We occasionally get reports of ads that trigger antivirus warnings or infect computers that are browsing the wiki. This FAQ is an attempt to consolidate all the information about such things into one thread. Please read the below before reporting any incidents.
This thread may also be used to report ads that violate our policies in other ways, such as being too "adult" or NSFW, automatically playing audio/video, etc.
REPORTING: try to get a screenshot of the console as well as this will help identify where it's coming from.
REDIRECTS: Its very tricky to get the first URL of a redirect trigger because they are designed to hide where it came from. So you need a redirect plug-in
active while the redirect happens so you can find the first URL, not the last. Where you were directed to doesn't help track down the source.
- TV Tropes, as a site, does not contain malware. We are a text-and-image wiki; viruses and malware cannot be uploaded to or embedded in the articles. As always, however, beware of any external link that you don't recognize, since we cannot automatically screen edits or posts for malicious links.
- 99.99% of the time, any suspected malware will be related to the wiki advertising.
- TV Tropes does not directly control the ads that are displayed. We use third-party ad providers and we determine things like the size and placement.
- We instruct our providers not to serve ads that redirect your browser, take control of the screen from you, forcibly scroll your screen, play audio without being clicked on, install malware, "pop up" or "pop over" your screen, or in any other way interfere with your browsing experience.
- We have custom software designed to detect ads that do these things and automatically block them.
- Malicious entities are constantly trying to sneak ads through the providers' networks in violation of these instructions. As providers have little incentive to proactively detect and block them, it's up to websites to report these sorts of problems.
- We rely on our users to report ads that get through these measures.
- Just because you see a particular ad doesn't mean everyone else sees it. Ads are customized by the ad providers to your location (by IP address), the content of the page you're viewing, and your browsing profile, which is tracking data accumulated by third parties over the course of all your internet browsing.
- Just because you get a malware warning or infection that seems related to an ad on TV Tropes does not necessarily mean that it is caused by one of our ads. Pre-existing malware on your computer can intercept ads and replace them with malicious ones.
- Ads containing malware, obviously.
- Misbehaving ads, such as ones that load a pop-up or pop-under, redirect your browser to another page, hijack your screen or automatically scroll it.
- "Adult" or NSFW ads. Scantily clad women alone may or may not qualify, depending on context, but we want this site to be work-safe.
- Ads that automatically play audio — that is, the audio starts without you clicking on the ad first. Video ads are acceptable.
- Note: Political content is not grounds for rejecting an ad. However, an ad that contains or implies hate speech, disinformation, or outright falsehoods may be objectionable enough to be blocked.
- First and foremost, maintain current, updated antivirus software, and keep your operating system and browser up to date with all patches offered by the software vendors. This includes Adobe Flash, Java, and other rich media plug-ins. Turn on your software's automatic updates if they are not already on and act immediately when prompted to install them.
- Never click on pop-ups purporting to have detected a virus, offering to "tune up" your PC, or otherwise inducing you to click on a link that you were not expecting. Any genuine message of this nature would come from your antivirus software and not from a web page.
- Be careful clicking on external links. These are identified with a small icon next to them. Example: Google. TV Tropes does not endorse or control the content of external links and you open them at your own risk.
- Never respond to any email or web page that asks for personal or financial information, including passwords, unless you have verified its identity. No reputable company will ever ask you for your password(s), other than to log in.
- You may choose to opt out of having tracking information collected by ad providers. This does not stop malware but helps you maintain your online privacy. See here for additional information.
- TV Tropes requests that you do not use ad blocking software while visiting us, as this site depends on advertising revenue to operate. If you do run an ad blocker, please add tvtropes.org to its exception list, or consider donating to the site to have certain ads removed.
- We (or the ad provider) place a "Report advertisement" link next to most advertising frames. Clicking on this will generate an automatic report and is the best way to do so. If you cannot click on this link or do not see it, continue for more advice.
- Try to identify the source URL of the suspect ad (see below). You can also use the target URL (if you are redirected), but note that this may be intentionally obfuscated by the ad provider to hide the source.
- Identify the ad provider. Some ads have a small area that links to the ad provider's page (like Google or AOL). In other cases, you can tell from the referral URL or you can look it up in a search.
- Go to the ad provider's contact/abuse page and fill out their form. Below are some links to common providers' abuse pages:
- Scan your computer for viruses. If your antivirus software will not operate (many malicious programs attempt to disable your antivirus software), you can download a scanning tool on a known clean system and run it on your infected machine from a read-only CD-R or flash drive.
- If you suspect that you've been tricked into divulging personal information to a phishing attempt or other fraud, change your passwords to affected sites immediately and contact your bank, credit card companies, and the credit bureaus to request a fraud alert.
- Please note that TV Tropes cannot assist you with the specifics of maintaining your computer. That's your responsibility. You may request general help in the appropriate forums, but please don't post new threads in the forums dedicated to wiki operation (Wiki Talk, Frequently Asked Questions, etc.).
- Sometimes, the wiki administration can get better results from the ad providers in dealing with malicious ads. If you can identify a malicious ad by referral URL, you can post the link in this thread, but please omit the "http" component so it doesn't create a hyperlink that someone might click on inadvertently.
- For image ads, right-clicking (or a long tap on mobile devices) should give you the option to view and copy the URL that clicking on it will send you to.
- For Flash, Java, or HTML 5.0 ads, it may be difficult to identify the source or the URL by right-clicking. In these cases, you need to view the page source to identify the ad so we can report it.
- In Internet Explorer, you can right-click in a blank or text area of any web page, and choose View Source from the context menu. Firefox also has this option. In Chrome, you can use the Inspect Element menu option, which interactively highlights the portion of the page whose code you are hovering over. You can use this to identify the ad frame and its source URL.
- For embedded ads, there will be a "frame" element with a "src" parameter. Drill down until you get to the lowest level. All we need to identify the ad is the "src" URL from that frame.
for more information or to discuss the service.
Edited by kory on Nov 15th 2023 at 10:36:27 AM
I got an ad a couple of times for a Cricket game that auto-plays a sound of a bat being swung. I;m not sure is what I did is the right thang, but I pressed F12 on Google Chrome, then clicked the magnifying glass and clicked the ad, which highlighted the following text in the source:
<object data="http:​/​/​pagead2.googlesyndication.com/​pagead/​imgad?id=CICAgKDj9ZOl7QEQoAEY2AQyCEAi2KshICZv" id="google_flash_embed" width="160" height="600" wmode="opaque" flashvars="clickTAG=http:​/​/​googleads.g.doubleclick.net/​aclk%3Fsa%3Dl%26ai%3DCblVpZR-fU-GML6OJlALNlYDID8KjxMYFkob_krcBwI23ARABIOi-1QNQpMuryPr_____AWD9oKGB8AOgAZ6Opc0DyAEEqAMBqgSXAU_QV447B3s58XjkzrYJbd-vRJA9DlbUmTXiF7EyYOv3Q41nZyfFYUG7DmwBfDRpTqaJuKff8ElDvev7jML7lnJSoriO6NlBErBFWPPVKcV1wyCIU6_0BzZyBmhitimpBFZuktQ3G2rycjrUR2_0QMbpwSHw66SxW-sqAFRtc35-_vTRqIXwsNMx5hixX5GcqReFBLQG2a-gBgSAB8rx2jI%26num%3D1%26sig%3DAOD64_1Ysz70oySX401c5JDPNpzlBUGQNA%26client%3Dca-pub-6610802604051523%26adurl%3Dhttp:​/​/​download.crazyforcricket.com/​index.jhtml%253Fspu%253Dtrue%2526partner%253DZ3xdm045" type="application/x-shockwave-flash" allowscriptaccess="never"></object>
Basically canon
Seriously, are these adverstital ads supposed to be on the ad server or not? I don't think we've ever gotten official word on this matter one way or the other. http://sponsor.adverstitial.com/view/advertisement?loc=78876&adv=2863156&camp=668502&w=160&h=600&rnd=5067422524154125864
Lost in Space
I've gotten a couple of alerts from my AV software about a trojan attack from tourinsights.com. Norton can't be any more specific as to the URL that's generating it.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Basically canon
Another auto-redirect ad tried to force its malware Java update on my computer. http://www.downdimgd.com/US/index.php?dv1=10523998&dv2=&dv3=&dv4=zqsye-US&sec_id=qWJ8vBQjIEzEzreaz9tov0poz3iSC9s6Y3RmIaRrCnYRNAXKPTCKqZsRNkwEPBY0DlpefAXe7BMbPw%EB%EB&marketing_fid=MTQwMzE1NTkxNC1iMmUyYmVmNDc0ZTE3MTg1ODlhM2JjODdjZTg4YmVjMg==
edited 18th Jun '14 10:37:01 PM by Midna
pearlina brainrot affects millions of people worldwide. if you or a loved one are suffering from pearlina brainrot, call 1-800-GAY-NERDS
You Give Me Fever
Lately I've been dealing with a Trojan Boaxxe type, which I've only been getting on TV Tropes. Has anyone else seen this or is it just me. Well, the firewall claims it is being "blocked" but it keeps showing up when I come to TV Tropes.
That's why he wants you to have the money. Not so you can buy 14 Cadillacs but so you can help build up the wastes
Lost in Space
I've seen that one; it's the thing I mentioned earlier.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Seriously, I know you guys need the money, but at this point I'd look for a different ad host, as it seems the current one is either incompetent in the QC department, or complicit with the malware guys. >_>
Night Clerk of the Apacalypse.
Hijacking ads is not a new trick for malware distributors. Pretty much all ad services are vulnerable to it to a degree. We also are not the only site this is happening to. Another forum I visit is having similar issues with their ad server and particularly aggressive malware laden ads.
Who watches the watchmen?
I've encountered several viruses in the last couple days. It's like TV Tropes is under attack.
This one for instance
cm.g.doubleclick.net/push?client=ca-pub-6897902191714833
edited 22nd Jun '14 12:52:16 PM by ChaoticNovelist
I've seen an auto-redirecting ad for a while: http://webafan.com/landingmarketingglobal/.
"For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled." - Richard Feynman
Professional Lurker
Just got something that opened up a new tab while on Weapon of Peace; the new tab's URL was updatenowpro.com/su/01/60bc51a006800eb7b20e8d849125693f64a039a37d878a4a891b59704be2830c:1404008638/?b=owzv22kd&sid=CD10313&uid=0a674b630e22abba6a4af37bcfdf104d&filename=Software_Update.
"I'm pregnant, and I'm losing my mind."
Okay, good, that wasn't just me.
URL I got was http://updatenowpro.com/su/01/70822154820e07bd2eaa455ce45b1e66e287054ac45ee086477c2732fc561ca4:1404136829/?b=owzv22kd&sid=CD10313&uid=1a1093c54f82216ae0368c824b638543&filename=Software_Update, telling me Firefox was out of date (it is - 28.0 - but that's because I like the Classic Compact theme too much to give it up when I upgrade to 29.x or higher).
I didn't get full URLs of the ads on the page (four total), but I did note what was being advertised: Days Inn, American Family Insurance, Audible, and Hotels.com. I received further American Family Insurance ads when I left that page, and the pop-up didn't show up, so I'm assuming that of the four, that one's safe-ish?
edited 30th Jun '14 7:10:50 AM by ShadowHog
Moon◊
I keep getting redirected to a website that tells me that my Java is out of date and forces my computer to download a .exe file (which I delete before it can infect my computer)
Courtesy link. WARNING ALMOST CERTAINLY CONTAINS VIRUSES: http://java-tips.net/ym/us/?aff_sub=taggify-us&aff_sub2=am1&aff_sub3=
As a side note, the downloads are .exe files even though I'm running Mac at the moment.
edited 2nd Jul '14 5:30:58 AM by lrrose
Lost in Space
I also just got a prompt to install a "Java update", complete with an automatic download.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
I'm getting the Java one constantly, and it's quite annoying.
The Beta Male
I keep getting huge video ads on the bottom of the screen — not just on trope pages, but all over the forums, too. They make the text format strangely due to their size, and they cover up the lower half of the screen, keeping me from interacting with whatever might be there. I tried to get some sort of dump or URL, but they won't even let me click on them or view information(I suspect they might just be really obnoxious gifs). They don't appear to have sound, but they're way bigger than the normal video ads on the articles themselves.
MY SOUL IS DARK BUT MY HAIR IS COLORFUL — Brahian Pokémon Alchemist
Always 3:00am in the Filth
I've also been having the fake Java update, been assuming it was something on my machine that I can't track down.
"But don't give up hope. Everyone is cured sooner or later. In the end we shall shoot you." - O'Brien, 1984
The Beta Male
I keep getting forcefully redirected to ad pages and spammed with popups. Managed to get a link to one of them.
http://trck.ad-serving.co/click.php?c=82&key=y4wn0whuqib0gsp34ieto11n
On quite a few pages, I have been getting a warning from my AV saying it blocked "54.213.74.177/?check=2"
Unfortunately, I can't tell what ad it may be connected to.
Always 3:00am in the Filth
I'm having similar problems. Again, uncertain if Avast is picking up junk off other tabs or if it's actually TV Tropes. I'll have more information next time it pops up.
EDIT:
It popped up again and I remembered to double check it:
hxxp://54.213.74.177/?check=2 is the virus it's blocking, "Infection: URL Mal". I have no other information at the moment, the only browser tabs I have open are Youtube, Wikipedia, and Save Scumming.
edited 24th Jul '14 2:44:23 AM by Rotpar
"But don't give up hope. Everyone is cured sooner or later. In the end we shall shoot you." - O'Brien, 1984
God-Mayor of Sim-Kind
Avast keeps throwing up URL:Mal warnings for "http://sd.symcd.com".
"Yup. That tasted purple."
Got another forced redirect, this one without warning. It hijacked my Watchlist, didn't even give the option to go back to the page in the History button. http://system-security-error.technical-support.info/support/systemvirusNew/aa09/EN-systemvirus/help3/index_dingG_p.php?p1=ytzi&p2=co&p3=main&c=877&subid=1216652381-efba6bf2e3ccb413553aad627ea92433&l=3782&ept=g1kfNsIfKqJQxBlgj8k%2BWZgZ43rMUorZ3qC2gkvIUkX2Iq7pgqkw9pHRP4RGl6Ogd6h73ypldUE2LUeSntJW3g%3D%3D
These things are getting pretty bold.
Lost in Space
Norton flagged a file that was apparently downloaded by an ad:
Filename: $r59igx8.exe
Threat name: Suspicious.Cloud.9
URL: http://www.freecardsmaker.com/default/ga/sa/?dl=1&ts=0&tschnl=FL_7&adnm=32468199686&i=s&grid=&lg=EN&cc=US&clg=en&c=1&d=0&cid=_684412451&kw=freedownload&mt=&mn=www.almico.com&ct=&nt=D&expr=&ap=none&dv=c&color=green&agid=_6843576989
edited 30th Jul '14 8:30:08 PM by Fighteer
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
My Internet Explorer keeps getting a pop-up webpage of League of Angels while I'm using this site. it's something along the lines of http://www.bestpromogiveaways.com/LeagueOfAngels/US/LoAA/?voluumdata=vid..00000003-6b14-4ab7-8000-000000000000__vpid..8a8c6800f4f1-11e3-8220-bb5944735e40a--caid..97b4ebbb-e4
Well it's MUCH longer than that, I accidently closed the link. But the point is, is this one of your rouge ads?
edited 15th Jun '14 7:03:57 PM by RabidTanker
Answer no master, never the slave Carry your dreams down into the grave Every heart, like every soul, equal to break