ForumsSupport ForumAnyone else getting Malware??

70 20290
CGormPharmD
offline
CGormPharmD
9 posts
Peasant

Okay, so I've been using armorgames.com for a while now without any sort of problem. I've always had adequate virus and malware protection on my computer. Starting some time in the past 5-7 days, I would click on armorgames.com and get instantly redirected to one of those "your PC may be infected!!" popups that's one of those obviously fake 'ersonal virus protection' software downloads. I wouldn't mind it, I wouldn't care, I'd treat it like I treat that Cursor Mania popup and just ignore it... but it closes my active windows when the link opens!

Sometimes it happens when I open the armorgames.com homepage... sometimes it happens when I click on certain games (most often with Mini Defense, not sure if that counts for anything) ...and sometimes it happens when I click on my profile. Normally, I wouldn't post something this simple on a community forum, but it is ONLY occuring with armorgames.com and no other websites.

I've tried updating virus and spyware protection, I've tried scanning my computer multiple times... I've tried everything I can think of. Now I turn it over to you. Is anyone else experiencing this? Can it be stopped? I wanna play more games.

  • 70 Replies
yielee
offline
yielee
618 posts
Shepherd

LOL, it wasn't about TA, it was about you, but okay, now that you're on board...Does your mom know what companies are notorious for malvertising campaigns? Maybe one of them is being used by AG.

How I knew is this, I saw a similar thing on another website but it was for a diet pill. Same thing though, just advertised for a diet pill, not a virus scanner. It redirected away form the website. That website had just switched over to a new company that promised to run a cheap content-oriented filter for their ads. So they were able to solve it in a couple of days.

I feel sorry for Carlie cause it must be frustrating to try to solve this behind the scenes. Hopefully AG can get together with the other website administrators and figure it out. Once they figure out the problem, they need a new solution, new filtering company. I bet that's what's taken so long.

yielee
offline
yielee
618 posts
Shepherd

Kong-

Ventero - Thanks Kioyoh, Iâm pretty sure I tried that link earlier (it even showed up in my FF history) and that it didnât work then, but it does work now. First quick look shows that the site apparently embeds a Windows Media Player object (and points the browser to that file when you leave the page). That WMP-object possibly tries to exploit a security hole in a web-browser/the WMP itself⦠Let me see if I can find out more.
And if you went to that page, you should definitely scan your system for trojans etc.

Edit: VirusTotal has 5 positives for the file that page embeds.


Kiyoh - I think it is worth noting that, judging from the screenshots, it scans for browser and OS, so it can adjust its appearance to them. That might also be the reason why Firefox users do not experience any problems with this (it probably explicitly targets IE users, for whatever reason).

Ventero - Judging from the code, it targets WinXP and checks if Service Pack 2 is installed. So it probably targets some security issue in WinXP/old IE versions that got patched with SP2, and if that fails, it tries to make the user download/run some exe-file (which got 5 positive results on VirusTotal). So anyone who clicked anywhere on that page or left the page on a way that fires the unload-event (i.e. everything except killing the browser) and didnât notice a popup or file download is most likely infected. If you noticed a file download but didnât accept it/run the file, youâre probably safe.

yielee
offline
yielee
618 posts
Shepherd

I found it.

yielee
offline
yielee
618 posts
Shepherd

Lol, I knew. What's annoying is the box that says "NO" but starts the download anyway!

What I meant was that maybe I found the third party. It looks like AG just got rid of casalemedia. They make pop-unders. Those are the ones that don't get blocked by pop-up blockers.

http://i44.tinypic.com/33kq448.jpg

So maybe this thing is solved for the time being, but I'm afraid to test it. It definitely looks like AG got updated!

ajmco
offline
ajmco
5 posts
Nomad

actually now its on the community too i almost couldent reach this HOWEVER i discovered IF you have the popup already it WILL NOT come up and close AG a 2nd time

Showing 46-50 of 70