 |
|
03-13-2020, 04:32 AM
|
#1
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
Malware/Virus Warning
Periodically, I would get a popup warning of a Virus (and a very loud screeching noise) when going to early-retirement.org. The Browser becomes locked. I would have to close the open tab and re-open the site and it would behave as expected.
Today, however, I cannot get the site to open without activating the virus warning no matter what I do. This happens with Microsoft Edge (the new version) but doesn't seem to be a problem with Chrome (which is what I am using to post this). Nor does it happen with any other web site when using Edge... or any other program, for that matter.
See attached image.
Early-Retirement.org.JPG
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
 |
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
|
03-13-2020, 05:08 AM
|
#2
|
|
Moderator
Join Date: Feb 2010
Location: Flyover country
Posts: 23,993
|
That appears to be a malware popup.
You should clear your browser cache and cookies, reboot your machine, and run Malwarebytes or the equivalent to find and delete the offending stuff.
__________________
I thought growing old would take longer.
|
|
|
|
|
03-13-2020, 05:58 AM
|
#3
|
|
Moderator
Join Date: Nov 2015
Posts: 12,956
|
...(comes into thread getting ready to move it to the new Covid section)...
Oh THAT kinda virus! But yeah that looks like your machine.
|
|
|
|
|
03-13-2020, 06:33 AM
|
#4
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
 Quote:
Originally Posted by braumeister
That appears to be a malware popup.
You should clear your browser cache and cookies, reboot your machine, and run Malwarebytes or the equivalent to find and delete the offending stuff.
|
I cleared "Cookies and other site data" and "Cached images and files." That seems to have fixed the problem.
I did not have to reboot. Malwarebytes scans the System every day at 3AM. SpyBot is continuously monitoring.
I am happy that fixed it but whatever it was had to have come from your Server.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
|
|
03-13-2020, 06:34 AM
|
#5
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
Quote:
Originally Posted by Aerides
...(comes into thread getting ready to move it to the new Covid section)...
Oh THAT kinda virus! But yeah that looks like your machine.
|
<Chuckle> Yes, I should have been more descriptive in the Subject line. I apologize.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
|
|
03-13-2020, 06:44 AM
|
#6
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,102
|
https://www.bleepingcomputer.com/vir...s-damaged-scam
That link describes your problem specifically. I'm posting it because the article explains the delivery mechanism.
|
|
|
|
|
03-13-2020, 08:20 AM
|
#7
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Nov 2009
Posts: 6,583
|
I had written about this problem back in January. I get the scam hijack from other websites, too, but mostly from this one. I ran adwcleaner (one of the items mentioned in target2019's link), which found some things. Let's see if that helps.
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.
"I want my money working for me instead of me working for my money!"
|
|
|
|
03-13-2020, 08:24 AM
|
#8
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 36,251
|
I thought Malwarebytes itself was bad actor software?
__________________
Retired since summer 1999.
|
|
|
|
|
03-13-2020, 08:40 AM
|
#9
|
|
Moderator
Join Date: Feb 2010
Location: Flyover country
Posts: 23,993
|
Quote:
Originally Posted by audreyh1
I thought Malwarebytes itself was bad actor software?
|
Not sure where you got that idea. It's safe and effective.
BUT there are some fake versions of it that are not safe. Go directly to the source to download it.
__________________
I thought growing old would take longer.
|
|
|
|
|
03-13-2020, 09:40 AM
|
#10
|
|
Recycles dryer sheets
Join Date: Nov 2013
Posts: 236
|
Quote:
Originally Posted by RonBoyd
I am happy that fixed it but whatever it was had to have come from your Server.
|
Even legitimate ads (on the side of websites) can trigger malware if that is what the malware authors have decided to use for a trigger. Websites utilize ad networks for the displaying of ads, so it isn't as if ER's servers are infected and directing malware at your computer.
Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
I think somebody posted a link above that likely also indicates this as well, just wanted to reiterate it'd be very odd if ER's or any other typical web server was the cause of the infection.
Quote:
Originally Posted by audreyh1
I thought Malwarebytes itself was bad actor software?
|
Malwarebytes, the offiical one from https://www.malwarebytes.com/ and affectionately called MBAM, has been one of the best anti-malware software apps for at least a decade. Every computer should have it installed in my opinion. You don't need to pay for the active scan if youa are careful and OK with updting / running manual scans when you need to since that portion is free.
|
|
|
|
|
03-13-2020, 09:54 AM
|
#11
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 36,251
|
Quote:
Originally Posted by braumeister
Not sure where you got that idea. It's safe and effective.
BUT there are some fake versions of it that are not safe. Go directly to the source to download it.
|
Well, I thought the undismissable pop-up I would occasionally get was from them.
__________________
Retired since summer 1999.
|
|
|
|
|
03-13-2020, 11:00 AM
|
#12
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
Quote:
Originally Posted by Sunny
Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
|
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).
It is even more suspicious in that Malwarebytes, SpyBot, SpywareBlaster, Reg Organizer, WinOptimizer 17 -- which run continuously -- and a couple more that are run periodically (weekly?) have failed to detect anything unusual.
In any event, we are still good. I was merely whinning.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
|
|
03-13-2020, 11:25 AM
|
#13
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,102
|
Quote:
Originally Posted by RonBoyd
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).
It is even more suspicious in that Malwarebytes, SpyBot, SpywareBlaster, Reg Organizer, WinOptimizer 17 -- which run continuously -- and a couple more that are run periodically (weekly?) have failed to detect anything unusual.
In any event, we are still good. I was merely whinning.
|
Just a WAG, but how do you know those programs are all safe?
|
|
|
|
|
03-13-2020, 11:52 AM
|
#14
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
Quote:
Originally Posted by target2019
Just a WAG, but how do you know those programs are all safe?
|
 Is anyone safe, anymore? Not wanting to "knock on wood," I'll just leave it at that.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
|
|
03-13-2020, 12:06 PM
|
#15
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,102
|
1) What I meant was how did you receive the installers for the programs? E.G. I have Malwarebytes, and it came from the official site. It is possible though to download it through other sites, and it could be re-packaged.
2) I'm trying to understand how this particular pop-up comes to find its victims. Some say they never see it, and I am thinking this can be true if ads are blocked and javascript is off. However, others say it is because you are infected by malware.
As you say, is anyone safe anymore?
|
|
|
|
|
03-13-2020, 12:10 PM
|
#16
|
|
Thinks s/he gets paid by the post
Join Date: May 2016
Location: Mid-Atlantic
Posts: 2,454
|
Quote:
Originally Posted by Sunny
Even legitimate ads (on the side of websites) can trigger malware if that is what the malware authors have decided to use for a trigger. Websites utilize ad networks for the displaying of ads, so it isn't as if ER's servers are infected and directing malware at your computer.
Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
|
That's not quite right. Malware already installed doesn't really need triggers; malware authors can be brilliant programmers, but there is no need for them to make things more complicated than necessary. Generally your computer is either infected or it is not. That screenshot looks to me like an attempt to infect the computer with malware by getting the user to click "update", which probably installs the malware. Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.
(Not INFOSEC/cybersecurity certified, but I work closely with certified professionals on such issues.)
__________________
-Looking to FIRE in the mid-2020s, which would be our mid-50s.
|
|
|
|
|
03-13-2020, 01:08 PM
|
#17
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
Quote:
Originally Posted by target2019
1) What I meant was how did you receive the installers for the programs? E.G. I have Malwarebytes, and it came from the official site. It is possible though to download it through other sites, and it could be re-packaged.
|
Each of those programs were installed at some time over 10 years ago -- across all five computers. Since that time, the only thing new was routine updates/upgrades from the official sites.
Quote:
Originally Posted by target2019
2) I'm trying to understand how this particular pop-up comes to find its victims. Some say they never see it, and I am thinking this can be true if ads are blocked and javascript is off. However, others say it is because you are infected by malware.
|
I, too, am quite curious how this could happen.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
|
|
03-13-2020, 01:18 PM
|
#18
|
|
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 6,233
|
Quote:
Originally Posted by The Cosmic Avenger
That's not quite right. Malware already installed doesn't really need triggers; malware authors can be brilliant programmers, but there is no need for them to make things more complicated than necessary. Generally your computer is either infected or it is not. That screenshot looks to me like an attempt to infect the computer with malware by getting the user to click "update", which probably installs the malware. Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.
(Not INFOSEC/cybersecurity certified, but I work closely with certified professionals on such issues.)
|
Yeah, I don't believe my machine is/was infected by this "popup." I have been around long enough to know not to anything foolish -- like giving such a thing credence. I quickly closed the page without any other action. It is a valid point (and, indeed, quite perceptive) that no malware (or virus, for that matter) worth its salt is going to continually announce its presence.
On the other hand, it is curious that only one machine (out of five) on the same LAN is affected. Similarly, why doesn't the same thing occur with Chrome or Internet Explorer? Or different URLs?
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
|
|
|
|
|
03-13-2020, 01:21 PM
|
#19
|
|
Administrator
Join Date: Feb 2007
Location: Pacific NW
Posts: 6,139
|
There are two possibilities:
1. Unwanted adware on your machine or some actual malware. Scans and removal will manage these (once again recommending malwarebytes for adware).
2. Occasionally a bad ad is served that hijacks or redirects. These are especially tough to find because we each see different ad content. If it's the later AND we can get a url from the ad it can be blocked.
The site and server have been checked and rechecked and we are confident that there's no virus or malware being served.
|
|
|
|
|
03-13-2020, 01:31 PM
|
#20
|
|
Recycles dryer sheets
Join Date: Nov 2013
Posts: 236
|
Quote:
Originally Posted by RonBoyd
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).
...
In any event, we are still good. I was merely whinning.
|
Flip side though is if it were the ER servers more of us would be having the issue.
And I didn't think you were whining.
Quote:
Originally Posted by The Cosmic Avenger
Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.
|
Which is the reason some, not all, malware may try to use triggerss to trick the user in allowing for further infestation of more unwanted programs.
But yes, most adware / malicious stuff using ad networks wouldn't be this sophisticated.
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|
