What the hell is the deal with an AD (MyCloudMagic.com) at the TOP of the homepage - and sometimes Forum pages that MAY CONTAIN A TROJAN OR TRY YOU TO DOWNLOAD A VIRUS???? When you click on "ANYWHERE on it" you get a warning about "Internet Security Damaged....


Trying to sucker someone into falling for a screen that says "YOU HAVE 1 MESSAGE"???? And when clicked on pops up a dialogue box that requests your login and password!!! It looks just exactly like Windows Login dialogue box!!!! It's unconscionable - and the ADD SHOULD BE REMOVED!!!!! IMMEDIATELY

 

Use Firefox or Chrome with the Adblock Plus plugin.

Scan your computer with a good antimalware package, such as Malwarebytes.

 

HTML code is HTML code - whether its run under Firefox / Chrome / Mozilla / MAC or Internet Explorer.


If you looked at the first screen grab you can tell I just browsed to https://www.f150online.com/forums/V8-Engines-24. The server at that address sent my browser a default page that contained an advertisement (MyCloudMagic.com) formatted within the first Page Ad space, just below the site heading. That Ad, in HTML code, java script, function or any number of other methods of formatting text and graphics on the browser's screen, INTICES the reader to 'click' on it to find out what the message is all about. Thus opening a session with the "NON F150online" site - which itself can be malicious. //Classic method of defeating firewalls and security measures - no matter what browser you are using./// In this case, it worked on me and I clicked on it to see what "the message" was about. (That's what I'm WARNING others about).


I run good security software (Eset Smart Security - which caught it) and a robust hardware Firewall appliance in front of a Windows 2008 R-2 server sitting in the DMZ. And I intentionally use LOW privilege settings personal workstation logons (for this very reason). It was the Windows System that presented a Pop-up dialogue box requesting an administrative logon & password for Privileges to "Write" to the system hard disk.


THAT'S what prompted me to immediately press "Ctl/Alt/Del", reboot, logon and go back and try it again - taking the screen pictures with my Cel phone and posting them to WARN OTHERS - who might be just as 'fooled' but less vigilant than I.


I'm not blaming F150online. So long as they (Or YOU if your a Moderator) vet ALL of the rotating Ads to make sure they are not themselves infected or point users to a malicious site.


And thanks for the Scan suggestion. Of course, I did that too.

 

Not to argue with you but to try to help you figure this out. I went to the page you have linked. I got nothing but the correct page. You do understand that MyCloudMagic is an email app? I quickly looked over the code for the page and find nothing like that on it. Might look over the program list on your PC, I assume, and see if it is there or do a search in the program directory. If you are accessing this website via IPhone or similar, that's probably the issue.

 

THIS! And liberal use of the Windows "hosts" file to prevent your browser from connecting to known spam sites.

Tip: you MUST run your editor in Administrator mode in order to make changes to the hosts file otherwise it won't actually save your changes to the file.

 

You mean like this?
0.0.0.0 www.F150online.com (just joking of course), and thanks for all the suggestions.


Yes I do. And I have been directly to their site several times (with an Ethereal log running!).


Thanks. I have revisited the link in the OP without incident. Just normal ad rotation - this morning showing:
Red McCombs Hyundai
NITTO Ridge Grappler tire ad
RAM Lonestar Crew Cab ad


Thanks, I can't ask for more, and the post wasn't intended as accusatory. I too looked at the page source - but admittedly NOT at the time of the incident. I Got that 'ice water in the face feeling') and went into defense mode too quickly.


As can be seen from the first thumbnail in the OP, the ad is neatly formatted right where this mornings rotating ads are. That is pretty darned hard for a local virus to accomplish, although just about anything is possible with computers. Everything on the Ad was a live link. And although it hasn't happened again - it happened twice with a complete reboot between the two identical incidents of something in that sequence of events that attempted to write to the hard disk on my workstation - which is running on a LAN, sitting behind a sophisticated firewall. ??? I've checked for DNS hijacking and cache corruption, and several other things to no avail. Wish I knew more. But I thought the warning was appropriate at the time.

 

yes, exactly. I have found that many of the "shopping assistants" and other trash attempts to reinstall itself every time the computer boots even if you manually remove the program. Adding the name of the URL to the "hosts" file will prevent them from reinstalling themselves. It's the only way that I was finally able to get rid of some of the malware.

Something else that you might want to look into is Grease Monkey. You can add scripts that it uses to block ads on G-mail and other sites.

 

I've sent this forward to our contact within IB (website owner)

I know he has the ability to manually pull "bad" ads from the rotation

 

OK GUYS - HERE YOU GO - It happened again. Something may be going on locally - but I'm still trying to figure it out. It is repeatable.


First --- I would like to thank Global Moderator @Patman.


Just spotted it again. I browsed to multiple forums here on a different network workstation and it seems like about every four to six ad rotations, the one displayed in the first attachment shows up.


Another very interesting fact. The SAME identical ad appears in the rotation at www.F150Forum.com


When I click on the add, I get the Second attached screen. If that won't take your breath away - you ain't normal.


The front popup dialogue boxes can't be closed - so I moved them to a second display attached to that workstation and got a screen grab of the underlying screens. I got snapshots of 'view source' for both the base page - and the ad block. But that is too 'geek zone' to attach here. It has something to do with google adservices redirects and some url like "www.com-expand-com" ///(@Joe51 , there is one for me to define IP address of 0.0.0.0 for in the hosts file)///


Again, Wish I knew more - but hoping this helps someone.

 

I got one tonight and it's a know bad ad. Battery virus...this is a copy of the text. Comes right up on Google.

Your battery is severely damaged by (4) viruses!

We have detected that your Android battery is running at (28.1%) capacity due to harmful viruses from recently visited adult sites. These viruses will damage your SIM card and corrupt your contacts, photos, data, applications, etc. on your phone.

 

That's because IB also owns that forum.

Bears repeating - install Adblock Plus. Then you won't see ANY ads up top.