I just got the malware hijack on the DVDTalk home page, also happened a couple of times over the weekend. I'm using Firefox on a Mac, I too will be installing NoScript add on right now.

Just got it AGAIN. Whoever's responsible needs a MAJOR ass-kicking.

Hell, I volunteer to do it. Free of charge!

Can anyone tell me where to go to see the cookies installed? I can find the area where you can delete them, but, I don't see where you can view them. I am running Windows Vista Home Premium. Any help would be appreciated.

I just got nailed again when I clicked to go to the Baragins area.

I just got it again on the main page. Like this morning, I saw the banner ad was that t-tubes thing (the blue ad with the people cheering or dancing). Again lke this morning, however, after I closed Firefox and came back, the banner ad was still the t-tubes thing and I did not get the redirect.

Usually IE Explorer/Tools/Internet Options/Settings/View Files.

If you enter the cookies websites into your restricted sites you can keep this thing under control until you clean it out.

blessedads.com
scanner.malware-scan.com
prevedmarketing.com
newbieadguide.com

I got this again. However, this time I was able to grab the source code for the page that ends up re-directing me. Geoff, will this help you in any way? Should I forward it to you? I'm not enough of an expert to know what I should be looking for...

I've been hit with this twice now, the second time this evening. For Geoff, or those wanting to help who are somewhat technically-inclined:

1. Using Firefox, install the Live HTTP Headers extension and restart.

    https://addons.mozilla.org/en-US/firefox/addon/3829

2. Turn off caching. On Windows, select <b>Tools</b> from the menu, click <b>Options...</b>, click the <b>Advanced</b> tab, and click the <b>Network</b> tab. Where it says "Use up to ___ MB of space for the cache", set it to 0 and click the <b>Clear Now</b> button. If you have the Web Developer toolbar installed, you can just go to Tools | Web Developer | Disable | Disable Cache.

3. Open Live HTTP Headers by going to <b>Tools | Live HTTP headers</b>. Click the <b>Generator</b> tab and make sure all the checkboxes are checked.

4. Open DVD Talk. If you didn't get the ad, clear both the Headers and Generator request transcripts and try again.

If you do get the ad, don't click anything on it. Instead, click the <b>Save All...</b> button for both Headers and Generator and save them as text files. Then post the files or send them to Geoff at [email protected].

Remember to turn your cache back on afterward.

Thank you, so much, for your help!

Never mind, got it again, just now.

Just got it again going to the HD Talk forum - the scanner.malware.com one.

Firefox here...

Over the past few days I've seen it at work a number of times, but I haven't seen it once here at home. Is it only doing it at certain times during the day? I only notice it from around 10am to 3pm, something like that.

I just got it (scanner.malware.com) and there was one similar the other day.

same thing a second ago

I got it the other day, and got it again just now. Using IE.

This just happened to me tonight as I was loading the home page for DVD Savant, Glenn Erickson's site. Before the page could load fully (using Safari) I was whisked away to malware central.

Apparently this is an issue plaguing many other sites. A malicious Flash file, served by an ad network affiliate, is thought to be the culprit. The perpetrators have engineered their Flash file to evade detection. Only under certain circumstances will the malicious version of their Flash file be served.

More information:

http://msmvps.com/blogs/spywaresucks...4/1134527.aspx

http://www.scmagazineus.com/Maliciou...article/35605/

Got it about an hour ago when I tried to go to the forum index page. It left behind a folder called bin.clearspring.com in my Flash Player -> #SharedObjects directory (I'm on a Mac).

Just happened to me after clicking on my bookmarked DVDtalk main forum page... the jacked-up thing about this bullshit is if you click on the "cancel" button of the pop-up window it directly shoots you over to the virus website and begins downloading some shit... arrrrg, such bullshit... This started happening to me this past Friday Oct. 19th.

I'm on a Mac also using the Safari browser... "they" even use a pop-up window that mimics a Mac warning.

Still waiting for Google Adsense to identify and kill the ad. They've known about the issue for over 72 hours now.

I just got it when I entered the Tech Talk forum... annoying!

Easiest workaround is actually to uninstall Flash Player. As mentioned a few posts above, the malware is delivered through a Flash script. When (if ever) this thing gets cleared up, just re-install Flash. In the meantime, you are protected from annoyance and/or accidental spyware download for the mere sacrifice of missing out on some rollover ads and assorted Youtube silliness.

So the reason you don't get it when using IE and having ActiveX disabled is because Flash doesn't play in that configuration. Nice.

I rarely need to use Flash, but when I do I just open another browser such as Firefox to view that content. But I don't want it by default. The same thing that allows Flash to run opens up too many other possible exploits.

I just got it while viewing the "Malibu fire" thread. This time it started "scanning" but I stopped it. I thought I had blocked it on my router but apparently it's working around the blocking too. I copied and pasted the new info into my blocked sites list but who knows if this will help.

I had the problem for the first time last night on my home PC using Firefox. Immediately backed out and did a search for spyware: nada. Did not come back to DVD Talk.

Accessed DVD Talk today from work using Firefox and had the same problem, but was able to back out before I was completely hijacked. Searched for and found this thread in the forum. I then removed the cookies for the four sites listed previously.

At home I again logged on to DVD Talk. It appears that the first malware component that loads is from newbieadguide.com. I was able to interrupt before it completed doing whatever it was doing on two occasions and removed the cookie for newbieadguide.com each time. The other cookies were not present.

I have now blocked cookies from newbieadguide.com and so far so good, no hijacks.

Just got hit by malware.scanner.com again (ironically while opening this very thread.) Locked my laptop up and I lost 2 hours of work. I'm done...