Malware/Virus Warning

RonBoyd

RonBoyd

Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Joined
Dec 10, 2007
Messages
6,267
Location
Denver, Colorado
Periodically, I would get a popup warning of a Virus (and a very loud screeching noise) when going to early-retirement.org. The Browser becomes locked. I would have to close the open tab and re-open the site and it would behave as expected.

Today, however, I cannot get the site to open without activating the virus warning no matter what I do. This happens with Microsoft Edge (the new version) but doesn't seem to be a problem with Chrome (which is what I am using to post this). Nor does it happen with any other web site when using Edge... or any other program, for that matter.

See attached image.

Early-Retirement.org.JPG
 
That appears to be a malware popup.

You should clear your browser cache and cookies, reboot your machine, and run Malwarebytes or the equivalent to find and delete the offending stuff.
 
...(comes into thread getting ready to move it to the new Covid section)...

Oh THAT kinda virus! But yeah that looks like your machine.
 
braumeister said:
That appears to be a malware popup.

You should clear your browser cache and cookies, reboot your machine, and run Malwarebytes or the equivalent to find and delete the offending stuff.
Click to expand...

I cleared "Cookies and other site data" and "Cached images and files." That seems to have fixed the problem.

I did not have to reboot. Malwarebytes scans the System every day at 3AM. SpyBot is continuously monitoring.

I am happy that fixed it but whatever it was had to have come from your Server.
 
Aerides said:
...(comes into thread getting ready to move it to the new Covid section)...

Oh THAT kinda virus! But yeah that looks like your machine.
Click to expand...

<Chuckle> Yes, I should have been more descriptive in the Subject line. I apologize.
 
I had written about this problem back in January. I get the scam hijack from other websites, too, but mostly from this one. I ran adwcleaner (one of the items mentioned in target2019's link), which found some things. Let's see if that helps.
 
audreyh1 said:
I thought Malwarebytes itself was bad actor software?
Click to expand...

Not sure where you got that idea. It's safe and effective.

BUT there are some fake versions of it that are not safe. Go directly to the source to download it.
 
RonBoyd said:
I am happy that fixed it but whatever it was had to have come from your Server.
Click to expand...

Even legitimate ads (on the side of websites) can trigger malware if that is what the malware authors have decided to use for a trigger. Websites utilize ad networks for the displaying of ads, so it isn't as if ER's servers are infected and directing malware at your computer.

Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.

I think somebody posted a link above that likely also indicates this as well, just wanted to reiterate it'd be very odd if ER's or any other typical web server was the cause of the infection.

audreyh1 said:
I thought Malwarebytes itself was bad actor software?
Click to expand...

Malwarebytes, the offiical one from https://www.malwarebytes.com/ and affectionately called MBAM, has been one of the best anti-malware software apps for at least a decade. Every computer should have it installed in my opinion. You don't need to pay for the active scan if youa are careful and OK with updting / running manual scans when you need to since that portion is free.
 
braumeister said:
Not sure where you got that idea. It's safe and effective.

BUT there are some fake versions of it that are not safe. Go directly to the source to download it.
Click to expand...

Well, I thought the undismissable pop-up I would occasionally get was from them.
 
Sunny said:
Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
Click to expand...

You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).

It is even more suspicious in that Malwarebytes, SpyBot, SpywareBlaster, Reg Organizer, WinOptimizer 17 -- which run continuously -- and a couple more that are run periodically (weekly?) have failed to detect anything unusual.

In any event, we are still good. I was merely whinning.
 
RonBoyd said:
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).

It is even more suspicious in that Malwarebytes, SpyBot, SpywareBlaster, Reg Organizer, WinOptimizer 17 -- which run continuously -- and a couple more that are run periodically (weekly?) have failed to detect anything unusual.

In any event, we are still good. I was merely whinning.
Click to expand...
Just a WAG, but how do you know those programs are all safe?
 
RonBoyd said:
:LOL: Is anyone safe, anymore? Not wanting to "knock on wood," I'll just leave it at that.
Click to expand...
1) What I meant was how did you receive the installers for the programs? E.G. I have Malwarebytes, and it came from the official site. It is possible though to download it through other sites, and it could be re-packaged.

2) I'm trying to understand how this particular pop-up comes to find its victims. Some say they never see it, and I am thinking this can be true if ads are blocked and javascript is off. However, others say it is because you are infected by malware.

As you say, is anyone safe anymore?
 
Sunny said:
Even legitimate ads (on the side of websites) can trigger malware if that is what the malware authors have decided to use for a trigger. Websites utilize ad networks for the displaying of ads, so it isn't as if ER's servers are infected and directing malware at your computer.

Your computer is infected and innocuous ads in websites may be being used as the trigger mechanism.
Click to expand...
That's not quite right. Malware already installed doesn't really need triggers; malware authors can be brilliant programmers, but there is no need for them to make things more complicated than necessary. Generally your computer is either infected or it is not. That screenshot looks to me like an attempt to infect the computer with malware by getting the user to click "update", which probably installs the malware. Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.

(Not INFOSEC/cybersecurity certified, but I work closely with certified professionals on such issues.)
 
target2019 said:
1) What I meant was how did you receive the installers for the programs? E.G. I have Malwarebytes, and it came from the official site. It is possible though to download it through other sites, and it could be re-packaged.
Click to expand...

Each of those programs were installed at some time over 10 years ago -- across all five computers. Since that time, the only thing new was routine updates/upgrades from the official sites.

target2019 said:
2) I'm trying to understand how this particular pop-up comes to find its victims. Some say they never see it, and I am thinking this can be true if ads are blocked and javascript is off. However, others say it is because you are infected by malware.
Click to expand...

I, too, am quite curious how this could happen.
 
The Cosmic Avenger said:
That's not quite right. Malware already installed doesn't really need triggers; malware authors can be brilliant programmers, but there is no need for them to make things more complicated than necessary. Generally your computer is either infected or it is not. That screenshot looks to me like an attempt to infect the computer with malware by getting the user to click "update", which probably installs the malware. Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.

(Not INFOSEC/cybersecurity certified, but I work closely with certified professionals on such issues.)
Click to expand...

Yeah, I don't believe my machine is/was infected by this "popup." I have been around long enough to know not to anything foolish -- like giving such a thing credence. I quickly closed the page without any other action. It is a valid point (and, indeed, quite perceptive) that no malware (or virus, for that matter) worth its salt is going to continually announce its presence.

On the other hand, it is curious that only one machine (out of five) on the same LAN is affected. Similarly, why doesn't the same thing occur with Chrome or Internet Explorer? Or different URLs?
 
There are two possibilities:

1. Unwanted adware on your machine or some actual malware. Scans and removal will manage these (once again recommending malwarebytes for adware).

2. Occasionally a bad ad is served that hijacks or redirects. These are especially tough to find because we each see different ad content. If it's the later AND we can get a url from the ad it can be blocked.

The site and server have been checked and rechecked and we are confident that there's no virus or malware being served.
 
RonBoyd said:
You may be correct. However, it only affects the Early-Retirement.org website (on this one machine).

...
In any event, we are still good. I was merely whinning.
Click to expand...

Flip side though is if it were the ER servers more of us would be having the issue.

And I didn't think you were whining.

The Cosmic Avenger said:
Once the target computer is already infected, malware will generally try to stay invisible to the local user, otherwise it risks detection and removal.
Click to expand...

Which is the reason some, not all, malware may try to use triggerss to trick the user in allowing for further infestation of more unwanted programs.

But yes, most adware / malicious stuff using ad networks wouldn't be this sophisticated.
 
My first impression when seeing the screen grab on the OP was some sort of phishing scam or ransomware. I've run into my share of fake "your system is borked ..." popups to kind of know what is real and what is not. Though some of them do look almost real.
 
I'm having the same problem and yes only on this site...
 
I was busy before, but now to address the OP: it's not uncommon for ad networks to get fooled and occasionally host and distribute ads that load malicious scripts that try to get you to download malware. I've seen this become a recurring problem (infrequent, but unfortunately not rare) on a few other sites. That is what this seems to be, and the only thing that can be done is to report it to the ad syndication network. They try to keep these out, but obviously some slip through. Just like app stores, either the checks can be fooled initially, or more often bad actors will actually submit something legitimate and later swap it out for something malicious.


EDIT: Bascially, #2 in Janet's post.
 
Last edited:
Janet H said:
If it's the later AND we can get a url from the ad it can be blocked.
Click to expand...

I don't have the complete Address (it was five or six pages long -- MS word -- but it started with https://lederhosen5.site. I will try to capture the complete address if It comes up again. (I have accessed this website numerous times since my "fixed it" post with no re-occurrence.)
 
I also got pop ups when I had this site open twice this week.....cleaned up browsing history and ran Malwarebytes scan. No issue past two days now.
 
You must log in or register to reply here.

Similar threads

S
Amazon consumer issue, heads up PSA
2
Mr Gadget
Mr Gadget
John Galt III
Annoying 'click continue to add the extension' pop up is just regular ad, or virus?
lucky penny
lucky penny
street
Help to stop Adchoices Ads
donheff
donheff
Route246
Travel Hack - Works for Me
2
CarbonaNotGlue
C
Qs Laptop
AdGuard Self Installing on My PC?!
target2019
target2019

Latest posts

Back
Top Bottom