Bad Ad

[juderodney]

You realize the same could happen anywhere?

 

It's not Nexus's fault. Ad networks are the biggest vector for malware attacks. A malvertisement can show up on any site that has ads on it.

 

It's sad, but because of criminals who put up malware-laden ads to the ad networks (and heck, sometimes even compromise the ad network itself to get there malware through), the only safe way to support a site you like is to donate.

 

 

I'm not blaming the nexus for anything, but the attacks have always been attempted while on the Fallout site. Now if it's the ad netowrk's faukt, I still have a reason to stay away from the sites. It's not about hating on the admins here. It's protecting my computer from having to be reformatted again.

[DarkeWolf]

Well, you could always run your browser from a sandbox. Isolate it from the rest of your system, so that any crapware that gets picked up, won't affect the rest of your system.

http://www.sandboxie.com/

 

couple things to mention about the free version. 1) after the trial expires, you'll get a nagscreen to buy it. Winrar users are very familiar with this kind of tactic. 2) it has full implementation EXCEPT that you can't run more than one instance of it at a time, unlike the purchased version.

3) You'll need to change where your browser saves files to. Like I said it isolates it from the rest of the system, so if for instance, your browser saves pics to documents/my pictures, it won't be able to do it.

[evilneko]

I'm not blaming the nexus for anything, but the attacks have always been attempted while on the Fallout site. Now if it's the ad netowrk's faukt, I still have a reason to stay away from the sites. It's not about hating on the admins here. It's protecting my computer from having to be reformatted again.

Well, therein lies the rub though: it's the ad network, so it potentially affects all sites using that network, which is why I've said previously the only safe way to browse the internet is with ads blocked in multiple ways. Unfortunately that leaves good sites in kind of a pickle. :sad:

[burtsmithers]

Hello, this might be a little off-topic because I haven't come across any of these fake antivirus ads on any nexus site but I would like to say something about a few of the ads around the nexus network. Now I know that this is a free service and I shouldn't complain about your ads because thats what keeps this great community going but there are a few flash ads on the left side while browsing the site that are really starting to annoy the hell out of me. they are for some cleaning something and when the page loads these ads start talking pretty loudly and I've been refreshing the page almost instantly when i hear it but 9 times out of 10 the ad does not have a mute option to kill the sound. I'm not asking to take them down because thats ridiculous but could you just ask them to add a mute button or to make the ad muted in the first place and if i want to hear it I'll pursue the product? normally i wouldn't even care but lately because I just reinstalled morrowind and fallout3, ive been looking at a lot of mods at once, so i'll browse a category and open 4 or 5 mods in new tabs at once and most of them will start yelling over each other and then i start yelling and its just no good for anyone...

 

 

if i'm overreacting on this then that's cool i apologize. i do appreciate the nexus community and don't like complaining about stuff in general but i just wanted to put it out there.

 

 

thanks.

[evilneko]

Dark0ne can't add a mute button to the ad. Ads generally don't belong to the owner/operator of the site they appear on, and the only thing an owner can do is try to control which ads appear on their site.

 

What you can do is block flash in general, and enable it only when you need it. How to do that varies from browser to browser, some require third party addons to do it, some have the ability built in. Since nothing on Nexus needs flash, there's no reason to have flash enabled while browsing Nexus.

[Sutayh]

I had the ad back on the 23rd. It was the smiley face "you have won" ad.(only thing I had open and couldn't close IE quick enough).

I just finally got rid of it today.

It installed a nasty rootkit. GREM was the only thing that could get rid of it.(installed a random character .sys file in windows\system32\drivers that I couldn't delete the service nor the file with(killbox didn't work and it wouldn't allow me access in regedit). Had to disable the service with GREM, reboot and delete the file). AVG, HijackThis and several other programs couldn't detect it. It was sending spam emails out. I have to use IE7(work computer and the site we use doesn't work 100% in IE8). For those of you who think it might have happened, don't forget to run netstat to make sure it isn't spamming.

[Dark0ne]

I'm looking for someone who is getting this ad regularly but who has their system secure enough to be able to access the site without crap getting on their system but is also able to tell me whether it's still happening (i.e. an ad program that tells you a malicious attack was attempted but your computer has blocked it).

 

That way I can systematically remove advertisers until we find the culprit.

[DarkeWolf]

I had the ad back on the 23rd. It was the smiley face "you have won" ad.(only thing I had open and couldn't close IE quick enough).

I just finally got rid of it today.

It installed a nasty rootkit. GREM was the only thing that could get rid of it.(installed a random character .sys file in windows\system32\drivers that I couldn't delete the service nor the file with(killbox didn't work and it wouldn't allow me access in regedit). Had to disable the service with GREM, reboot and delete the file). AVG, HijackThis and several other programs couldn't detect it. It was sending spam emails out. I have to use IE7(work computer and the site we use doesn't work 100% in IE8). For those of you who think it might have happened, don't forget to run netstat to make sure it isn't spamming.

 

So where do you get GREM? My search for it is only turning up how to get a reverse engineering certification as relative links. (Which would be cool to have, but I'm still working on my net+ and cisko certs right now....)

[Sjeng77]

I just noticed another annoying and I might add very misleading, insidious ad while browsing through Oblivion mods. Where the usual banner ad is, there are now 2 large arrow buttons. the top one points left, and says "back", en the bottom one points right and says "next".

This is very misleading, as unaware people will click the hidden ad, thinking that they can browse through mods that way, while it's actually an ad, that might lead you to god knows what. There should be a law against ads like these, that do not clearly show what they are, especially ones like this one, that is specifically designed to be a hidden ad, tricking the visitor into clicking it.

Furthermore, it could easily give TesNexus a bad name, because people will think they clicked a button from the site, and not an ad...

 

I suggest you take action.

[allthegoodnamesaregone]

Well, I'm still getting them. If we are talking about the vscan7 virus. Just had an other attack about half an hour ago. I have been getting several vscan7 attacks a day for a week or so now (doing a new install for oblivion, so I'm on more).

 

And since 6/20/10 four Trojans have been removed from my computer (3 on the same day, so I'm guessing the same attack). Now I cant be 100% certain where the Trojans came from, but from about 6/20/10, Bethesda's Oblivion Forum and Tes Nexus have been where 99% of my online time have gone. Still, I could have got the Trojans from someplace else.

 

According to Nortons AV, I'm clean ... but after reading the first several posts in this thread .... who knows. Guess it's time to follow some of those links and see if any other program finds anything. So, thanks for the info.

 

EDIT: Additional information: Just remembered, I'm hooked up to a router. So it's possible the Trojans came from another computer on the router, will have to check into it. The vscan7 pop ups definitely only happened while on Tes Nexus though.