Quantcast

Ad popup

jstuhlman

We noticed.
Dec 3, 2009
9,740
4,506
Cackalacka du Nord
Noticed just today...when trying to hit buttons near upper part of screen on ios device new REI page keeps opening up, like i've clicked on some sort of ad link, bit it's not a visible REI ad...wtf?
 

binary visions

The voice of reason
Jun 13, 2002
21,663
411
NC
Sometimes the ad code that gets delivered isn't built right and can cause this. I'll see what I can find.
 

Sandwich

Pig my fish!
Staff member
May 23, 2002
16,146
1,108
01776
I have this too. It pops over the top couple of links on my user CP page. Very annoying. Ad is invisible, there is no actual ad, but it takes over the top half of the screen.
 

binary visions

The voice of reason
Jun 13, 2002
21,663
411
NC
After reading this, I turned off AdBlock for this domain. Shortly thereafter, Windows Defender reported infection with two trojans. Any ideas?
You definitely need to give me more details than that. What "trojans"? Trojans typically very rare to occur in ads, especially in modern browsers which are all sandboxed. Even if the ad network itself gets compromised, the trojan has to make it through all of the other protections of the machine.
 
You definitely need to give me more details than that. What "trojans"? Trojans typically very rare to occur in ads, especially in modern browsers which are all sandboxed. Even if the ad network itself gets compromised, the trojan has to make it through all of the other protections of the machine.
I was in the process of trying to document that when Hilarie managed to severely distract me by throwing a shitter about something. Unfortunately, a side effect of the shitter was me inadvertently clearing the Defender logs. There were two reported; Defender reported "Trojan:" in front of each; one the name of the first started with win32.I know that ain't shit, but it's what I got.
 
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 3/31/2017 11:45:47 AM
Event ID: 1119
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: [deleted, JBP]
Description:
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Suweezy&threatid=2147716113&enterprise=0
Name: Trojan:Win32/Suweezy
ID: 2147716113
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\LICENSE.txt;file:_C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe;file:_C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico;file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\vulkaninfo.exe;file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\vulkaninfo32.exe;file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\VULKANRT_LICENSE.rtf;folder:_C:\Program Files (x86)\vulkanrt\;folder:_C:\Program Files (x86)\vulkanrt\1.0.26.0\;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Intel\Bluetooth\;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: NT AUTHORITY\SYSTEM
Process Name: Unknown
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x80070057
Error description: The parameter is incorrect.
Signature Version: AV: 1.239.488.0, AS: 1.239.488.0, NIS: 116.88.0.0
Engine Version: AM: 1.1.13601.0, NIS: 2.1.12706.0

Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 3/31/2017 11:45:47 AM
Event ID: 1119
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: [deleted, JBP]
Description:
Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Xadupi&threatid=2147709752&enterprise=0
Name: Trojan:Win32/Xadupi
ID: 2147709752
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\LICENSE.txt;file:_C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe;file:_C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico;file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\vulkaninfo.exe;file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\vulkaninfo32.exe;file:_C:\Program Files (x86)\vulkanrt\1.0.26.0\VULKANRT_LICENSE.rtf;folder:_C:\Program Files (x86)\vulkanrt\;folder:_C:\Program Files (x86)\vulkanrt\1.0.26.0\;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Intel\Bluetooth\;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
User: NT AUTHORITY\SYSTEM
Process Name: Unknown
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x80070057
Error description: The parameter is incorrect.
Signature Version: AV: 1.239.488.0, AS: 1.239.488.0, NIS: 116.88.0.0
Engine Version: AM: 1.1.13601.0, NIS: 2.1.12706.0
 

Sandwich

Pig my fish!
Staff member
May 23, 2002
16,146
1,108
01776
well this thread actually got me to finally turn my adblocker off. at home at least. enjoy your new bugatti, BV