NationStates Jolt Archive

Hello, I was just logging on to check some threads when a warning of potential Malware on the website came up. It said go to: "h50.ewwq8eipqo.com" in order to browse on a safe browser.

I've Googled said website, no results and the given URL reminds me of a few emails I have received every so often. It could be a Trojan Horse, I don't know. But a friend of mine logged on through his account, same warning came up.

Just thought you mods should be aware.

I was about to start a thread in technical about this, my anti-virus is freaking out over it. I've changed back to firefox for the evening so I can use ad-block again, but I thought you guys should know.

Transferred to Technical. Thanks for the headsup.

Joe Obvious I says: Don't click on it.

I'm passing the buck/kicking it upstairs as effectively as I can. Techknowing folk will be along to deal with it as soon as possible.

Well, yeah, don't click on it, but also don't let it load on your page, it's trying to download a trojan horse as the forum loads.

I remember now - a few days ago, NOD went crazy when I was browsing NSG. I blocked the threat, and nothing bad happened. It did strike me as odd, but it only happened once.

Just to clarify, this was on the Forums? Possibly related to an ad?

If so, we'll raise it to Jolt admins. If not, please specify where it came up.

If anyone else gets this, please do a screenshot of the screen, particularly the ad that's up. We've had a couple reports of malware attempts from NS2, but this is the first I've seen on NS1.

I clicked on a bookmark for one of my Rps and it came up. I closed it after seeing what it was.

Pardon my butting in... this is definitely a trojan downloader. Here's a link with further information for those interested in the nitty gritty:

http://www.threatexpert.com/report.aspx?uid=0199b88d-f9c6-47e9-9d6b-5edc553497c4

I'm with Joe Obvious: don't go there! ;)

It's a banner ad on the general forum of NSg. I don't go to any other forums so I don't know if it's affecting other ones.

Thisis the text of the item cause im getting it too, Thank god i own a mac ;)

Warning:visiting this site may harm your computer

The website you are visiting aappears to contain malware. Malware is a malicious software that may harm your computer or otherwise operate without your consent. Your computer can be infected just by browsing to a site with malware, without any further action on your part.

For detailed information about problems found on this site, or a portion of this site, visit the Google Safe Browsing diagnostic page for h.ewwq8eipqo.com

Then below it is a clickable button ignore warning Go back

I can't get a link, as the address window doesn't change when it comes up. I refresh, and it goes away. I'll try to Grab it when it happens again.

60846

Here it is.

Thanks for the reports - I have passed this up to the ad people to get removed.

I'm getting a completely different URL with this message -

2/10/2009 8:31:57 PM SYSTEM 736 Sign of "JS:Packed-T [Trj]" has been found in "http://b.qweoixiczoiuwq.com/zzzweoiruw/pdf.php?id=15546&vis=1" file.
2/10/2009 8:31:57 PM SYSTEM 736 Sign of "JS:Packed-T [Trj]" has been found in "http://b.qweoixiczoiuwq.com/zzzweoiruw/pdf.php?id=15546" file.
2/10/2009 8:32:17 PM SYSTEM 736 Sign of "JS:Packed-T [Trj]" has been found in "http://b.qweoixiczoiuwq.com/zzzweoiruw/pdf.php?id=15546&vis=1" file.
2/10/2009 11:29:55 PM SYSTEM 736 Sign of "JS:Packed-T [Trj]" has been found in "http://b.qweoixiczoiuwq.com/zzzweoiruw/pdf.php?id=15060&vis=1" file.
2/10/2009 11:29:56 PM SYSTEM 736 Sign of "JS:Packed-T [Trj]" has been found in "http://b.qweoixiczoiuwq.com/zzzweoiruw/pdf.php?id=15060" file.
2/10/2009 11:30:15 PM SYSTEM 736 Sign of "JS:Packed-T [Trj]" has been found in "http://b.qweoixiczoiuwq.com/zzzweoiruw/pdf.php?id=15060&vis=1" file.

I've now blocked all scripts, but that's the URL it was trying to direct to.

Tech department say could you possibly provide a screenshot, a copy of the creative or a destination URL please?

<snip>
Here it is.

Was that the warning screen from your antiviral, or the ad itself?