Okay - how do I upload and post it?

Email it to fasteddie AT tvtropes.org

Okay, sent.

Thanks. I edited out the personal info before forwarding it.

Thank you, Eddie.

I am also having problems related to optimized-by.rubiconproject.com

My probelm is that no matter what I do, I have to click the back button a few times before it actualyl works, and it's just on TV Tropes that it happens. I'm not sure whether this is due to the fact I'm using IE9 or whatever it is, but it's really annoying me. What do?

Only way I've found to get around it is to browse using firefox. Why do ads not like Internet Explorer working properly?

edited 28th Dec '11 4:14:55 PM by TARDISES

Another infected Ad:

Ad URL : d5.purebluemedia.com/?eQUEUQIGQBtQU1YBGGQAWAUSMjkoDgVCSVQEFwFUQVMPR1QgC- 0EcQycnYldGBRcfR09CFxoNCF4=

The complaint from my AV : www.impeckor.com/armyline/59305u7... (it cut off the rest, unfortunately)

Ad served on the Improving the Front Page forum topic, upper ad.

Thanks.

Just now got another infected advertisement from the bottom side-banner ad from the Frequently Asked Questions board.

The direct ad URL I could click on was http://d5.purebluemedia.com/?TD02UQIGQBtQU1YBGGQAWAUSMjkoDgVCSVQEFwFUQVMPR1QgC- 0EcQycnYldGBRcfR09CFxoNCF4= .

My antivirus gave the URL as http://www.jallimex.com/quoteraz/6655367|>[Embedded:DeanEdwards]|>[Embedded:DeanEdwards].

edited 29th Dec '11 7:56:03 AM by Darkaros

Reported. Thanks.

I also got another Avast-blocked exploit. On the Writer's Block forum. At 3:06 AM, EST.

URL: pimerine.com/jcar2/...|> [Embedded:Dean Edwards]

I took a screenshot, and saved it. Eddie, would you like me to email it to you? (It would be from a different address this time, just FYI.)

EDIT: I wemt ahead and emailed it to you as a Jpeg file. I redacted the personal info. I hope that it's useful to you guys.

edited 31st Dec '11 12:42:14 AM by punkreader

It is. Thanks for the report. If you should see one again, please get that "more details" info, too.

edited 31st Dec '11 4:37:15 AM by FastEddie

Good. I've tried clicking on thar, but it doesn't give more info on whatever got blocked, just crows about the fact that it worked.

Well, yeah. We won't be needing that.

Got another one from internet explorer xss in the banners at the left, around this time and in the forums.

http:// ib. adnxs. com/ if?enc=uB6F61G4n j-4HoXrUbiePwAAAEAzM8M_uB6F61G4nj-4HoXrUbieP5wblRMgN-kiR1TLCvo0i0tDLQFPAAAAAJ2lCgA2AQAANgEAAAIAAABQTw0- AkdgA AAEAAABVU 0 QAVVNEAKAAWA Kd MQA A1w 4 A Ag QCAQUAAIIANSIL Nw AAAAA.&udj=uf%28%27a%27%2C+35986%2C+1325477187%29%3Buf%28%27r%27%2C+872272%2C+1325477187%29%3B&cnd=! 8iSLggjh2gsQ0J41GAAgkbEDMAA4neMEQARItgJQncsqWABgl- wJ oAHDsCngAgAH0DYgBAJABAZgBAaABAagBALABALkBuB6F61G4- nj_BAbgehetRuJ4_yQGamZmZmZm5P9kBAAAAAAAA8D_gAQA.&ccd=! Aw Vl Kwjh2gs Q 0 J 41 GJ Gx Ay AE&vpid=47&referrer=http ://optimized-by .rubiconproject .com/a/8777/14415/29991- 9.html%3F&media_subtypes=1

adnxs. com/if?enc=uB6F61G4nj-4HoXrUbiePwAAAEAzM8M_uB6F61G4nj-4HoXrUbieP-UEE Wn R It VQR 1 TL Cvo0i0vf LAFPAAAAA J2l Cg A 2 AQAA Ng EAAAIAAA Bc Q Tw 0 Akdg AAAEAAABVU 0 QAVVNEAKAAWA Kd MQA Aag QA Ag QCAQUAAIIA Ey N Klg AAAAA.&udj=uf%28%27 a%27%2C+35986%2C+1325477087%29%3Buf%28%27r%27%2C+872272%2C+1325477087%29%3B&cnd=!1iRFewjh2gsQ0J41GAAgkbEDMAA4neMEQARItgJQncsqWABg- lwJoAHDcCngCgAHkDYgBApABAZgBAaABAagB ALABA Lk Bu B 6 F 61 G4nj_BAbgehetRuJ4_yQGamZmZmZm5P9kBAAAAAAAA 8D_gAQA.&ccd=!Aw Vl Kwjh2gs Q 0 J 41 GJ Gx Ay AE&vpid=47&ref errer=http:// optimized-by. rubiconproject .com/a/8777/1 4415/29991-9.html%3F&media _subtypes=1

The two looks to be from the same site but starts a little diferent.

Got a live one that's triggering IE's security and attempting to download files to my computer.

Flash ad from bannerfarm.ace.advertising.com. Was on the Massively Multiplayer Online Role Playing Game page.

I've got that too, although it was while viewing this thread. No flash ads, just the regular Google link list to the left of my page. /shrug/

I keep getting a download prompt on the forums on IE going

"Do you want to open or save token.js (38 bytes) from tap .rubiconproject. com?

edited 7th Jan '12 4:51:03 PM by Acebrock

^ I'm getting that, too.

I had to temporarily turn off Java script coming from anywhere but TV Tropes on the wiki. There's a serious infection issue. I'm getting the same message as the rest of them.

edited 7th Jan '12 5:25:44 PM by shimaspawn

I was also getting that.

This has all been reported to the ad provider. Thanks for the reports. Remember, as much information as possible (the ad showing, the url of the ad, the region you are in, a screen shot, anyhting at all) will really help.

Not sure if it's too late, since it's already been reported, but this◊ is what Microsoft Security Essentials had to say about it.

Thanks. Everything helps.

Response from the ad provider: