Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Malware/Virus Warning
Old 03-13-2020, 04:32 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Malware/Virus Warning

Periodically, I would get a popup warning of a Virus (and a very loud screeching noise) when going to early-retirement.org. The Browser becomes locked. I would have to close the open tab and re-open the site and it would behave as expected.

Today, however, I cannot get the site to open without activating the virus warning no matter what I do. This happens with Microsoft Edge (the new version) but doesn't seem to be a problem with Chrome (which is what I am using to post this). Nor does it happen with any other web site when using Edge... or any other program, for that matter.

See attached image.

Early-Retirement.org.JPG
__________________

__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 03-13-2020, 05:08 AM   #2
Moderator
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 15,070
That appears to be a malware popup.

You should clear your browser cache and cookies, reboot your machine, and run Malwarebytes or the equivalent to find and delete the offending stuff.
__________________

__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 03-13-2020, 05:58 AM   #3
Moderator
Aerides's Avatar
 
Join Date: Nov 2015
Posts: 5,343
...(comes into thread getting ready to move it to the new Covid section)...

Oh THAT kinda virus! But yeah that looks like your machine.
Aerides is offline   Reply With Quote
Old 03-13-2020, 06:33 AM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Quote:
Originally Posted by braumeister View Post
That appears to be a malware popup.

You should clear your browser cache and cookies, reboot your machine, and run Malwarebytes or the equivalent to find and delete the offending stuff.
I cleared "Cookies and other site data" and "Cached images and files." That seems to have fixed the problem.

I did not have to reboot. Malwarebytes scans the System every day at 3AM. SpyBot is continuously monitoring.

I am happy that fixed it but whatever it was had to have come from your Server.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 03-13-2020, 06:34 AM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Quote:
Originally Posted by Aerides View Post
...(comes into thread getting ready to move it to the new Covid section)...

Oh THAT kinda virus! But yeah that looks like your machine.
<Chuckle> Yes, I should have been more descriptive in the Subject line. I apologize.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 03-13-2020, 06:44 AM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 6,087
https://www.bleepingcomputer.com/vir...s-damaged-scam

That link describes your problem specifically. I'm posting it because the article explains the delivery mechanism.
target2019 is online now   Reply With Quote
Old 03-13-2020, 08:20 AM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Nov 2009
Posts: 5,503
I had written about this problem back in January. I get the scam hijack from other websites, too, but mostly from this one. I ran adwcleaner (one of the items mentioned in target2019's link), which found some things. Let's see if that helps.
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is offline   Reply With Quote
Old 03-13-2020, 08:24 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 25,433
I thought Malwarebytes itself was bad actor software?
__________________
Retired since summer 1999.
audreyh1 is online now   Reply With Quote
Old 03-13-2020, 08:40 AM   #9
Moderator
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 15,070
Quote:
Originally Posted by audreyh1 View Post
I thought Malwarebytes itself was bad actor software?
Not sure where you got that idea. It's safe and effective.

BUT there are some fake versions of it that are not safe. Go directly to the source to download it.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 03-13-2020, 09:40 AM   #10
Recycles dryer sheets
Sunny's Avatar
 
Join Date: Nov 2013
Posts: 217
Quote:
Originally Posted by RonBoyd View Post

I am happy that fixed it but whatever it was had to have come from your Server.
Even legitimate ads (on the side of websites) can trigger malware if that is what the malware authors have decided to use for a trigger. Websites utilize ad networks for the displaying of ads, so it isn't as if ER's servers are infected and directing malware at your computer.

Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.

I think somebody posted a link above that likely also indicates this as well, just wanted to reiterate it'd be very odd if ER's or any other typical web server was the cause of the infection.

Quote:
Originally Posted by audreyh1 View Post
I thought Malwarebytes itself was bad actor software?
Malwarebytes, the offiical one from https://www.malwarebytes.com/ and affectionately called MBAM, has been one of the best anti-malware software apps for at least a decade. Every computer should have it installed in my opinion. You don't need to pay for the active scan if youa are careful and OK with updting / running manual scans when you need to since that portion is free.
Sunny is online now   Reply With Quote
Old 03-13-2020, 09:54 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 25,433
Quote:
Originally Posted by braumeister View Post
Not sure where you got that idea. It's safe and effective.

BUT there are some fake versions of it that are not safe. Go directly to the source to download it.
Well, I thought the undismissable pop-up I would occasionally get was from them.
__________________
Retired since summer 1999.
audreyh1 is online now   Reply With Quote
Old 03-13-2020, 11:00 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Quote:
Originally Posted by Sunny View Post
Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).

It is even more suspicious in that Malwarebytes, SpyBot, SpywareBlaster, Reg Organizer, WinOptimizer 17 -- which run continuously -- and a couple more that are run periodically (weekly?) have failed to detect anything unusual.

In any event, we are still good. I was merely whinning.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 03-13-2020, 11:25 AM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 6,087
Quote:
Originally Posted by RonBoyd View Post
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).

It is even more suspicious in that Malwarebytes, SpyBot, SpywareBlaster, Reg Organizer, WinOptimizer 17 -- which run continuously -- and a couple more that are run periodically (weekly?) have failed to detect anything unusual.

In any event, we are still good. I was merely whinning.
Just a WAG, but how do you know those programs are all safe?
target2019 is online now   Reply With Quote
Old 03-13-2020, 11:52 AM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Quote:
Originally Posted by target2019 View Post
Just a WAG, but how do you know those programs are all safe?
Is anyone safe, anymore? Not wanting to "knock on wood," I'll just leave it at that.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 03-13-2020, 12:06 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 6,087
Quote:
Originally Posted by RonBoyd View Post
Is anyone safe, anymore? Not wanting to "knock on wood," I'll just leave it at that.
1) What I meant was how did you receive the installers for the programs? E.G. I have Malwarebytes, and it came from the official site. It is possible though to download it through other sites, and it could be re-packaged.

2) I'm trying to understand how this particular pop-up comes to find its victims. Some say they never see it, and I am thinking this can be true if ads are blocked and javascript is off. However, others say it is because you are infected by malware.

As you say, is anyone safe anymore?
target2019 is online now   Reply With Quote
Old 03-13-2020, 12:10 PM   #16
Thinks s/he gets paid by the post
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 1,341
Quote:
Originally Posted by Sunny View Post
Even legitimate ads (on the side of websites) can trigger malware if that is what the malware authors have decided to use for a trigger. Websites utilize ad networks for the displaying of ads, so it isn't as if ER's servers are infected and directing malware at your computer.

Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
That's not quite right. Malware already installed doesn't really need triggers; malware authors can be brilliant programmers, but there is no need for them to make things more complicated than necessary. Generally your computer is either infected or it is not. That screenshot looks to me like an attempt to infect the computer with malware by getting the user to click "update", which probably installs the malware. Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.

(Not INFOSEC/cybersecurity certified, but I work closely with certified professionals on such issues.)
__________________
-Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is online now   Reply With Quote
Old 03-13-2020, 01:08 PM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Quote:
Originally Posted by target2019 View Post
1) What I meant was how did you receive the installers for the programs? E.G. I have Malwarebytes, and it came from the official site. It is possible though to download it through other sites, and it could be re-packaged.
Each of those programs were installed at some time over 10 years ago -- across all five computers. Since that time, the only thing new was routine updates/upgrades from the official sites.

Quote:
Originally Posted by target2019 View Post
2) I'm trying to understand how this particular pop-up comes to find its victims. Some say they never see it, and I am thinking this can be true if ads are blocked and javascript is off. However, others say it is because you are infected by malware.
I, too, am quite curious how this could happen.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 03-13-2020, 01:18 PM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,888
Quote:
Originally Posted by The Cosmic Avenger View Post
That's not quite right. Malware already installed doesn't really need triggers; malware authors can be brilliant programmers, but there is no need for them to make things more complicated than necessary. Generally your computer is either infected or it is not. That screenshot looks to me like an attempt to infect the computer with malware by getting the user to click "update", which probably installs the malware. Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.

(Not INFOSEC/cybersecurity certified, but I work closely with certified professionals on such issues.)
Yeah, I don't believe my machine is/was infected by this "popup." I have been around long enough to know not to anything foolish -- like giving such a thing credence. I quickly closed the page without any other action. It is a valid point (and, indeed, quite perceptive) that no malware (or virus, for that matter) worth its salt is going to continually announce its presence.

On the other hand, it is curious that only one machine (out of five) on the same LAN is affected. Similarly, why doesn't the same thing occur with Chrome or Internet Explorer? Or different URLs?
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 03-13-2020, 01:21 PM   #19
Administrator
Janet H's Avatar
 
Join Date: Feb 2007
Location: Pacific NW
Posts: 5,697
There are two possibilities:

1. Unwanted adware on your machine or some actual malware. Scans and removal will manage these (once again recommending malwarebytes for adware).

2. Occasionally a bad ad is served that hijacks or redirects. These are especially tough to find because we each see different ad content. If it's the later AND we can get a url from the ad it can be blocked.

The site and server have been checked and rechecked and we are confident that there's no virus or malware being served.
__________________
E-R.org Custom Google Search | Wash your hands, flatten the curve - we can do this!
Janet H is offline   Reply With Quote
Old 03-13-2020, 01:31 PM   #20
Recycles dryer sheets
Sunny's Avatar
 
Join Date: Nov 2013
Posts: 217
Quote:
Originally Posted by RonBoyd View Post
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).

...
In any event, we are still good. I was merely whinning.
Flip side though is if it were the ER servers more of us would be having the issue.

And I didn't think you were whining.

Quote:
Originally Posted by The Cosmic Avenger View Post
Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.
Which is the reason some, not all, malware may try to use triggerss to trick the user in allowing for further infestation of more unwanted programs.

But yes, most adware / malicious stuff using ad networks wouldn't be this sophisticated.
__________________

Sunny is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Beware the FALSE? virus warning imoldernu Other topics 12 05-19-2017 05:46 PM
Virus Warning--snopes.com says it's for real kyounge1956 Other topics 0 01-07-2009 02:20 PM

» Quick Links

 
All times are GMT -6. The time now is 09:21 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
×