At 2/12/11 12:44 AM, Yert wrote: >Internet Explorer

WELP, found your problem.

hahah, google chrome gets no shit :)

Yeah I got this popup this morning, I have four pcs and only use IE on one of them, then I went and checked with the other machines on IE and same thing. All four of my computers do it, only on NG, and only in shitty IE. Firefox and chrome gimme nothing, all machines look clean. I'm pretty good about keeping them clean/fighting virus.

I feel a little better seeing other people report it as well.

It pops up the ad for me too. Kinda unrelated, but lol at "Hard Disk Drivers". If it is something with the security settings, it should be relatively easy to find, albeit take a while. Going into custom settings and manually enabling things from lowest settings should find the problem. Trying it right now.

Everyone try to disable XAML applications and see if that blocks the attack. Worked for me.

HEy guys click this link! Here

Stopping it isn't really the issue. It's finding the source of it, if it IS NG homepage then it needs to be fixed before in infects more computer illiterate visitors.

Stopping it locally I mean. It's easy to not get the virus, but the danger it shouldn't be left on the site.

At 2/12/11 12:39 AM, blackattackbitch wrote: I thought I had managed to get a malware infection from the millions of porn sites I visit each day.

That explains everything

Well, Internet Explorer is SH!T. so why use it?

Okay guys, so it's definitely NG.

The results of my findings:

fmsmedia.net, one of the sites that advertises on NG, is using a script to redirect users from NG to various sites, which then proceed to essentially lock you out of internet explorer until you manually close the program and start it up.

The script is initiated every time it's banner ad loads. By blocking fmsmedia.net in IE, I also disabled one of the possible ads that can appear on the site. It's not the fault of NG, but rather, it's advertisers. Since I now have definitive proof, I'll throw this theory by Wade and see what he says.

you may have found a bandaid fix i did the same and it disabled that banner ad but still this should be brought up even though we have a bandaid fix on it there are still others that can be afflicted so they need to remove the source of the redirects

At 2/12/11 12:47 AM, Leidolfr wrote: Don't use i.e for anything period, even if ie isnt the problem, still blows massively.

What's wrong with IE? I'm not going to be a fanboy and argue that one is better than the other. I'm just curious, what makes IE suck so much? I've never had any problems with it.

The exact link of the ad that's causing the problems:
http://fmsmediaDOTnet/id4291/?ad=4267;p=
5;q=4261

It's this exact link, I've even tried opening this link in a separate tab on IE and got redirected to the malware site.

funny thing though: Opening the link in Firefox just sends you back to google.com

I contacted Wade about it and pointed him to this thread, so if any of you guys who are getting the popup could post your OS and version of IE it might help him out if he comes to look.

At 2/12/11 11:42 AM, Hyptosis wrote: I contacted Wade about it and pointed him to this thread, so if any of you guys who are getting the popup could post your OS and version of IE it might help him out if he comes to look.

Windows 7
IE8

I don't have the problem anymore because I blocked the site.

Why don't you try opening it on firefox or chrome, then?

Vista
IE8

At 2/12/11 10:44 AM, blackattackbitch wrote: fmsmedia.net, one of the sites that advertises on NG, is using a script to redirect users from NG to various sites, which then proceed to essentially lock you out of internet explorer until you manually close the program and start it up.

Thanks for isolating fmsmedia.net - CPMStar couldn't find any trace of the URL that users were being directed to, but I just forwarded this one along to them and it sounds like it should show up in their system, at which point it will be removed. Fingers crossed!

At 2/12/11 12:24 PM, TomFulp wrote:

Thanks for isolating fmsmedia.net - CPMStar couldn't find any trace of the URL that users were being directed to, but I just forwarded this one along to them and it sounds like it should show up in their system, at which point it will be removed. Fingers crossed!

His Fulpyness has spoken!

At 2/12/11 12:24 PM, TomFulp wrote:
Thanks for isolating fmsmedia.net - CPMStar couldn't find any trace of the URL that users were being directed to, but I just forwarded this one along to them and it sounds like it should show up in their system, at which point it will be removed. Fingers crossed!

I really hope so Tom because it took me almost all night to block it.

i hope so tom i just came back to check on the post and my antivirus gave me a warning for this site (its never done this before) and said it was an infected site lets hope you get that redirection out

At 2/12/11 12:46 AM, blackattackbitch wrote:

At 2/12/11 12:44 AM, Cericon wrote: Get FireFox.

Using it right now.

Also, found an alternate name for the website:

safe-antivirsentinelDOTrrDOTnu

Got two names, time to do some research.

Use Adblock Plus for Firefox maybe?

fmsmedia is not showing up in their data either - so my only guess is if they are running a third party ad that is pulling it in. When you guys block it, which ad unit on the front page does it appear to be? The top 728x90 banner? Anyone have any additional info, URLs?

There is an ad that slipped through Tom or so I believe, that redirects you to a site that then gets in your computer.

At 2/12/11 03:10 PM, TomFulp wrote: fmsmedia is not showing up in their data either - so my only guess is if they are running a third party ad that is pulling it in. When you guys block it, which ad unit on the front page does it appear to be? The top 728x90 banner? Anyone have any additional info, URLs?

i have no additional information Tom but when i blocked fmsmedia the top banner wouldnt display sometimes so maybe that helps

At 2/12/11 12:24 PM, TomFulp wrote: Thanks for isolating fmsmedia.net - CPMStar couldn't find any trace of the URL that users were being directed to, but I just forwarded this one along to them and it sounds like it should show up in their system, at which point it will be removed. Fingers crossed!

Tom, have their website redirect to newgrounds. Give them a taste of their own medicine.

IF you DO get it exit out as fast as possible. Or you can hack into their server so when they go to it It downloads on their computer and they get a virus that says "Your a gay virus sending faggot - Newgrounds.com"

I got the same thing early. I didn't click anything I just ended the program using the task manager and tried getting back on. Thus far nothing has happened.

I just pulled some of CPMStar's ad code off the front page that I think would be the most likely culprit (the pushdown code at the top of the page) - so far I haven't gotten that ad in IE since, so let me know if you get the bad ad any time after 10:10am EST this morning.