to stop the process, then how to rename malwarebytes so it will run unseen by the other part of the rogue software. After that, youre one scan and reboot away from being rogue free. However, that wont stop you from being jacked again.....

Just to come back to see this thread, I'm running Firefox, with noscript blocking flash and ADP ad blocker add-on.... and I'm in a sandboxed browser thru Kaspersky's Run Safe. But free sandboxie would have also worked.

JEKL

iTrader: (24)

AVG just saved my butt while surfing this site! Thanks for recommending it to me.

tware

iTrader: (12)

I would consider that a failure of sorts. It tried to execute, which probably means malicious code managed to wiggle into your temp storage. You got lucky. Don't leave it up to your AV to protect you. Lock down your browser.

JEKL

iTrader: (24)

Good point. I added Comodo Firewall and MS Security Essentials too. What would you recommend for the browser?

sweettalker

iTrader: (24)

I got it 3 times already. I had no idea it was from this site. HOW SAD no one is doing anything about it. I found an easy solution tho. It leeches on to your registery files so all you have to do is fix the registery files into the original default mode. There's no reset button so you have to download a file called FixExe.reg it's small file. You just download it and double click it and it does everything by itself. Viola. back to normal. Those xp antivirus 2010 or other similar named ones are VERY annoying. MAKE SURE you Run it in safemode to get to the website so it won't block you. Or download the file from another comp and transfer it using usb drive or something. That malware site the guy above me said has that file too.

tware

iTrader: (12)

"What would you recommend for the browser?"
My recommendation would make the internet suck for a few days until you manually whitelisted all the trusted scripts. And vids dont load until I click on the box and allow them to run. FF with noscript and ABP add ons for me. My wife is not exactly tech savy but within a few minutes, she was figuring out how to whitelist scripts with noscript. If you go to ebay or paypal, and 1/2 the page is blank, youre missing a script. You right click on the little noscript S in the bottom corner and "allow ebay.com" or "allow my350z" and so forth.

MDHRZ

iTrader: (14)

Firefox, then install NoScript and Ad Block Plus.

tware

iTrader: (12)

btw, the most nefarious thing is the next version of this actually mimics legit AV.. I mean, down to the logos.. not only do you not know it's disabled your real AV, but when you 'renew', which pops up right away, they are actually getting your info. F'n evil... so keep an eye on that. The fakes are easy to spot if youre paying attention.

klenkart

iTrader: (1)

My computer was fine until yesterday. I went into the classified exhaust section and the vista thing started popping up. I tried the removal steps but I couldn't get it to work.

HyperKnight

iTrader: (1)

Do a System Restore if you have a recent one. My computer makes one every night while I'm asleep.

Diesel350

iTrader: (6)

Argh, I got this popped up a few minutes ago. AVG says it blocked it but not sure if anything go through. System seems to be running fine

Black Z Eddie

I'd run Malwarebytes just to be on the safe side.

Diesel350

iTrader: (6)

Thanks doing that now.