Jump to content

Saintsweb adding malware to my PC.


Draino76

Recommended Posts

Each thread I look at takes about 30 seconds to load, as opposed to other websites that load instantly as I have about a 15 meg broadband connection.

 

I keep seeing notifications like 'transferring data from adclick.com or heavy hearted.com', which I assume is not good.

 

WTF is that all about?

Link to comment
Share on other sites

I was having this problem on my android tablet so installed Ad Blocker Plus and that seems to have done the trick for now. BTW you can't get it through Google Play so have to change your security settings to download it directly from the Ad Blocker Plus website. Hopefully it keeps working as I was getting fed up with the redirects and being told I had won an iPad Air.

Link to comment
Share on other sites

Firefox but the problem is also apparent in chrome

 

Link to the screenshot as I'm not sure how to attach files from my pc only how to attach from url.

 

http://postimg.org/image/ofexnlp1p/

 

Bah... scratch it, it appears I may have picked up ad-ware from somewhere, god knows how considering I'm not exactly the most adventurous browser :uhoh:

Edited by farawaysaint
Link to comment
Share on other sites

I am also getting pop-ups on my notebook. I use chrome. Pop-ups only when I am using saintsweb. Maybe I got adware from elsewhere, but strange it has occurred now - same time as others. (No idea how to put up screenshots).

Link to comment
Share on other sites

Still getting them every couple of mins and only on this site. PITA.

Did you use adblocker?

On a samsung tab BTW.

Cheers

Can you take a screenshot of a page with a popup showing?

 

Our ads are set up to only display "inline" ads, i.e. no popups or overlays. However, it's possible that a stray one could slip through the system if the agency that created the advert set it up incorrectly (i.e. said it was an inline ad when it was an overlay, etc). If we can get the URL of the advert then we should be able to shut it off at source.

Link to comment
Share on other sites

I re-emphasise... there is very little I can do unless you can provide me with either a screenshot of the offending advert or the HTML output of the page ("View Source" on most browsers), along with the specifics regarding your setup, i.e. browser and operating system. The advertising displayed comes from a variety of sources, and the only way we can determine whether it is something our advertisers are doing is with that information.

Link to comment
Share on other sites

  • 2 weeks later...

It's happened again, a screenshot was taken of the app store item I was diverted to, will try to upload later.

 

For immediate reference though the item I was advertised was 'Wartune: Hall of Heroes' by a publisher called Kabam.

Link to comment
Share on other sites

hi baj, i have reviewed colins posts and he is using an iPhones 5. He mentions this fact in post #31. It also does it on my iphones, you get binned off to app store and it tries to make you buy a game, usually one about RPG with dwarves etc. It's not just saintsweb tho this happens on a few sites i use such as pornhub + milfweb

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Really struggling with the site, over the last couple of days every time I click on a thread I get redirected here -

 

http://gslbeacon.lijit.com/beacon?viewId=fa5c3ba54a434418ac323f85c43a6ac393d476ec&rand=84943&uri=http://www.lijit.com/users/SwitchConcepts&informer=10424111&type=fpads&loc=http%3A%2F%2Fdelivery.heavyhearted.com%2Fadserver%2Fhat.php%3Finstances%5B0%5D%5Binstance_id%5D%3D1%26instances%5B0%5D%5Bzone_id%5D%3D72%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Bid%5D%3D4304%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Bprice%5D%3D0.3500%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Btype%5D%3Dstd%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Bdelivered%5D%3D1%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B1%5D%5Bid%5D%3D4307%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B1%5D%5Bprice%5D%3D0.3400%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B1%5D%5Btype%5D%3Dstd%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B1%5D%5Bdelivered%5D%3D1%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B2%5D%5Bid%5D%3D4309%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B2%5D%5Bprice%5D%3D0.3200%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B2%5D%5Btype%5D%3Dstd%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B2%5D%5Bdelivered%5D%3D0%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B3%5D%5Bid%5D%3D167%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B3%5D%5Bprice%5D%3D0%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B3%5D%5Btype%5D%3Drmn%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B3%5D%5Bdelivered%5D%3D0%26%26instances%5B0%5D%5Bpassback%5D%5Bdelivered_banners_ids%5D%5B0%5D%3D4303%26instances%5B0%5D%5Bpassback%5D%5Bdelivered_banners_ids%5D%5B1%5D%3D4304%26instances%5B0%5D%5Bpassback%5D%5Bdelivered_banners_ids%5D%5B2%5D%3D4307%26%26instances%5B0%5D%5Bpassback%5D%5Bstart%5D%3D1398690465%26l%3D5C503AA932%26bw%3D1676%26bh%3D822%26loc%3Dh&v=1.0&rr=http%3A%2F%2Fdelivery.heavyhearted.com%2Fadserver%2Fhat.php%3Finstances%5B0%5D%5Binstance_id%5D%3D1%26instances%5B0%5D%5Bzone_id%5D%3D72%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Bid%5D%3D4304%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Bprice%5D%3D0.3500%26instances%5B0%5D%5Bpassback%5D%5Blist%5D%5B0%5D%5Bt

 

God knows what it is but it's annoying and I'm sure it shouldn't happen. I have to back up and stop the page fully loading to read anything.

 

Cheers

Link to comment
Share on other sites

  • 2 weeks later...

Having problems here as well, both on home machine and work machine:

 

Have Norton 360 on home machine and it is reporting as follows:

 

Alert Summary: High

Web Attack: Fake Flash Update Download

Intrusion attempt by: update.newsflashplaer.us was blocked

Attacking PC: 173.230.147.191,80

Source Address: 73.230.147.191

 

Have had this a couple of time - but only when on Saints Web - and as a result Norton closes the site on my PC.

 

I have also had the same on my work PC which is protected by AVG Professional. I don't have the full details, but it was the same 'Flash update download' type message - again I was booted from the site.

 

This has only started happening to me over the last 10 days - and as I said above, it doesn't happen on any other site other than Saints Web.

Link to comment
Share on other sites

I'm on Ubuntu and using Firefox 29. Today out of the blue while doing a page change mid thread the site served up a blank page with a box in the middle saying my flash needed an update - click here to update.

 

Page source shared in my dropbox - ive run it and it looks the same as I saw. It's a scabby scam page :(

 

https://www.dropbox.com/s/uxgwmwm2p1fy0y3/flash%20exploit%20seen%20on%20Saints%20web.html

Link to comment
Share on other sites

Marty,

Looks like this was delivered separate from SaintsWeb? The source code you've provided looks like it was a separate page and not one on saintsweb? What was the url that it was loading from? None of our ad tags are pre-load so it's impossible for an ad to trigger like that. Are you sure you're not infected with something else?

Regardless, I'm going to have it looked into, but it seems highly unlikely that it came through our ad tags.

Link to comment
Share on other sites

Baj, sorry distracted for a couple of days, it happened using FF29 on Ubuntu 14.04LTS 64bit and I was simply moving from page 1 to page 2 of some thread using the site links at the time. Instead of serving up page 2 it served that.

 

Beyond that it's all lost in the mists of time I'm afraid. Oh and it's not happened since. Good hunting :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...