Pop-up Windows, Mal-vertizing, Cretins Delight

I'm lost and not sure.(Discombobulated)

Moderators: Way, Russtronic™, Omen, Abe


Topic Author
rodentraiser
Heart on for IceFlims
Posts: 111

PUM Hijacker

Post#1 » Fri Sep 11, 2015 2:39 pm

It seems like I pick this up every time I click on Icefilms, but it's never been a problem before. But yesterday, when I clicked on Icefilms, I got a hijacked page for the Microsoft scam, telling me my computer is infected and call them and so on and so on. Last night, it finally got to where I couldn't close the page any longer. I could open a new web page in the browser, so that was fine. I finally got rid of the whole thing by running Malwarebytes before I went to bed and then restarting my computer. I then turned my computer off and restarted it this morning with no problems.

Then, several minutes ago, I clicked on Icefilms for the first time this morning and the hijacked page came up again, so I thought I should let you guys know.

I am still running XP on a PC (maybe I shouldn't, but the alternative is a whole new computer and I just can't afford that right now), Windows 32bit and my current browser is Pale Moon. I have Avast and Malwarebytes for protection.

User avatar

JonnieGee
code of Deez
Posts: 81
Contact:

Re: PUM Hijacker

Post#2 » Fri Sep 11, 2015 3:22 pm

I get the same thing. I had to go through everything, change all settings, get things all cleaned out, and get hijacked again next time I came to ICE. It's getting pretty frustrating. I can stop the fucked up java script from completing the hijack and opening a new tab page redirect to the scam sites, but then you have to close the new tab page over and over each time you open a new link oh ICE. It used to actually be safe to click on an ad in ICE now and then, but not anymore. Doesn't make you feel real confident about 'donations' until the hijack issues are resolved.
RESISTANCE IS NOT ALWAYS FUTILE

Image


NIceFilms
meh
Posts: 12

Re: PUM Hijacker

Post#3 » Fri Sep 11, 2015 4:25 pm

All of a sudden today [September 11] I'm getting a ton of pop-ups as well.
a few AVG warnings, and only while visiting icefilms.
I've never had this issue before, and I use adblock and adblock plus in my Firefox browser.

Some examples:
DO NOT CLICK ON ANY OF THESE !!!
I AM SURE THEY ARE NOT SAFE !!!!
http://show.1afcfcb2c.ninja
http://1ywg0w.happysweeps-winningstoday.com
http://data.sugarlistsuggest.info
https://s3.amazonaws.com
http://official.surveystobeheard2015.com
http://chachagong19.com/lp/1560/101/free/java

User avatar

JonnieGee
code of Deez
Posts: 81
Contact:

Re: PUM Hijacker

Post#4 » Fri Sep 11, 2015 4:46 pm

After just getting this redirect ransomware hijacker that locks up the browser, we really need to do something about this stuff. Seriously, I think the hardest pill to swallow is that developers need to trash JAVA and FLASH both. The percentage of vulnerabilities in both formats is astronomical, and climbing fast. For all we know, it could be easily be be a .gov agency or entertainment industry group(s) engineering some of these exploits. Some of this stuff is simply too advanced to be just some guy named "Vladimir" in Romania hacking out malicious code from an internet cafe in Bucharest. Nothing's going to chase users off ICE faster than ransomware exploits.

Whatever you do, DO NOT CLICK ON THE "X" OR TRY TO CLOSE BY OTHER MEANS, AND DO NOT CALL THE NUMBER SHOWN. Unless you know what you're doing, just "Ctrl_+_Alt_+_Del" and power down your device. At least then you have a chance to start over and avoid the shit.

Image

Image

Image
RESISTANCE IS NOT ALWAYS FUTILE

Image


ServerFailure
no0b
Posts: 1

Re: PUM Hijacker

Post#5 » Fri Sep 11, 2015 4:50 pm

data.sugarlistsuggest.info 127.0.0.1
show.1afcfcb2c.ninja 127.0.0.1
helpstreaminglive.com 127.0.0.1
supportdesk.com-services.space 127.0.0.1
draftkings.com 127.0.0.1
cmdsupport.net 127.0.0.1
3s.amazonaws.com 127.0.0.1
ads.comeadvertisewithus.com 127.0.0.1
get.sugarlistsuggest.info 127.0.0.1
lmfo.info 127.0.0.1
protectpc3.xyz 127.0.0.1

More websites to add to your hosts file. I don't know who the IceFilms Admin is, but they need to resolve this issue quickly before all the users find other websites. This used to be a good place.


doombadger
meh
Posts: 5

Re: PUM Hijacker

Post#6 » Fri Sep 11, 2015 4:56 pm

Yes I got this as well. I've let the boys at Torrentfreak know so I imagine they'll be in touch. Not good at all.


mark manning
meh
Posts: 8

New pop up maleware ads

Post#7 » Fri Sep 11, 2015 6:35 pm

Hello Everyone,

I have been an avid icefilms user for years now. However, recently over the last few days I have noticed anytime I touch a new link a new page opens up trying to trick me into installing maleware and the worst part is I can't close the page without forcing chrome to quit. I understand the site needs to make money to stay alive but there has to be a better option.


With that being said, I do want to thank everyone involved with icefilms for all that they do!

Also, if for some reason this is posted in the incorrect section, I apologize in advance.


fnuhenry
no0b
Posts: 1

Re: PUM Hijacker

Post#8 » Fri Sep 11, 2015 7:00 pm

JonnieGee wrote:After just getting this redirect ransomware hijacker that locks up the browser, we really need to do something about this stuff. Seriously, I think the hardest pill to swallow is that developers need to trash JAVA and FLASH both. The percentage of vulnerabilities in both formats is astronomical, and climbing fast. For all we know, it could be easily be be a .gov agency or entertainment industry group(s) engineering some of these exploits. Some of this stuff is simply too advanced to be just some guy named "Vladimir" in Romania hacking out malicious code from an internet cafe in Bucharest. Nothing's going to chase users off ICE faster than ransomware exploits.

Whatever you do, DO NOT CLICK ON THE "X" OR TRY TO CLOSE BY OTHER MEANS, AND DO NOT CALL THE NUMBER SHOWN. Unless you know what you're doing, just "Ctrl_+_Alt_+_Del" and power down your device. At least then you have a chance to start over and avoid the shit.

Image

Image

Image



What happens if you clicked "X" and how do i cleanup. :( (:|


patty1h
Average User
Posts: 37

Re: New pop up maleware ads

Post#9 » Fri Sep 11, 2015 7:45 pm

Happening to me too.


IrishVince
meh
Posts: 5

Pop-up window

Post#10 » Fri Sep 11, 2015 7:59 pm

I got a pop-up window to something called My Cash Bot when I clicked the icefilms homepage icon. Just for your guys knowledge.
Also on a side note, did you guys wipe older accounts. I haven't posted or logged in a few years and I couldn't find my old account.

Cheers,

Edit,

Not only My Cash Bot, I'm getting redirected to many other scheme sites whenever I click the Home Icon for Ice and even the Forum Icon. It's happening a lot today, I never had this issue before.


Topic Author
rodentraiser
Heart on for IceFlims
Posts: 111

Re: PUM Hijacker

Post#11 » Fri Sep 11, 2015 8:24 pm

Go to cnet.com and download Malwarebytes. Run it and that will get rid of the hijacker.

I didn't mean to start an epidemic here! But for the record, I'm not clicking on ads, I can get to the main Icefilms page without a problem, but it's when I go to read the description of a movie or TV show that I get the pop up page. I'm thinking it's an ad or a script somewhere on the page that is doing it.

Anyway, I can get rid of it, so it's just a nuisance for now. I just hope it doesn't get any more serious. Whatever you good guys at Icefilms can do, believe me it would be really appreciated. You guys rock and don't you forget it!

By the way, Server, this is still a good place. Things happen sometimes, but they always get set right again. Have faith in the people on this site. They always come through. .

User avatar

JonnieGee
code of Deez
Posts: 81
Contact:

Re: PUM Hijacker

Post#12 » Fri Sep 11, 2015 10:05 pm

So, I had a couple people from my cyber security team run some tests. They found the pop-ups are often triggered by keywords in the website itself. The "BSOD Error 333 Registry Failure" pop-up, “CLUSTER ERRORS DETECTED ERROR 777" pop-up, or any number of similar pop-ups might offer a social engineering scam such as a Flash Player update, a Browser Update or redirect you to a bogus telephone support scam to "fix your computer." As the pop-ups are so random it’s hard to say which pop-up might occur on your computer; as stated above these pop-ups are based on keywords found in the content of the website. Clicking on different word links will pop-up different scams, some of which are far more serious than others.

If you clicked on the "X" box to close or clicked on "OK", there's a generally accepted procedure to rid your system or device of any related viruses, malware, spyware or other exploits:

OPTIONAL – Close the pop-up

Step 1 – Remove pop-up using AdwCleaner

Step 2 – Remove files with MalwareBytes Anti-Malware

Step 3 – Remove from your browser with Avast Browser Cleanup

Step 4 – Optional step: Reset browser settings

(If you experience any of the pop-ups on Mac OSX from Apple, follow this generic guide to remove adware from Apple Mac OSX: https://www.fixyourbrowser.com/how-to/remove-adware-mac-osx-safari-chrome-firefox/
(for the Safari, Google Chrome and Mozilla Firefox browsers in Mac OSX)

Here's a link to the information at FixYourBrowser.com for MS Windows systems. It doesn't matter which scam you're encountering, the repair instructions are pretty much the same for all of them. The site includes secure download links to all the cleaners they talk about, and there are free versions of each of them that are fully functional. Just follow the instructions and it's pretty simple. https://www.fixyourbrowser.com/removal-instructions/remove-cluster-errors-detected-error-777-pop-up-tech-support-scam/

If it's more serious and other things don't work, there are a lot of free resources to help you.
- Free Virus Removal Tools at SOPHOS.com: https://www.sophos.com/en-us/products/free-tools.aspx

- McAfee is committed to security and provides an assortment of free McAfee tools to help, including rootkit scanners: http://www.mcafee.com/us/downloads/free-tools/index.aspx

- SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms. SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove. Here's the link: http://www.superantispyware.com/superantispyware.html

You should be fine! Just don't call them or give any credit card or other financial data to ANYONE related to these scams!
RESISTANCE IS NOT ALWAYS FUTILE

Image


Topic Author
rodentraiser
Heart on for IceFlims
Posts: 111

Re: PUM Hijacker

Post#13 » Sat Sep 12, 2015 12:26 am

That's interesting what you're saying about a Flash Player update scam. I have Adblock Plus and generally I don't see any ads at all. However, every time I've had the window pop up (and I'm getting very good at closing it fast before it even loads). the page that I'm trying to view has a Flash Player ad on it that says I need to upgrade my Flash player. What do you want to bet.......

About closing the pop up window, though. I was dumb and tried to close out of it on the 'Leave Page' thingy yesterday and I think that's why I couldn't get it to close. If this happens to anyone, don't panic. Just open up a new window in your browser and proceed from there.

Thank you for all the info!

User avatar

JonnieGee
code of Deez
Posts: 81
Contact:

Re: PUM Hijacker

Post#14 » Sat Sep 12, 2015 12:35 am

I didn't think most of it really applied to you. Just with so many people getting the pop-ups and freezes and then looking at this post thread, thought it might be helpful to some of those users. First time it happens to someone, it can be pretty traumatic. Some of those resources might make things a little easier for them. (y)
RESISTANCE IS NOT ALWAYS FUTILE

Image


Wax
Average User
Posts: 38

Re: New pop up maleware ads

Post#15 » Sat Sep 12, 2015 8:22 am

This was buggin the shit outta me too; I had to manually block the domain with AdBlock Plus. I think the domain you wanna block is:

http://www.adcash.com/*

...but I can't remember for sure if that was the domain that was causing it. If you have ABP installed you should be able to see any unblocked elements if you choose the option "Open Blockable Items" and look through the list. If you don't use a browser that supports AdBlock, you could also probably do it by adding this domain to your HOSTS file.

But it IS blockable, FYI...

Return to “General Help”

Who is online

Users browsing this forum: No registered users and 1 guest