With Mod Hat OnWe occasionally get reports of ads that trigger antivirus warnings or infect computers that are browsing the wiki. This FAQ is an attempt to consolidate all the information about such things into one thread. Please read the below before reporting any incidents. This thread may also be used to report ads that violate our policies in other ways, such as being too "adult" or NSFW, automatically playing audio/video, etc.
What can be reported to our provider.
How to protect yourself.
What to do if you suspect a malicious ad.
Identifying the source of a Flash ad.
edited 12th Aug '13 8:12:56 AM by Fighteer
Neoclassicism, AKA the Tinkerbell school of economics.
Just awesome like thatWell, regarding that last point you said, there's one that keeps recurring for me that triggers the Microsoft Smart Screen filter on my Internet Explorer. Here's what IE keeps saying:
Content on this website has been reported as unsafe
Hosted by: tvtropes.org We recommend that you do not continue to this website. This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information. This website has been reported to contain the following threats: Malicious software threat: This site contains links to viruses or other software programs that can reveal personal information stored or typed on your computer to malicious persons.
this article, there should be a link on the SmartScreen filter report allowing you to report TV Tropes as a safe site. However, I just tried loading tvtropes.org in IE9 and checked its SmartScreen rating, and it reported no threats. That other site is definitely a malware site but a quick search revealed no useful information about it. We have yet to get anyone reporting a site-related infection who can give us any details about where it came from. That's the only way any of these issues will get resolved.
edited 13th Dec '11 4:41:32 PM by Fighteer
Neoclassicism, AKA the Tinkerbell school of economics.
Boiled and MashedHere's one that set off my antivirus: mlleld.com/xmltree.jar|[end angle bracket]xmltree[slash. the actual punctuation mark refuses to show up on these forums.]kondar.class
edited 13th Dec '11 1:41:53 AM by arks
Video Game Census. Please contribute.
I've gotten The Windows XP Antivirus 2012 virus from the site thrice recently, but I wasn't able to pin it to a specific ad or address. Avast!Antivirus blocked an attack on my computer the first time I went to the site's homepage after installing it. Unfortunately, I don't remember the address it gave. I'll see if I can look through logs to find it. If I do, I'll post it.
Address of the advertisement itself : media2.rubricgroup.com/?fhVEAw4RFgJdCloCEmgDVgMDdjIlVwlBQlULFwdDEhtaW1QkQ- VQcGycnOx1QAgULQFRfAFFABFxN Warning message from my Antivirus : murouk.com/xmltree.jar|>xmltreekondar.jar I've had others, but I didn't think to get the info.
edited 13th Dec '11 3:32:42 PM by Zyffyr
Thanks. I've forwarded these to our ad provider to see what action we can get.
Update from the ad provider:
On Wed, Dec 14, 2011 at 11:50 AM, Bethany Patterson <email@example.com> wrote: Hi Eddie. I did some digging in our Site Scout technology this morning and was able to confirm that the information you provided us was linked to an issue that we flagged and resolved yesterday morning. We found this issue coming through three different networks (Banner Connect, Meta Network, Redux Media) Monday night/Tuesday morning. This problem was stemming from a specific advertiser within App Nexus. We reached out internally to App Nexus yesterday morning and helped them remove the advertiser. We have not seen the issue on our end since it was resolved.
ZzzzzzzzzzHey, cool. An actual response from an actual person. Is that allowed?
edited 14th Dec '11 10:09:21 AM by Madrugada
'He strutted across the bedroom, his hard manhood pointing the way' sounds like he owns a badly named seeing-eye dog. 'Sit, Hard Manhood!
Just zis guy'Tis the season, and all that, I guess.
Maddy: It is allowed now that we have a service between us and Google. Google is not in the human-to-publisher support business in any way you might notice.
edited 14th Dec '11 10:32:21 AM by FastEddie
Got one today a few minutes ago from http://nisivy.com/xmltree.jar|>xmltree/kondar.class. At least that's the URL given by Avast. Edit: There's some gibberish-text that doesn't display properly between "jar" and "xmltree". It's |>. Hopefully it doesn't affect the report Eddie.
edited 14th Dec '11 5:58:59 PM by Darkaros
Thanks. Will report.
That looks like what Avast blocked for me, too. Mine also said that it had to do with "java" and "Email.Trojan, " if that's any help.
As a related question: Sometimes, when I right-click a flash ad, it grayscales the "Settings" option. How do I find that ad's URL?
If you run Firefox or Chrome, install Firebug, then use the 'inspect element' feature.
I just caught the exploit, which Avast! blocked. It's: peteic.com/xmltree.jar|>xmltreespager.class
Request from ad server folks:
Do you have any additional information about who saw it, where it served, what time of day, geographic location, advertiser name, ad size, ANYTHING else would be helpful
I just got the one from peteic.com, URL of the ad was : d3.purebluemedia.com/?Qg Qc UQIGQ Bt QU 1 YBEGIH Xgc S Mjko Dg VCSVQE Fw FUQVMPR 1 Qg C 0 Ec Qycn Yld GB Rcf R 09 C Fxo NCF 4= No clue on the content, as my AV blocked it. West Coast USA, ~2 minutes ago. Ad was served on the Excessive Categorization thread (Wiki Talk), top ad.
Técnico ElectromecánicoInternet explorer has being activating site filtering script (xss)* to the add left side off forum now, the URL is: ib. adnxs. com / if?enc=exSuR-F6h D 97 FK 5 H 4 Xq E Pw AAAOB Ru M 4_ exSuR-F6h D 97 FK 5 H 4 Xq EP 3 NZC Mib-9FcR1TLCvo0i0u9_u9OAAAAAJ2lCgA2AQAANgEAAAIAAABQTw- 0AkdgAAAEAAABVU0QAVVNEAKAAWAKdMQAARRIAAgQCAQUAAII- AoySR7wAAAAA.&udj=uf%28%27a%27%2C+35986%2C+1324351165%29%3Buf%28%27r%27%2C+872272%2C+1324351165%29%3B&cnd=!GCNPK Qjh2gs Q 0 J 41 GA Agkb EDMA A4ne MEQAR Itg J Qncsq WA Bglw Jo AHCEC Hg Cg AGM C4g B Ap ABA Zg B Aa AB Aag BALABA Lk Bex Su R-F6h D_BAXsUrkfheoQ_yQGkmZmZmZm5P9kBAAAAAAAA8D_gAQA.&ccd=! Aw Vl Kwjh2gs Q 0 J 41 GJ Gx Ay AE&vpid=47&referrer= htt p: // optimized-by.rubiconproject. com/ a/8777/ 14415/29991-9.html%3F&media_subtypes=1 Region South America (Argentina), no idea what it was about, time, around this hour.
edited 19th Dec '11 7:35:50 PM by Joaqs
Fantastic information. Will forward to ad provider.
Here's my timestamp (I took a screenshot): 7:39 PM Eastern Time (4:39 Pacific), on the Writer's Block forum. Pennsylvania, USA.
Ooh! That screen shot would be handy.
TV Tropes by TV Tropes Foundation, LLC is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Permissions beyond the scope of this license may be available from firstname.lastname@example.org.