It's even on deep-c
Full Version: Vlaze
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Nasties, trojans, 0iframes and downloads when surfing : Info and discussions
There is new nastie side banner ad called Vlaze causes high CPU load posible browser crash.It's loads some kind of crazy streaming radio or something.
It's even on deep-c
It's even on deep-c
Think I might be blocking this "Vlaze", don't sound good. Came across this at other forum posted Nov 17, post number 2:
CODE
http://help.lockergnome.com/security/rid-Spyware-vlaze-jack9-popups-ftopict11362.html
Found this trying to load click-and-win also.....
I think I blocked it from my loading on computer .
I think I blocked it from my loading on computer .
This Vlaze piece of crap is in the Earn By Mails PTP rotater as well. I came across it this morning and besides severely slowing down my computer my Norton detected an attempted trojan intrusion originating from onlinecollegeplanner.com. All the while I could see in the status bar it was attempting to download "vlaze"
Hope all PTR programs hit by it will fix it.
I found it trying to download on my computer again last night but for the life of me I can't remember what site I was at .
Well....My computer is down again !
I am getting sick and tired of all this crap floating around. While surfing SAS earlier my Firefox was crashing every 10 minutes or so because of this Vlaze....so I added vlaze.com to my hosts file...problem solved...no more vlaze..
However all evening long my Norton is detecting attempted trojan intrusions from everywhere...Hot Rods, pooh Bears, Earn by Mails....you name it... and it appears that one of them may have slipped back onto my computer after I spent four hours last week cleaning it up. Its probably just one or two ######s that are placing the infected ads at all the sites. What needs to happen is all POs get together and compare their list of advertisers and see if we can pin down who these pricks are and take some action against them.
-MadMisterChris
* sorry for all the ######s but bad language is called for at a time like this
However all evening long my Norton is detecting attempted trojan intrusions from everywhere...Hot Rods, pooh Bears, Earn by Mails....you name it... and it appears that one of them may have slipped back onto my computer after I spent four hours last week cleaning it up. Its probably just one or two ######s that are placing the infected ads at all the sites. What needs to happen is all POs get together and compare their list of advertisers and see if we can pin down who these pricks are and take some action against them.
-MadMisterChris
* sorry for all the ######s but bad language is called for at a time like this
QUOTE (MisterChris @ Dec 5 2007, 12:24 AM) 
I am getting sick and tired of all this crap floating around. While surfing SAS earlier my Firefox was crashing every 10 minutes or so because of this Vlaze....so I added vlaze.com to my hosts file...problem solved...no more vlaze..
However all evening long my Norton is detecting attempted trojan intrusions from everywhere...Hot Rods, pooh Bears, Earn by Mails....you name it... and it appears that one of them may have slipped back onto my computer after I spent four hours last week cleaning it up. Its probably just one or two ######s that are placing the infected ads at all the sites. What needs to happen is all POs get together and compare their list of advertisers and see if we can pin down who these pricks are and take some action against them.
-MadMisterChris
* sorry for all the ######s but bad language is called for at a time like this
However all evening long my Norton is detecting attempted trojan intrusions from everywhere...Hot Rods, pooh Bears, Earn by Mails....you name it... and it appears that one of them may have slipped back onto my computer after I spent four hours last week cleaning it up. Its probably just one or two ######s that are placing the infected ads at all the sites. What needs to happen is all POs get together and compare their list of advertisers and see if we can pin down who these pricks are and take some action against them.
-MadMisterChris
* sorry for all the ######s but bad language is called for at a time like this
It toook me 7 hours last night to get my computer cleaned out . I have no idea where these nasties are coming from but it is getting ridiculous . Hopefully I won't have any problems tonight ...It took me 2 days last week to get it cleaned out
QUOTE (whitelilac @ Dec 5 2007, 02:59 PM)
It toook me 7 hours last night to get my computer cleaned out . I have no idea where these nasties are coming from but it is getting ridiculous . Hopefully I won't have any problems tonight ...It took me 2 days last week to get it cleaned out
WL, here is some info I have tracked down...if you can compare it to what you have and see if it matches.
Most of the trojans (attempts and succesful) that have been hitting me over the past week are coming from 83.216.217.242 which is a datacenter in Vienna, Austria. In checking my logs I see attempts from this ip going back three weeks but it has really picked up in the past few days. I have emailed the owners of this datacenter with this information requesting that they castrate the responsible individuals. The next time I get another attempt from this attacker I am going to be ready to capture even more info...
I have also had attacks coming from 4.79.209.35 (colorado) which is now offiline...hopefully the isp has taken care of this person.
also- 77.91.229.104, a datacenter in Moscow Russia...still researching info on this one
also 70.87.44.234 (Dallas, TX) emailed ISP, requested offender be drawn and quartered
and 80.93.56.239..Moscow...one attack only about 2 months ago
Thanks for the info Chris .....I will see what I can find .
QUOTE (MisterChris @ Dec 5 2007, 03:59 PM)
WL, here is some info I have tracked down...if you can compare it to what you have and see if it matches.
Most of the trojans (attempts and succesful) that have been hitting me over the past week are coming from 83.216.217.242 which is a datacenter in Vienna, Austria. In checking my logs I see attempts from this ip going back three weeks but it has really picked up in the past few days. I have emailed the owners of this datacenter with this information requesting that they castrate the responsible individuals. The next time I get another attempt from this attacker I am going to be ready to capture even more info...
I have also had attacks coming from 4.79.209.35 (colorado) which is now offiline...hopefully the isp has taken care of this person.
also- 77.91.229.104, a datacenter in Moscow Russia...still researching info on this one
also 70.87.44.234 (Dallas, TX) emailed ISP, requested offender be drawn and quartered
and 80.93.56.239..Moscow...one attack only about 2 months ago
Most of the trojans (attempts and succesful) that have been hitting me over the past week are coming from 83.216.217.242 which is a datacenter in Vienna, Austria. In checking my logs I see attempts from this ip going back three weeks but it has really picked up in the past few days. I have emailed the owners of this datacenter with this information requesting that they castrate the responsible individuals. The next time I get another attempt from this attacker I am going to be ready to capture even more info...
I have also had attacks coming from 4.79.209.35 (colorado) which is now offiline...hopefully the isp has taken care of this person.
also- 77.91.229.104, a datacenter in Moscow Russia...still researching info on this one
also 70.87.44.234 (Dallas, TX) emailed ISP, requested offender be drawn and quartered
and 80.93.56.239..Moscow...one attack only about 2 months ago
Also- I forgot to add.....the trojan which has successfully made its way onto my computer a couple of times now is a variant of the downloader trojan. The file to be on the lookout for is showmsr[1].htm It drive by downloads off the infected website into your temporary internet files and from there installs into your registry and as long as it remains it proceeds to download additional trojans, spam, crap etc and pops you up fake warnings every so often telling you that you aren't protected against spyware and prompting you to download more garbage...
I am trying to find out exactly which website(s) this file is coming off of so I can block them in the hosts file as well.
I am trying to find out exactly which website(s) this file is coming off of so I can block them in the hosts file as well.
QUOTE
also- 77.91.229.104, a datacenter in Moscow Russia...still researching info on this one
This is from bluetack:
http://www.bluetack.co.uk/forums/index.php...amp;#entry85012
CODE
77.91.229.104
1. scanner2.malware-scan.com
1. scanner2.malware-scan.com
The above is a Social Engineering site.
Here's some more that might help.
http://blog.trendmicro.com/in-other-news-r...ispyware-again/
http://explabs.blogspot.com/2007/11/banner...ajor-sites.html
http://www.malwaredomainlist.com/mdl.php?s...amp;quantity=50
This one gives some more information too:
Hijacking via Banner-Ads on Major Web Portals
http://badmalweb.com/rbn-news/rbn-news/rbn...eb-portals.html
Here's another good place to check IP addresses:
http://bsn.borderware.com/toptens.php
Hijacking via Banner-Ads on Major Web Portals
http://badmalweb.com/rbn-news/rbn-news/rbn...eb-portals.html
Here's another good place to check IP addresses:
http://bsn.borderware.com/toptens.php
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.