If you switch pages and see your browser being sent to:
httpscolon//softwareupdaterlp.com/campaign/countlight1/?ID=trillmstrcpi2&sub=trillmstrcpi2&S2=wO03N0J7RTAR4JQH0Q0BJT1I
DO NOT CLICK. I am still in the process of figuring whether I accidentally installed this crap as a plug in of Chrome but no avail. I didn't install anything new in the last 5 months, and this just started happening in the last 2 days.
So far, this only happened to me while I was browsing the forums. That's why I post this to see someone else experienced this.
Thanks,
httpscolon//softwareupdaterlp.com/campaign/countlight1/?ID=trillmstrcpi2&sub=trillmstrcpi2&S2=wO03N0J7RTAR4JQH0Q0BJT1I
DO NOT CLICK. I am still in the process of figuring whether I accidentally installed this crap as a plug in of Chrome but no avail. I didn't install anything new in the last 5 months, and this just started happening in the last 2 days.
So far, this only happened to me while I was browsing the forums. That's why I post this to see someone else experienced this.
Thanks,
Last edited:
Yup, I tried those suggestions before I posted.
There was no new software installed to Window except:
- Firefox 35.01
- Nvidia Audio Driver
- AVG 2015 upgrade
- Adobe Flash Player update
- Google Talk
Scan didn't turn up anything either. I don't rule out the fault was from my side, but it didn't pop (really not a pop up, simply the destination url was hijacked) except browsing the forum. Hence, my post to see anyone experienced the same thing, I certainly hope I am the only one 🙂
Maybe time to uninstall Chrome clean and resintall ..
Thanks!!
There was no new software installed to Window except:
- Firefox 35.01
- Nvidia Audio Driver
- AVG 2015 upgrade
- Adobe Flash Player update
- Google Talk
Scan didn't turn up anything either. I don't rule out the fault was from my side, but it didn't pop (really not a pop up, simply the destination url was hijacked) except browsing the forum. Hence, my post to see anyone experienced the same thing, I certainly hope I am the only one 🙂
Maybe time to uninstall Chrome clean and resintall ..
Thanks!!
Thanks for the suggestion. I downloaded it but haven't installed.
Will give it a spin in a moment.
Will give it a spin in a moment.
Clean bill from Malwarebytes, but that was after I resinstall Chrome after a clean uninstall. I hope that was it, crossing my fingers!!
If you're on Windows, use msconfig to look at your startup files. Some of the viruses will plant a startup program there which LOOKS like its innocent, and you quickly get reinfected.
Thankfully I think its gone...... I just tried that link posted above and it said NOT FOUND...
Im sorry you got pchw.. I hope you can get things cleared up soon!!
Im sorry you got pchw.. I hope you can get things cleared up soon!!
LOL, it was back this morning while browsing the forum. Clearly I am not out of the wood, more trouble shooting is needed.
FWIW, the malware link was slightly different this morning. It was to trick the users to install the real malware. The users may think they are updating the browser, but they are actually installing the crap. The Chrome version in the fake page didn't even match my Chrome. So far, I only saw this while I was browsing the forum. I wonder this is any extension to the browser can remember the last, let say, 20 redirections. With that, I should be able to get more info on how it happened.
Thanks,
FWIW, the malware link was slightly different this morning. It was to trick the users to install the real malware. The users may think they are updating the browser, but they are actually installing the crap. The Chrome version in the fake page didn't even match my Chrome. So far, I only saw this while I was browsing the forum. I wonder this is any extension to the browser can remember the last, let say, 20 redirections. With that, I should be able to get more info on how it happened.
Thanks,
I saw it yesterday evening (about 18 hours ago) but not yet today. (I've been on this site only about 15 minutes.)
I recall seeing it, or something similar, several months ago - possibly last summer. It stopped showing up after a week or so. I mention this because it's outside your window of "I haven't installed anything in the last 5 months.". That suggests the infection may have happened earlier than you believe, and its been in some kind of hibernation for the past few months.
I'll make an offer to help you get rid of it, though I'm essentially clueless on the subject of viruses & malware so my contribution may be no more than sitting on the sidelines and cheering your efforts.
Dale
Well, it happened again about 20 minutes ago. I was looking at Post #2 on http://www.diyaudio.com/forums/software-tools/268746-ltspice-model-file-node-labels.html
Before I hit the browser's "BACK" arrow, I opened Snipping Tool and grabbed the window. (See atch)
In the lower left corner of the window is a message that the window was transferring data from ajax.cloudflare.com...
About 2 seconds after I got back to the Forum, it happened again. The on-screen message may have been worded slightly different. I couldn't grab another screenshot because my Snipping Tool was still full of the first capture. (And, I was losing my nerve to let this thing run rampant on my Personal Confuser while I tried to snap its photo.) This time, the browser said it was trying to transfer data from softwareupdaterlp.com
Don't know if this will be useful or not, but here it is.
Dale
Before I hit the browser's "BACK" arrow, I opened Snipping Tool and grabbed the window. (See atch)
In the lower left corner of the window is a message that the window was transferring data from ajax.cloudflare.com...
About 2 seconds after I got back to the Forum, it happened again. The on-screen message may have been worded slightly different. I couldn't grab another screenshot because my Snipping Tool was still full of the first capture. (And, I was losing my nerve to let this thing run rampant on my Personal Confuser while I tried to snap its photo.) This time, the browser said it was trying to transfer data from softwareupdaterlp.com
Don't know if this will be useful or not, but here it is.
Dale
Attachments
Hi Dale,
It just happened to me 5 mins ago when I tried to read your post!!! So, we experienced this in a relatively close time frame.
After I encountered one more last night with Firefox, I was browsing with Live Header on. Let see it captured the culprit or not.
At this point, I only ran into this while browsing the forum, and my comp was scanned clean by different adware scanner, I suspect a infected banner ad.
Will report again once I inspect the Live Header log. Stay tuned.
It just happened to me 5 mins ago when I tried to read your post!!! So, we experienced this in a relatively close time frame.
After I encountered one more last night with Firefox, I was browsing with Live Header on. Let see it captured the culprit or not.
At this point, I only ran into this while browsing the forum, and my comp was scanned clean by different adware scanner, I suspect a infected banner ad.
Will report again once I inspect the Live Header log. Stay tuned.
Here are the headers captured to show what led to the bad site:
It appeared to be from an ad served by Double Click. Full log is attached for the web master to report to Google.
At this point, the best defense is to install some extensions to block the site completely.... Just don't click the freaking page.
Thanks,
It appeared to be from an ad served by Double Click. Full log is attached for the web master to report to Google.
At this point, the best defense is to install some extensions to block the site completely.... Just don't click the freaking page.
Thanks,
I never heard of "Live Header", much less tried to analyze one. From your posted example I can comprehend what its trying to do. Let's hope the folks who have their feces amalgamated can track this thing down and annihilate it.
Dale
Dale
Live HTTP Headers is a Firefox extension which can be used to inspect the http headers from upon a click. I support my co-workers who work on the web pages. So, I do perform similar tasks to trouble shoot their problems. I am less competent in DIY and am still learning everyday 🙂
- Status
- Not open for further replies.