Threats Detected on PB Forum Site

[IdeasVacuum]

Avast is intercepting a threat-a-day on the PB Forum Website, which tries to re-direct to a spoof Flash Download site.

[Zach]

NOD32 hasn't picked up anything, sure its not a local infection spoofing the site or something?

[PB]

No problem with Avira, and also Firefox isn't reporting the site as malware.

[Samuel]

I have Avast as well, but I have never received a threat detection on the forums. You may want to do a system and boot-time scan on your computer.

[Kuron]

Block the ads if they are still here. See if it still picks up a threat with the ads blocked?

[tj1010]

If it was a local infection, what if their AV doesn't have a signature for it yet? What if [your av here] doesn't have a signature for it yet?

My best recommendations are Kaspersky offline(free), security essentials Offline(free), or Avast beta anti-rootkit(free) or GMER(free) which it is based on.. Malwarebytes(free) is also a respectable solution but not good against the rootkit likely hiding any modern malware..

I've been meaning to make my own peboot based offline startup scanner for windows MBR, VBR, NT init binary hash, and registry scanner which pretty much detects anything except BIOS kits which for the most part don't exist yet..

Even something that just shows offline what is in startup registry keys finds everything but boot loader malware and init binary infectors, which both are an extreme minority..

[Bananenfreak]

Is this an ad? My adblocker doesn´t block it...

Avira got no Problem with nothing, it smells like weed.

[IdeasVacuum]

I think the reason others may not have seen this issue (yet?) is it's sporadic nature, or perhaps your AV deals with it faster/silently. Security Essentials never knew it was happening. It is always intercepted by Avast (they would know if it was the local system rather than the web server?) and FireFox often traps it, but not often enough. It is indeed to do with the ads running at the bottom of the page, which 99 times out of 100 are innocent. There is however something malicious there somewhere. When Avast kills it, the advert becomes a (large font) short piece of text: 'Document.write()'

[c4s]

In another thread you've said that you're still on Windows XP. So be extra careful if you really don't want to upgrade.

[tj1010]

I think the reason others may not have seen this issue (yet?) is it's sporadic nature, or perhaps your AV deals with it faster/silently. Security Essentials never knew it was happening. It is always intercepted by Avast (they would know if it was the local system rather than the web server?) and FireFox often traps it, but not often enough. It is indeed to do with the ads running at the bottom of the page, which 99 times out of 100 are innocent. There is however something malicious there somewhere. When Avast kills it, the advert becomes a (large font) short piece of text: 'Document.write()'

It's only a problem if the browser is running as a privileged user or it hits you with a privilege-elevation exploit before MS releases an update to patch said exploit..

MSE signatures are typically days behind others, and the offline version has the same database.

[Zach]

I use Adblock Edge, so I never see ads on most sites.

But if its sporadic and its linked to the ads, that would not surprise me. Most ads are rotating banner systems and serve from a small pool of selected ads. Probably one of the advertisers (or the company itself) up to shenanigans.

[IdeasVacuum]

In another thread you've said that you're still on Windows XP.

I'm also on Win7 x64 and Win8.1 x64 (separate machines). The reason I re-tried many other AVs was of course XP's impending doom. Avast, which I really disliked before, is now really nice.

[IdeasVacuum]

I have tried various ad blockers, yet never heard of Adblock Edge, just so many out there. I don't mind the ads, so long as that is all they are. I assume Fred has ads on the Forum to glean some extra income - if I found an ad really really interesting I would click-through.

It might be the case though that these are more than 'naughty advertisers'. I think it is quite possible that there is malware on the server itself.

[tj1010]

I have tried various ad blockers, yet never heard of Adblock Edge, just so many out there. I don't mind the ads, so long as that is all they are. I assume Fred has ads on the Forum to glean some extra income - if I found an ad really really interesting I would click-through.

It might be the case though that these are more than 'naughty advertisers'. I think it is quite possible that there is malware on the server itself.

Edge is Plus without whitelist ads. I use Plus under FF and Chrome.

If we're judging AVs by detection rate, then we should go by typical virustotal results on fresh malware samples. It's usually Dr.Web and Avira who detect first. For real-time protections Norton IS and Kaspersky IS are typically better design though.

I just use sandboxie and MSE, both 100% free.. MSE has a delay in detection but does signatures just as good as the others, just use it offline sometimes because of rootkits..

[IdeasVacuum]

Yeah, I am a long-time User of MSE and I think it's adequate, but of course it is not updated for XP any more. One thing I didn't point out and that is that the PB Forum is the only website where this issue occurs, out of the many sites I regularly visit (most of which also have ads of course).