Trojan on TPU

[DaedalusHelios]

I just opened the homepage, and within 30 seconds, it redirects to a blank PDF with this URL:

http://ta.oqwerzx-blocked-cew.com/zzoiewur-blocked-wwoiu/pdf.php?id=15016&vis=1

Don't click that link people! ROFL

 

[DanishDevil]

What is it? It just came up blank for me, but my Adobe Reader install is effed up.

 

[BloodTotal]

kaspersky ftw

 

[DaedalusHelios]

What is it? It just came up blank for me, but my Adobe Reader install is effed up.

Adobe reader exploits are pretty common. Uninstall your adobe reader software completely and reinstall with the latest version and you should be fine aside from the malware on you computer now.

You can use avast to find it all and delete it with a simple scan.

Avast can be Downloaded here and its free: http://www.avast.com/eng/download-avast-home.html

 

[DanishDevil]

I usually don't use antivirus anything. I'm reformatting the lappy soon anyway, because W7x64 won't support my touchpad driver, so I can't disable the tap-to-click and it's driving me BONKERS.

 

[Bundy]

You have truck-loads of spyware on your machine. TPU is not even related to it. See those contextual links over "CPU" and "Intel" in that news post? We didn't add it, don't add it, and have no tie-ups with any company that adds contextual links to our front-page content.

Hey Btarunr can you elaborate on this a bit more? I just noticed that I have them as well but most just dissappeared from the front page.(in the last hour) Also, the ads seem to be from Intellitxt, and this is mentioned in the last line of the source code for the front page, i.e. <script type="text/javascript" src="http://techpowerup.us.intellitxt.com/intellitxt/front.asp?ipid=2906&amp;KWPN=1"></script>

Do I really have a rig full of spyware? Spybot gives me the all clear (except for some tracking cookies, are they the problem?)

 

[Polaris573]

Intellitext is part of Techpowerup's ad service. You can disable it by going to user cp > options > and scrolling all the way down the page to the in-line text ads section > choose your preferred setting in the drop-down box.

 

[Silverel]

Intellitext is part of Techpowerup's ad service.

Ad services pay for the site. Don't disable them unless you're handing w1z some cash.

 

[W1zzard]

i disabled additional advertisers. please report if you still see the warnings pop up.

as registered user you are free to disable intellitxt via your user cp (because i know it is annoying). if you can live with it let it on, though.

 

[Castiel]

I have had warning only on my folding PC, so Im not going to worry unless it starts to work on my main computer.

 

[Silverel]

I cleaned my cookies and came back for one of these

 

[W1zzard]

I cleaned my cookies and came back for one of these

this was just now ?

 

[Silverel]

yep, and again too.

This one is actually pretty persistent. It doesn't come back on refresh, but every 3-4 times it will.

 

[btarunr]

lol that's because you're looking at this page, post #101 in this page has a quote with a link to that malware site.

 

[Silverel]

lol that's because you're looking at this page, post #101 in this page has a quote with a link to that malware site.

durr... Yeah. That might have something to do with it I suppose.

 

[DanishDevil]

lol that's because you're looking at this page, post #101 in this page has a quote with a link to that malware site.

Yeah, that's the link I posted that it redirected me to (it's a PDF exploit if you read back).

 

[ty_ger]

Twice while on this site I have had the TPU window close and a popup say that my computer is infected with a virus and I must buy X program in order to rid my computer of this Virus. What I just described is an obvious malicious advertisement. It closes my browser window and opens this fake windows alert box. It also has confusing instructions where if you hit Cancel, it opens the website which is selling the software.

This has happened to me twice on this website and only on this website. Something you may want to look into.

 

[zithe]

Twice while on this site I have had the TPU window close and a popup say that my computer is infected with a virus and I must buy X program in order to rid my computer of this Virus. What I just described is an obvious malicious advertisement. It closes my browser window and opens this fake windows alert box. It also has confusing instructions where if you hit Cancel, it opens the website which is selling the software.

This has happened to me twice on this website and only on this website. Something you may want to look into.

I've had that once or twice, but it usually happens when I walk away to get a drink or something. I come back and click what I think will stop it and more tabs. :\

 

[Valkyrie Horde]

I just got a warning saying that I have an actual virus, and I scanned and I found one. And this is my home page.

 

[DaedalusHelios]

I just got a warning saying that I have an actual virus, and I scanned and I found one. And this is my home page.

95% sure thats a coincidence.

 

[verdy_p]

Trying to load this site will effectively attempt to insert and report a tracking cookie, but the report given by my antivirus is not just this cookie (trackign cookies are easy to eliminate), but the fact that the ad displayed is featuring a malicious Javascript, atetmpting to exploit some system security issues.

Read the report about JS.pdfka.bs. effectively, the javascript attempts to redirect the ad to another site hosting a dangerous malware.

So please TPU, report this issue with your advertizing providers so that they block (and fine) this abusive advertizer for abuse of contracts. And consider yourself choosing better advertizing programs that are better verified. It is not acceptable for any ads you are refering to from a site to include any random redirect. In fact, you should proxy ALL your ads yourself, through your own server that will verify its contents and format, and cache it before sending it to your visitors. For the tracking cookies that some advertizers want, also make sure that they are ONLY single downloads of a single pixel image (disable all active components downloaded in response for this cookie, like Javascript and Flash: include an isolation mechanism to protect your visitors, or propose to your advertizers to host this cookie yourself: give them back only digested lists of cookies: those advertizers NEVER need to know anything else than a unique user id, a date of visit and the base URL of the visited page: these cookies should only be used for computing statistics and enhancing their products or measuring how their ads are perceived and if some people are clicking on their banners to follow the link to their sites: this impact determines the price they are ready to pay you for these ads, but NONE of your visitors should be forced to download active components on their PCs)

Consider also subsribing to a serious security inspection company that will alert you immediately in the case of one advertizer abusing your contract and site usage policies: you should be able to plug it off immediately, otherwise your visitors will claim to you fees for damages).

 

[W1zzard]

which ads are you refering to ? which tracking cookies? which security inspection company?

 

[DonInKansas]

I have avast an it's NEVER told me TPU is giving me viruses.

Just lucky, I guess.

 

[Charper2013]

I have avast an it's NEVER told me TPU is giving me viruses.

Just lucky, I guess.

Only happened to me once.. And that was while downloading SuperPI

 

[amd64skater]

Already been/being discussed.
http://forums.techpowerup.com/showthread.php?t=83008

If you really think it is something you're going to have to be more specific and show which add gives you the problem. Like the URL or something. Not just, "That add for the Radeon 4850" or something vague like that.

this is to thermopylae_480 i know this is a thread for a trojan but its malware im getting solaris17 is right this is something different

this is was solaris17 posted
Quote:



dude i just got that!!! like 20min ago it said windows explorer and the message said your system is infected with malware please. run a scan. my system doesnt have any virus's on it and i havent gotten it again.

and no this is not the same as the TPU "trojan" thread i can tell you this is something diffirent.


im just wondering if anyone can figure out where this is coming from like i said i have only got this in the case mod gallery only.Im just trying to help narrow this down. It only happened as soon as i open the case mod page i wasnt able to click on anything. i clicked on the case mod tab and then strait to the scan for malware thing that wouldnt let me close it out unless i used task manager to close IE. I hope that helps in detail next ttime it happens ill hit the printscreen button to show the whole thing.
oh and this is nothing against you thermopylae_480 i know you are trying to help.