We occasionally get reports of ads that trigger antivirus warnings or infect computers that are browsing the wiki. This FAQ is an attempt to consolidate all the information about such things into one thread. Please read the below before reporting any incidents.
This thread may also be used to report ads that violate our policies in other ways, such as being too "adult" or NSFW, automatically playing audio/video, etc.
REPORTING: try to get a screenshot of the console as well as this will help identify where it's coming from.
REDIRECTS: Its very tricky to get the first URL of a redirect trigger because they are designed to hide where it came from. So you need a redirect plug-in
active while the redirect happens so you can find the first URL, not the last. Where you were directed to doesn't help track down the source.
- TV Tropes, as a site, does not contain malware. We are a text-and-image wiki; viruses and malware cannot be uploaded to or embedded in the articles. As always, however, beware of any external link that you don't recognize, since we cannot automatically screen edits or posts for malicious links.
- 99.99% of the time, any suspected malware will be related to the wiki advertising.
- TV Tropes does not directly control the ads that are displayed. We use third-party ad providers and we determine things like the size and placement.
- We instruct our providers not to serve ads that redirect your browser, take control of the screen from you, forcibly scroll your screen, play audio without being clicked on, install malware, "pop up" or "pop over" your screen, or in any other way interfere with your browsing experience.
- We have custom software designed to detect ads that do these things and automatically block them.
- Malicious entities are constantly trying to sneak ads through the providers' networks in violation of these instructions. As providers have little incentive to proactively detect and block them, it's up to websites to report these sorts of problems.
- We rely on our users to report ads that get through these measures.
- Just because you see a particular ad doesn't mean everyone else sees it. Ads are customized by the ad providers to your location (by IP address), the content of the page you're viewing, and your browsing profile, which is tracking data accumulated by third parties over the course of all your internet browsing.
- Just because you get a malware warning or infection that seems related to an ad on TV Tropes does not necessarily mean that it is caused by one of our ads. Pre-existing malware on your computer can intercept ads and replace them with malicious ones.
- Ads containing malware, obviously.
- Misbehaving ads, such as ones that load a pop-up or pop-under, redirect your browser to another page, hijack your screen or automatically scroll it.
- "Adult" or NSFW ads. Scantily clad women alone may or may not qualify, depending on context, but we want this site to be work-safe.
- Ads that automatically play audio — that is, the audio starts without you clicking on the ad first. Video ads are acceptable.
- Note: Political content is not grounds for rejecting an ad. However, an ad that contains or implies hate speech, disinformation, or outright falsehoods may be objectionable enough to be blocked.
- First and foremost, maintain current, updated antivirus software, and keep your operating system and browser up to date with all patches offered by the software vendors. This includes Adobe Flash, Java, and other rich media plug-ins. Turn on your software's automatic updates if they are not already on and act immediately when prompted to install them.
- Never click on pop-ups purporting to have detected a virus, offering to "tune up" your PC, or otherwise inducing you to click on a link that you were not expecting. Any genuine message of this nature would come from your antivirus software and not from a web page.
- Be careful clicking on external links. These are identified with a small icon next to them. Example: Google. TV Tropes does not endorse or control the content of external links and you open them at your own risk.
- Never respond to any email or web page that asks for personal or financial information, including passwords, unless you have verified its identity. No reputable company will ever ask you for your password(s), other than to log in.
- You may choose to opt out of having tracking information collected by ad providers. This does not stop malware but helps you maintain your online privacy. See here for additional information.
- TV Tropes requests that you do not use ad blocking software while visiting us, as this site depends on advertising revenue to operate. If you do run an ad blocker, please add tvtropes.org to its exception list, or consider donating to the site to have certain ads removed.
- We (or the ad provider) place a "Report advertisement" link next to most advertising frames. Clicking on this will generate an automatic report and is the best way to do so. If you cannot click on this link or do not see it, continue for more advice.
- Try to identify the source URL of the suspect ad (see below). You can also use the target URL (if you are redirected), but note that this may be intentionally obfuscated by the ad provider to hide the source.
- Identify the ad provider. Some ads have a small area that links to the ad provider's page (like Google or AOL). In other cases, you can tell from the referral URL or you can look it up in a search.
- Go to the ad provider's contact/abuse page and fill out their form. Below are some links to common providers' abuse pages:
- Scan your computer for viruses. If your antivirus software will not operate (many malicious programs attempt to disable your antivirus software), you can download a scanning tool on a known clean system and run it on your infected machine from a read-only CD-R or flash drive.
- If you suspect that you've been tricked into divulging personal information to a phishing attempt or other fraud, change your passwords to affected sites immediately and contact your bank, credit card companies, and the credit bureaus to request a fraud alert.
- Please note that TV Tropes cannot assist you with the specifics of maintaining your computer. That's your responsibility. You may request general help in the appropriate forums, but please don't post new threads in the forums dedicated to wiki operation (Wiki Talk, Frequently Asked Questions, etc.).
- Sometimes, the wiki administration can get better results from the ad providers in dealing with malicious ads. If you can identify a malicious ad by referral URL, you can post the link in this thread, but please omit the "http" component so it doesn't create a hyperlink that someone might click on inadvertently.
- For image ads, right-clicking (or a long tap on mobile devices) should give you the option to view and copy the URL that clicking on it will send you to.
- For Flash, Java, or HTML 5.0 ads, it may be difficult to identify the source or the URL by right-clicking. In these cases, you need to view the page source to identify the ad so we can report it.
- In Internet Explorer, you can right-click in a blank or text area of any web page, and choose View Source from the context menu. Firefox also has this option. In Chrome, you can use the Inspect Element menu option, which interactively highlights the portion of the page whose code you are hovering over. You can use this to identify the ad frame and its source URL.
- For embedded ads, there will be a "frame" element with a "src" parameter. Drill down until you get to the lowest level. All we need to identify the ad is the "src" URL from that frame.
for more information or to discuss the service.
Edited by kory on Nov 15th 2023 at 10:36:27 AM
Crazed Lawrencian
In case it helps with the other cases as well mine, here's what my system inspector picked up on the latest couple clicks:
Under Errors:
optimized-by.rubiconproject.com/a/8777/14415/29991-9.html?cb=0.8148775887675583&tk_st=1&p_screen_res=1280x800&p_pos=atf&rp_s=cGET http://optimized-by.rubiconproject.com/a/8777/14415/29991-9.html?cb=0.8148775887675583&tk_st=1&p_screen_res=1280x800&p_pos=atf&rp_s=c Frame load interrupted
optimized-by.rubiconproject.com/a/8777/14415/29991-9.html?cb=0.10465987608768046&tk_st=1&p_screen_res=1280x800&p_pos=btf&rp_s=cGET http://optimized-by.rubiconproject.com/a/8777/14415/29991-9.html?cb=0.10465987608768046&tk_st=1&p_screen_res=1280x800&p_pos=btf&rp_s=c Frame load interrupted
Under Warnings:
Resource interpreted as Document but transferred with MIME type adengine.
Proud member of the IAA What's the point of being grown up if you can't act childish?
Nerdy. Weird. AWESOME.
If you don't have any sort of antivirus/malware software, your computer is a minefield, reguardless of OS.
I'd recommend giving Sophos a try, and see if it helps eliminate any downloads, if not keep yourself protected from other threats.
Everytime I click on he forums or refresh a 29991- (2 or 9) Html from optimized rubicon keeps popping up as 3 failed download messages. Its really annoying and sophos is activated on the PC.
20121018 204833 Blocked web request to "x.bidswitch.net/sync" (linked from "tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html") for user TCSS\weslib. 'HTML Gen-A' has been found at this website, reference ID 124113482.
Crazed Lawrencian
Cache was cleared, Safari was exited, then the cache was cleared again.
...It's still happening.
Proud member of the IAA What's the point of being grown up if you can't act childish?
I've reported this to the ad provider service.
Goal: Clear, Concise and Witty
Crazed Lawrencian
Thank you, sir.
Hmm. For a little while, the number of files decreased to two per instance. It is now back up to three.
—-
And now, it has completely stopped. Thank you again.
edited 19th Oct '12 1:25:46 PM by Colonial1.1
Proud member of the IAA What's the point of being grown up if you can't act childish?
Okay. This problem has stopped appearing now, but I just want some info in case it happens again. Earlier this week, ads would not load on the page but instead the image file would download itself directly into my computer. This kept happening every time I visited a new page, and wasn't limited to any one set of ads, but any ad of anything that appeared on the site. I'm not sure what caused it or what made it end. Any ideas?
Looks like a bug in the ad-providers code. It had an incomplete html entity which was giving all sort of indeterminate results.
Goal: Clear, Concise and Witty
Ah, that makes sense. Should it happen again, is there anything I could do, should I alert you guys again, or just wait for it to end?
The quicker it is reported the quicker we can hold their feet to the flames.
Goal: Clear, Concise and Witty
Hi
Thanks for un-clocking the thread, Eddie.
Problem fixed for me.
Hi
This ad:
http://servedby.flashtalking.com/imp/3/23295;440218;204;gif;AOL;BANAOLAdcomCPA5GeosAQALL160x600FTServed/?ft_configuration=433193&ft_creative=384064&7366389
is giving me the Adobe download request every time it shows up.
Lost in Space
Several websites, including some Minecraft related ones and MMO Champion, have been hit by a malicious ad that made it into Google's system. This might be that or it might be something else. Be wary.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Hi
Two more that are giving the Adobe download request every time they come up:
- Left side: http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=cdi&ai=11521567&p=&pluid=0&ru=http://ds.serving-sys.com/BurstingRes///Site-13801/Type-0/e240115b-5deb-478a-ad84-26b4502267f2.gif&ord=41218133888540&dg=744777
- Banner: http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=cdi&ai=11523123&p=&pluid=0&ru=http://ds.serving-sys.com/BurstingRes///Site-13801/Type-0/1f2b1665-4287-4792-97bd-337ab93d97e8.gif&ord=41218115627800&dg=744980
edited 5th Nov '12 1:03:30 PM by Willbyr
AWKTUHGAHN
This site really wants me to download stuff off it, seeing as it opens up a tab without any warning to tell me "My Download Is Ready!" That, and the fact that it tried to install some spyware to my computer until my anti-spyware smacked it down.
EIGHT GLORIOUS SIDES
My pop-up blocker blocked a pop-up on Angry Black Man. It's showing the pop-up coming from tvtropes.org, so I'm not sure what the actual culprit is. The banner ad at the top is a Flexjet ad and the one on the side is a CenturyLink Prism TV one, from Google judging by the little blue triangle thing in the corner. (I'm not sure how to find the URLs, short of clicking on them.)
EDIT: I've gotten the Prism TV ad on other pages since then, without a problem.
edited 17th Nov '12 5:14:43 PM by Nocturna
Smiter of Typeaux
Was referred here from another post about 'why do the pages reload all the time' when I mentioned a similar problem. This is a copy/paste:
Currently, on the page Timm Style, it's constantly flashing the 'done' at the bottom left of IE. If I try and use the back button to go to the previous page, it just reloads this one. If I click the 'recent pages' button to see the list, it's filled with literally dozens of repetitions of "view.atdmt.com/AVE/iview/3703526"
It seems to be something with one of the ad servers repeatedly puking. If you search for 'atdmt back button' on google, you'll find a lot of people having the same trouble. Some have called it spyware and had it damage their system.
If I reload the page, it will often 'fix' this problem, the done stops flashing and the back button may or may not go to the last actual page. It slows the computer in any case, spyware or not, from having to constantly refresh.
It's not ALWAYS on any particular page; the Timm Style one just happened to be one of the ones it was currently doing it on at the time.
Smiter of Typeaux
Another thing going on now; Not a real problem, but it makes the ads look kind of dumb. In the top horizontal banner and left side vertical one, right now there's the same square ad. Because the banners are rectangular, the square ad is being cut off. Particular link is
http://gbid.adbuyer.com/click?bc=kCpn26ACwOOo.06FStRIh19khlP2YwK.t9u02mSvgijBlxTAFHf0E6gMelMcBRG73K0xvzeekxB2iRP4cgCEt.J4fQK61vKJd.nf.k-ktyruNH8g31hCbSZc6hbaAW5kZ32CTz5J.3GdnHtugr4tiv-R1fAT4EPvpEv5zYQ0GZvQ7Nfxb2eLBqjTKOlQpnqtS-RwFe9fcCUF5bqN8-KwQo39tNV0kyE=&rubicon_click_url=http://beacon-us-east.rubiconproject.com/beacon/t/0ae4118f-f7a6-4beb-9059-9cab9c9fca6b/&redir=http://adserver.adtechus.com/?adlink|5309|1369071|0|170|Ad Id=2976570;Bn Id=1;itime=464875445;
(beats ugly URL to death with a stick)
Nerdy. Weird. AWESOME.
Yesterday I got an ad that filled the entire screen. It claimed we were doing a survey and upon exiting I would be asked to take it. Unfortunately, I couldn't get a source for the ad but if I see it again I will try to report it. Blocking the entire page just isn't cool.
edited 21st Nov '12 10:58:36 AM by VmKid
Hyperforce Go! http://vmkid.me/
Space Wizard
Got another problematic advertising. It was served from http://ox-d.oxasfmg.com/w/1.0/afr?mi=36e2c929-602c-44b6-9a3c-6c977cc622ed&mn=0&mc=1&auid=318874&cb= (now there are different and working ads) and was just a blank ad container with a watermark "Ads by Performance Advertising".
The problem here (besides the ad container being empty) was/is that it loads after the page has loaded and then replaced all other content on the page, thus leaving only a horizontal or vertical empty ad bar.
Programming and surgery have a lot of things in common: Don't start removing colons until you know what you're doing.
AWKTUHGAHN
Well, the site I posted a few posts back STILL hasn't been blocked, and one of its buddy sites tried to force a download on my computer. Hurry up and fix this please, because I'm getting pretty annoyed being greeted by that ad every time I open TV Tropes.
EIGHT GLORIOUS SIDES
I get a popup sometimes saying "This page requires activecontent.js" or something like that, I think it's an ad being blocked by my settings or antivirus or soemthing.
Dumbo
I have no idea. I don't use a Mac or Safari, but I would see if you have the ability to clear its cache and/or check for software updates. I assume there are antivirus products available for Macs as well.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"