General discussion

Locked

Another ad deluge from TR

By gralfus ·
I just got another popup deluge from **** here on TR. Here is the site that tried to load about 100 times:
http://view.atdmt.com/DEN/iview/cntnkcdd0010000369den/direct/01/2004.12.07.22.19.48?click=

Was able to finally stop this one without rebooting, but I don't think I should have to deal with this at all, TR.

Fellow techs, could this happen for any other reason? I had that site (view.atdmt.com) redirected in my hosts file to 127.0.0.2. Is there any reason that would cause a window to load repeatedly?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Seen that address - but not to that extent

by house In reply to Another ad deluge from TR

I don't have that problem, although I have seen that site pop up in my status bar.

Looks to me like you haven't taken the proper security measures with your browser. IE's default will not suffice. Get SP2 with the pop up blocker, or use a Mozilla based browser like Firefox.

Collapse -

Already in place

by gralfus In reply to Seen that address - but n ...

Popup blocker didn't stop it. That is why it is so frustrating. I would think that any remote code wouldn't get past the hosts blocking, and certainly not past the popup blocker. That's why I was curious if anyone had seen this sort of thing.

Collapse -

based on that information . . .

by apotheon In reply to Already in place

If you have a popup blocker running and you're still getting popups, this tells me two things:

1. You're probably using Internet Explorer.

2. You've probably got some kind of adware, or similar malware, on your system.

There's no such thing as a system that will both allow IE to reach the web and perfectly protect against IE-targeted spyware and adware. Because of IE's hooks deep in the Windows operating system, there is essentially a direct pass-through between webpages you visit and your operating system. This allows your browser to perform certain administrator-level actions, both on the system in general and more specifically with applications to which IE has direct access (which generally includes at least those Microsoft applications that are web-enabled).

I recommend you get Bazooka from kephyr.com, Spybot Search and Destroy from safer-networking.org, and Ad-Aware from lavasoft.com, and use all three of them to scour out your system (in addition to using whatever antivirus software you have to double-check for virus, worm, and trojan activity). If you're on a corporate machine where you're not allowed to install software, let your IT department know that you think you might have picked up some malware and would like to get it cleaned up.

You might also look into getting the Firefox browser from mozilla.org, which is essentially immune to the sort of malware that you're probably suffering through. Again, that could be difficult to arrange if you're on a corporate intranet.

Collapse -

What are you seeing in the pop-ups?

by RexWorld In reply to Another ad deluge from TR

Could you describe what you see in the pop-ups? We are very careful about what kind of ads we allow--one kind of ad is allowed to leave behind a small window (called, of course, a leave-behind). But that's the only thing approaching a pop-up that we do.

Any other kind of open-window event requires that you click on the banner, we don't allow the ads to just open new windows on their own. At least that's my understanding of the ad policy.

Collapse -

Blank

by gralfus In reply to What are you seeing in th ...

The pages that pop-up are blank, probably due to the hosts file redirection to 127.0.0.2. Perhaps there is some code that tries to load the ad page and it gets stuck in a loop since the page doesn't actually load, like it is waiting for a bit of confirmation code that never arrives.

It always has happened after I reply to a posting and then click the back arrow to get back to the list of posts.

Collapse -

You've got a Bot

by house In reply to Blank

You have a bot installed on your system.

Are the blank pages being loaded at all with drive letters? IRC punks strike again. Put up a firewall to log it properly. Sygate will allow you to backtrace high security level threats.

I suppose you could use the Windows Firewall "text" logging, but it is difficult to scan over because it is a "text" file.

Collapse -

No, actually I don't

by gralfus In reply to You've got a Bot

That was quite a leap you made there. I'm behind a corporate firewall, no adware or spyware present. All the blank pages had the same advertiser address I posted already. This leads me to think there is a bit of code that was checking to see if the page loaded and kept reloading since the address was blocked in hosts.

Collapse -

Reason for my "leap"

by house In reply to No, actually I don't

...I deal with this crap every single day. I didn't mean to sound so assured about your case. In 95% of my clients, this type of activity is associated with a backdoor program that has been snuck into your computer.

I was not aware that you belong to an internal network - with a hardware firewall in place. I've seen problems with blank pages loading in an attempt to access local files through web. I know quite a bit about how this kind of attack works, and I automatically assumed that you were experiencing the same.

By the way, I received the same messages on my home PC as well (right after I left my post)... and I can assure you that my PC is a small fortress.

I agree with your conclusion. I think that my security settings are blocking a script though - I don't think it is a host address. I am not blocking any fqdn's or known ip's. Try tweaking your browser security settings if the problems persist. I have only seen it once for a period of about 5 minutes.

Collapse -

Turn off Java and Active X

by jdclyde In reply to Another ad deluge from TR

If scripts, java, active X are all allowed to run wild then your system will be toast in no time.

I run FireFox and never get a popup from TR, not even the popup notification that one was blocked.

Another posibility, if you have a browser highjack that went off at the same time you were at TR?

Have you scanned for them?

Lock down IE, switch to another browser or both and life will be good.

Back to Community Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums