what's up with virus warinigs when trying to read forums?

Muhammad · Aug 7, 2012

Yakman Tom said:
I found this page on a Google Search.

http://www.tractorbynet.com/forums/projects/92929-pulling-wire-through-conduit-tips-3.html

When I clicked the registration page to make it go away (I was not registered at the time), My Trend Micro started going crazy detecting the TROJAN_SIREFEF.SLS virus.

I checked and tested that page with multiple virus checkers and it's clean and free of malware, trojans, and viruses.

It's possible that in browsing you picked up the trojan on another site and it was only activated once you visited our site; some of the trojans are just there to display different ads when you're browsing. So it would make sense that the virus warning pops up when you visit our site and the virus tries to do something. Just because you're getting a warning when on one of our pages doesn't necessarily mean that page is infecting your computer with a virus.

You can check our site report on McAfee here: tractorbynet.com | McAfee SiteAdvisor Software

As for the ad delivery... it is conceivable that Google could get infected with a virus and have that come through our ad delivery. But Google spends a small chunk of their money every year to make sure that doesn't happen. The ad delivery system we use is also used by probably 99% of the popular websites online. We've never had an issue with an ad infected with malware coming through our ad delivery, as far as I know.

We'll continue to watch this but there are no active virus infections on our site (believe me if there were EVERY user would be getting a virus). Cross-site scripting warnings from safe browsing plugins and virus checkers are typically harmless. I routinely allow cross-site scripting. You're free to block it and not see the ads that are blocked, but it's not a virus. It's just an ad.

And FWIW I don't consider cookies or cross-site scripting to be malware or a virus. Your antivirus software might give you warnings about these things but it doesn't mean they're destructive viruses.

Soundguy · Aug 7, 2012

Sledge said:
I have also gotten the Google redirect virus about 2 weeks ago. I am not sure where I got it from but I do visit this forum quite often. It's a Trojan type of virus which opens your computer to further trouble. It's extremely difficult to remove since most antivirus programs like McAfee (which I use) or Norton or a few other that I tried wont touch it. I finally got bleepingcomputer.com to assist me but it took several hours running many programs trying to remove it.

norton 2012 finds it and quarantines it then kills it on a second scan after reboot. I got hit with this about 24 days ago.. took me a day of fighting to get rid of it..

zzvyb6 · Aug 7, 2012

Muhammad said:
Please post more info and take a screen shot of the page you are on as well as the warning you are getting.

It's almost definitely linked to cross-scripting or third party cookie blocking (all advertisement related). Of course, for registered users, the ads have not changed on our end.

see attached. If I select "Go there anyways", my U-Verse router goes Tango Union.

zzvyb6 · Aug 7, 2012

Muhammad said:
Please post more info and take a screen shot of the page you are on as well as the warning you are getting.

It's almost definitely linked to cross-scripting or third party cookie blocking (all advertisement related). Of course, for registered users, the ads have not changed on our end.

see attached.

Muhammad · Aug 7, 2012

zzvyb6 said:
see attached. If I select "Go there anyways", my U-Verse router goes Tango Union.

And which specific page(s) are you on when this happens? I'm running McAfee Site Advisor as well and am not getting any warnings on any pages.

clemsonfor · Aug 9, 2012

repowell said:
Here's one with the red warning and a doubleclick ad. Hope this helps.

View attachment 276110

And its an add for antivurus software!

MasseyWV · Aug 9, 2012

Muhammad said:
Cross-site scripting warnings from safe browsing plugins and virus checkers are typically harmless. I routinely allow cross-site scripting. You're free to block it and not see the ads that are blocked, but it's not a virus. It's just an ad.

And FWIW I don't consider cookies or cross-site scripting to be malware or a virus. Your antivirus software might give you warnings about these things but it doesn't mean they're destructive viruses.

You're kidding right?

Cross-site scripting is anything but harmless, especially if one values their privacy. Cross-site scripting can be used to do any number of things... download code, rogue applications, steal sensitive information, and the list goes on. Even cookies, and especially flash-based cookies, can be potentially dangerous.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

From: Cross-site scripting - Wikipedia, the free encyclopedia

Muhammad · Aug 9, 2012

Let me put it this way... of all the cross-site scripting that is done with the ads on TBN and every other site I visit that uses cross-site scripting, I would venture to say that the overwhelming majority of those instances are not malicious. Of course, I myself run noscript and block most of it, while I allow it on TBN because I know the origin of the ads and how those ad systems rely on cross-site scripting to display. Conceivable that somebody could inject something into an ad and run it through doubleclick? Sure. But my experiences with doubleclick since Google bought them out have been pretty good. And when we're having a discussion about whether malicious code is injected into TBN pages causing malware warnings, I consider the cross-scripting to be typically harmless unless I get a secondary warning. Of course, you're free to continue to block it on TBN and other sites, but we're not going to consider that to be a malware issue on our forum.

pacerron · Aug 9, 2012

Google owns and controls "doubleclick" They do offer an opt-out plugin for browsers that is supposed to keep "doubleclick" from being reactivated when you clear your cookies, temps, and history.

Google Advertising Cookie Opt-out Plugin

Something is out of whack even on the Google Search in Google Chrome. Many times if I right click on a site in their search results and say open in another tab I will be switched to some other site like "prodata" The only way I have found to get to the site wanted, when that happens, is to left click on the site and let it replace the page I are currently looking at, which I think is a waste of time.

I haven't gotten the McAfee virus warning on TBN since I ran a deep virus scan and followed it with Spybots Search and Destroy which
quarantined doubleclick. I am able to use the right click to open numerous threads in separate tabs again, at least since doing the above actions. I have not installed the Google add preferences plugin, yet.

Soundguy · Aug 9, 2012

how long has google owned doubleclick?

what's up with virus warinigs when trying to read forums?

Muhammad

Administrator

Soundguy

Old Timer

zzvyb6

Elite Member

zzvyb6

Elite Member

Muhammad

Administrator

clemsonfor

Super Member

MasseyWV

Elite Member

Muhammad

Administrator

pacerron

Veteran Member

Soundguy

Old Timer

Footer Links 1

Footer Links 2