In short I just opened your site and got a redirection to some pfdskghnkjghnxskdljgh.com saying that my computer is in danger and I need to install an update "OMGDODATNAAAOAOAOAOOW!, press ok to download an absolutely NOT malicious file to have it ANYTHING BUT making a java registry edit, allowing your browser to automatically download viruses via java. My name is Nikolai, very safe!". Since it's not my first day on the internetz, I know exactly what this thing is, and I reported it via the browser report function.



However, what I mean to say is that you need to find a more trustworthy ad host, Hamma and the team.

Did you get the actual information about what this is about? We can remove ads, but if I don't know which ad it is we can't.

The most trustworthy host in terms of advertisements is Google Adsense and they banned us years ago for reasons they won't even reveal to me or SOE for that matter. We have to take what we can get.

Did you get the actual information about what this is about? We can remove ads, but if I don't know which ad it is we can't.

The most trustworthy host in terms of advertisements is Google Adsense and they banned us years ago for reasons they won't even reveal to me or SOE for that matter. We have to take what we can get.

I don't know what the ad is, since after I opened your site, it redirected me instantaneously. (And I was logged in for that matter)

Ok cool - I'll report it to our advertiser.

When you say "pornware" is that what it was called? More description about what it was trying to do may help us track it down.

When you say "pornware" is that what it was called? More description about what it was trying to do may help us track it down.

As I wrote, this opens up a site (usually saying "your computer is in danger, download the updates now) with java overlay window on it asking if "you want to allow this page to do something". If you press ok, it'll modify your java registry and it will download a blocker virus onto your PC. What it does is after you restart your PC, your windows screen will get locked (alt-ctrl-del and alt-tab don't work, since the malware itself replaces the explorer.exe file as a startup program in the registry) with a message saying "you tried to access some extremely explicit content (like children pornography) and you should now send an SMS costing 300$ to unlock windows".


The trick about this malware is that it actually adds a line to your java registry that DOES NOT go away unless you completely reinstall java with removal of ALL associated regedit entries. The malware itself is easily disposed of, but it leaves a backdoor on your PC so everytime you visit that site you download the malware without your browser asking if you actually want to do that.

Yes but I need some key words of what specifically it was rather than what it was trying to do to help make sure we get it removed. :D

Hehe, now you know what malware is Hamma!

DON'T PRESS OK

Just happened again, near instantaneous redirect to: http://zj7hkync.s8.sihegso.ru/

I just got a banner ad that was very suspicious. It was a fake video player showing nothing and a box next to it that said something like "you lack the plugin to view this video, click here to upgrade [upgrade button]". Needless to say, I did not "upgrade" to malwareville.

Thanks guys.

Do you know the destination of that banner Binkley?