The Flyertalk people just don't seem interested in fixing this. I wonder how many people have been scammed by the fake virus alert so far. Gonna stop visting Flyertalk for awhile.

I get it everytime I go to FT when signed out.

When signed in, it does not happen,
because I am paying for the ad-free FT.

Sure it would solve the problem, UNTIL they turned the ads back on. With the ads off, finding the problem ad will be more difficult.

I think you're missing the point.

The ads can be turned off for all users EXCEPT for IB staff that are investigating the problem.

Gives them a little more "encouragement" to find the issue faster too, since it's impacting their bottom line.

Many people have reported in this thread that it's only happening 1x per day. So for their testing purposes, they'd basically need to do this:
1) Launch browser
2) If you get the bogus message, investigate
3) If you do not, close the browser, clear all cookies, go back to step 1.

Why does everyone think the problem is caused by the site advertisements?

I've have tried running the MVPS/PGL host files and I am still getting the redirects - this should be strong evidence there is some flaw in vBulletin/vBSEO which has been exploited.

Since I changed to Google Chrome a few days ago, I haven't had one since. With IE, I used to get them at least once a day when checking out FT. I agree that FT needs to pick up the pace on finding out where the problem is. Or people need to stop using IE and get another web browser like Google Chrome or Mozilla.

this is the ad I see every time that the warning pops up
http://s71.photobucket.com/albums/i1...nt=suspect.jpg

Thanks. My NAV never popped up (I just kill IE from Task Manager). I wonder what's wong with my NAV. It is supposed to be up-to-date and says everything is OK....now I am worried...

Threat warning still appearing this morning. Tried 3 times to sign in to Flyertalk and each time the warning came up. Could not exit it and each time I have had to switch off my PC to eliminate it. Now intend to send a PM to person at Flyertalk and will not try to sign into Flyertalk again until I am sent an e-mail confirming the problem has been resolved.

I've got it several times over the past week, only ever when browsing Flyertalk.

........... and more again for me today.

I'm dissapointed that staff aren't posting updates here.

One temporary solution would be to redirect all *.pl traffic (all the redirect websites are from *.pl domains) on your computer to it localhost (127.0.0.1). This can be done by adding a line in the hosts file in the Windows\System 32 directory.

This should stop the risk of any malware/trojan viruses being downloaded. Any time a redirect occurs, it would just display a blank page (or display Google).

Fake App Attack: Fake AV Website 20
 

Past 2 weeks while accessing this forum, my Norton Virus Network Security program is reporting an Intrusion attempt from:
http://threatdetectagent.pl/944euk/a...84cb2/pr2/196/

Anyone experiencing this attack while accessing the forum?

Intrusion Prevention:
Intrusion Prevention scans all the network traffic that enters and exits your computer and compares this information against a set of attack signatures. Attack signatures contain the information that identifies an attacker's attempt to exploit a known operating system or program vulnerability. If the information matches an attack signature, Intrusion Prevention automatically discards the packet and breaks the connection with the computer that sent the data. This action protects your computer from being affected in any way. Intrusion Prevention protects your computer against most common Internet attacks.

I have also been getting them under the AA forum.

Probably from the Ads

I also get the redirection problem on Windows Phone 7.

I'm still getting it too, now with this web address:

http://firewalltasksprotector.pl/q88...84cb2/pr2/196/

As FT appear unwilling to block ads, please could you outline the process for members to do this themselves. Unfortunately this will lead to members not enabling them again once the problem is resolved, leading to a loss of revenue to FT. Surely its best if FT voluntarily do this themselves.

And Ive spend a few hours running Malwarebytes and AVG doing full scans two or three times each.

http://winhelp2002.mvps.org/hosts.htm

Or

http://pgl.yoyo.org/as/

However, the redirects still occur for me with the blocked ad servers, indicating this is not an ad problem.

Yeah definitely ads. Sometimes "bad guys" buy ad space on legitimate sites. They'll usually run normal ads for a few days in case anyone is watching, then switch to an infected ad and get as many victims as they can.

When you get that alert you should report the page, the alert message and the ads that you can see to the mods.

Its not a virus really. Just a BS pop up. If you click on it then perhaps you could end up in trouble and loading something that would cause a problem on your machine but mostly like that would just be malware and not really a virus as well and still not really caught by your virus software.

I once again got this first time I hit FT today. :td:

Moved to Tech Issues for Site Admin to review.

Sitting in the lounge n reading on iPad over unsecured wifi for last hour, while waiting and no false alarm yet ... So iOS seemed safe so far, cruise critics had these problems for a while n resolve it, might want to check their posts on what n how they fixed it.

On FT it seems to be an IE only problem. I've never seen it on Chrome, Safari, etc.

I have been getting this for about a month now--only on FT and only in IE9, not in Mozilla. I do a CTRL ALT DEL and turn off the processes iexplorer.exe so as to not accidentally download anything suspicious or malicious.

Good luck to all. Hopefully someone figures why it only occurs on FT . . .:-:

I haven't ran across it on my laptop when running Firefox either - the discussions on CC also cited triggering "false" positive running AVG, Norton and even aVast - but not M.S.E. under Vista or Windows 7 ...

Administrators on CC has noted that measures are in place due to "MALWARE ERROR MSGS: Blocked specific graphics urls at this time "

... Please note that as a result of these past two weeks we've taken steps to block specific animated pictures sites and countdown sites because we were receiving messages that those sites may contain malware downloads. If you no longer see your glittery bug or boat or countdown, this is the reason...

Here's the link for anyone interested http://boards.cruisecritic.com/showthread.php?t=1657000

The latest phony pop-up is a poor graphic image of a "MSE alert, saw it on a desktop PC running Windows 7 using IE9 ...

Just got it again. All I know is if my work site had this problem and it took this long to resolve, we would have a new IT department! This is ridiculous.

happened again this evening

^

I'm still surprised that this isn't notified in a sticky at the top of each forum. As far as I can see, this thread is the only place on FT where it is discussed, but everyone I know that uses FT is getting the same problem.

I'm getting this problem repeatedly but only on the FT website. (Using IE.) Surprised that FT still hasn't found/fixed the problem. Even more surprised that FT hasn't issued any kind of notice to members.

Still there!

Come on, tech guys.

What about even a line here to say you are aware of the problem?

Still happening. And it's not limited to IE9 'cause I still use IE8 and get the alert about every second or third time I come to FT.

Its getting really ridiculous now, its totally inconvenient having to close down, restart or clean up the mess coming from FT. If it happens again tomorrow i am going to call time on FT for a while as i dont need the hassle.

Got it twice this morning. Not happening on Firefox, only on IE but I always log in via IE so have to remember to access FT via Firefox for now.

Got it again, after not getting it late last week.

Same for me. And I'm not switching browsers for the sake of one buggy site.

I agree. I won't use FT on my main computer until they fix this. I'll check in from elsewhere if/when I get a chance (as I'm doing today.)

I'm disappointed that this is receiving apparently low priority.

I got it just now,also running Win7 Enterprise, IE9 and MS Antivirus. Never had a virus for it but also never clicked on it. If you ant to know who is doing it someone in FT support should click on it and see where it takes you.

Hi everyone,

We are working to determine which advertisement is causing this messaging to occur. We still believe that this messaging is from is an advertisement that appears to be exploiting a hole in *Internet Explorer* to show a *false* virus alert.

This kind of advertising is *not* approved by FT, and will immediately be blocked when it is located. Meanwhile, despite the message it shows you, you do not have a virus (from this) and FT is not infected.

*One way to avoid it is to switch browsers to Chrome or Firefox.*

Thank you for your continued patience while we work to resolve this.

Paul
Community Manager