Penny Arcade Forums Help / Advice Forum
The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Strange ads/scripts trying to run on main PA site?

LinktmLinktm Registered User regular
in Help / Advice Forum
I'm running Trend Micro and nothing has popped up yet, so I'm wondering what's up here. Last night when going to the PA homepage I got a bunch of things popping up in my NoScript for different sites. They would ONLY pop up if I approved penny-arcade.com, it was stuff for like "netseer" and other crap. The reason i noticed this is because there were a few floating boxes and other weird "spywarey" type shit in my browser setup that are normally never on the PA site. I double checked at work and I get none of this. Any thoughts on a quick solution?

Posts

  • HevachHevach Registered User regular
    edited February 2013
    Check for unexpected browser addons, download and run Malwarebytes. Kapersky's TDSkiller can also find particularly well hidden bits of spyware and not just actual rootkits, it's my secret weapon against search link hijacks. In all cases, running scans in safe mode also sometimes turns up things that were missed in normal mode.

    Also, in Internet Options>Connection Settings>LAN Settings, check if you have a proxy set. A fairly common form of spyware will just set a proxy and do nothing else, and let the proxy do the work by adding or changing scripts to pages you try to view.

    Hevach on
  • LinktmLinktm Registered User regular
    Yeah, Malwarebytes was my first step. Trend Micro had me uninstall it because of conflicts or whatever, so I haven't reinstalled it yet after upgrading to 2013 edition. I'm hoping it's something simple and not some giant pain in the ass, especially since I haven't really done anything out of the ordinary in terms of site visiting.

  • Great ScottGreat Scott King of Wishful Thinking Paragon City, RIRegistered User regular
    edited February 2013
    DNS redirect, most likely. Although it may not fix the problem, a good first step would be to change your DNS servers to Google's (8.8.4.4 and 8.8.8.8).

    Note that you'd be telling Google where you're browsing, but I prefer them knowing to my ISP :) (NOTE: your ISP can still track you regardless).

    I'd check for entries in your HOSTS file next; depending on which version of Windows you have, it could be in different places, for Windows 7 it's C:\Windows\System32\Drivers\Etc. The file has no extension, you'd have to open it in Notepad. Ideally it would be empty (You might see "Localhost 127.0.0.1", which is harmless).

    What browser do you use? Did you check both it and "Programs and Features"/"Add New Programs" for any new extensions?

    Great Scott on
    I'm unique. Just like everyone else.
  • LinktmLinktm Registered User regular
    Using Firefox, I would presume the most up to date version. I didn't think much of it last night before bed, but I'm going to investigate further when I get home from work. I'll check for weird extensions/plug-ins too.

  • LinktmLinktm Registered User regular
    edited February 2013
    Well, shit, that was easy. Removed a program called "Yontoo". Just did some searching on some of the .com's that noscript was catching. One of them was called "SuperFish.com" which seemed... wait for it... fishy. So, I uninstalled the app. Disabled the firefox plugin, and moved on with life. Apparently it was tied into some "App" on Facebook. Probably caught it while playing a Facebook Game and clicking on something without paying attention.

    Thanks for the help folks.

    Linktm on
Sign In or Register to comment.
Penny Arcade Forums Help / Advice Forum