Jump to content

Fizzol

Premium Member
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Nexus Mods Profile

About Fizzol

Profile Fields

  • Country
    United States

Fizzol's Achievements

Newbie

Newbie (1/14)

  • First Post
  • Week One Done
  • One Month Later
  • One Year In

Recent Badges

0

Reputation

  1. Fizzol
    Okay, I turned off uBlock and reloaded and clicked a few different pages. It took about 5 clicks to get the bogus patch to pop-up again. It first blanks the screen when it pops up, so there's just no way to see what it's doing. I also had Windows Defender pop-up at the same time and tell me it found Malware. The Kovter Trojan Category: Trojan Description: This program is dangerous and executes commands from an attacker. Recommended action: Remove this software immediately. Items: file:C:\Users\NAME\AppData\Local\Temp\ruNz2j8r.exe.part Get more information about this item online. https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fKovter.C Here's what the page source says. Hopefully it tells you something. <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]--> <!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]--> <!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]--> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="/PR1-2/css/normalize.css"> <link rel="stylesheet" href="/PR1-2/css/main.css"> <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'> <script src="/PR1-2/js/vendor/modernizr-2.6.2.min.js"></script> </head> <body> <div class="container"> <h1>Urgent Firefox update</h1> <a class="btn" href="/1601250719749/1467777984988609/firefox-patch.exe">Download Now</a> </div> <script>window.jQuery || document.write('<script src="/PR1-2/js/vendor/jquery-1.10.2.min.js"><\/script>')</script> <script src="/PR1-2/js/plugins.js"></script> <script src="/PR1-2/js/main.js"></script> <script> setTimeout("location.href = '1601250719749/1467777984988609/firefox-patch.exe';", 1000); </script> </body> </html> Here's a link an image of the page info since I couldn't copy/paste it. http://imgur.com/zsFzTtv
  2. Fizzol
    Unfortunately it's a full-page popup with no way to identify which ad it's coming from, and the URL is randomized so there's no way to tell what site is hosting the bogus patch download.
  3. Fizzol
    I just came here to report the same thing as Veraclos, from the same Fallout 4 page. I had uBlock turned off for Nexus. It's back on now.
×
×
  • Create New...