Dyre Straits

I just got this one right after clearing my IE Temp Folder, including all offline content, AND running Ad-AwareSE after updating it and doing a full system scan.



The only site I've been browsing that has any ADs, period, is DH.

__________________

Zardon

Dyre there is NO popunder code on DH - you read this in the other thread, right?. The only possibility is it might be one of the ads above the google ad targetting your IP and breaking a table or iframe rule and popping into a window. As the ad provider is in Canada its pretty hard for me to get immediate responses

As this seems to be irritating you guys, install google blocker or use a good browser like opera/firefox with blockers which will stop popup code, spyware and all the crap on your systems.

Zardon

EDIT: MEDIAFASTCLICK.net was not associated with our ad provider rydium canada anyway, so im not sure where that one is coming from. Also we NEVER had popunder code on the forum, which is the page you are viewing in Internet explorer not the front page.

I have an email on its way to rydium canada, if I dont get a satisfactory response their two remaining ads will be removed.

Dyre Straits

Z, I'm not trying to do anything other than report what's happening.

I just ran Ad-aware once again after doing so only a little over an hour ago. It showed up with 19 more critical instances and I've quarantined those.

I've also, just now, gone through my list of cookies and manually deleted anything suspicious....and especially anything with 'ad' in it or even smacks of being so.

We'll see what happens now.

This particular AD I posted showed up right after I closed down my DH page and browser. I simply re-opened DH and brought the AD forward to show what was happening.

I know you guys are doing all you can to make our experience here less frustrating and I hope that, together, it will succeed.

I'm just wondering if some kind of code is getting hidden within some of the ADs that, in turn, cause others to show up 'down the road'.

__________________

Zardon

Just to clear things up even further as im not trying to hide anything from anyone.

All the ads now on DH run on the main server, except the two ads above the google ad on the forum,. these are linked to rydium canada a well respected company who display ads in relation to a viewers IP address. Over the years I can gone away from these server style ad farms to have more control over the ads I run here, this way if people have a problem I can give a concrete answer as to the reason something is happening. I am also aware you are only reporting the problems you are finding but you have to understand with the internet the way it is right now, it is increasingly hard to track down what exactly is coming from where as there are ad codes now on other sites which lay dormant for a specific time then appear so as to fool the person they are "infecting" into thinking their site isnt responsible. So while I understand what you are saying you have to understand that I know for a fact some of the ads and problems people have been posting in the feedback forum over the last year havent sourced from this site.

Today I have emailed Rydium canada telling them I removed their popunder code from the front page and I have reported the issues you are having, if I dont get a satisfactory response from them I will be removing the two ads above the google ad. These ads arent critical to the running of the site but they generate a little extra revenue which is important as the site gets around $20 in donations every two months, as our costs each month are well in excess of 40 times that you might understand my need to ensure I get adequate funding to keep this site running.

However im not here to make the experience unpleasant for people, I personally hate sites with loads of popunders and popups, and forced clicking. Im sure you have seen our download server and how smooth that operation is, that costs a fortune to maintain and its barely covered by advertising. I could start making people click 10 times to get a download like we see on many download sites but I want something user friendly and easy to use so I dont.

I do listen to you guys, after all ive removed the popunder and intellitxt code from the front page and if I feel rydium are attempting to run rogue code in the two remaining ads I will also remove them and concentrate more on trying to get quality companies like ATI, visiontek, corsair and OCZ to maintain their support but its not easy sometimes !

In the meantime Dyre, snag the micrsoft free antispyware client (I find it works better than adware SE), and get yourself a popup blocker for Internet explorer, its not the ideal browser for surfing the web and you might find those options helpful. I do strongly suggest however you take a look at the free OPERA client, it really does make the internet experience a lot less trouble free.

Ill report back when I find anything out.

Dyre Straits

Z,

This one just now. It popped under and then came on top all by itself.

I'll check into using another browser. I'm just providing this for reference if you need it to communicate with your AD company.

__________________

Dyre Straits

And this one, right immediately after posting the previous post:

__________________

pr0digal jenius

dyre, do me a favor, and right click on the add, and go to view -> source, and paste that in here, hopefully from their I can tell you what, if anything, it's mining from your registry and we can delete it

Zardon

The ad company have replied:

"HI Allan

I am familair with those inquire ads and we do not currently run them, we had an opportunity of working with them in the past but we didnt like the intrusive nature of their advertising. Please inform the users on your site experiencing these issues that they are more than likely getting them from registry and mining exploits experienced on other networks. We have seen some of these new methods of advertising and some of them are incredibly hard to remove even with the tools available. Also we do not run popunder code in standard 468 or 7xx adverts, it is impossible for these to appear as "pop code" as they are bound by iframe and table HTML code via your system."

Dyre Straits

PJ, and Z,

Next event, I'll be glad to do that right-click and check the source. I think we all want the same thing -- to be rid of these.

__________________

swimtech

Hey fellas...

Ditto for me this am on one of my work machines - durn it - I clicked properties and got the dialog box but didn't capture the beast.

HOOO! - Got him! It is running flash... Just now, as I was typing this response! You want properties? On the way... Mortgage rates hit record lows - my heiny hole... Lemme do this - I'll type it here verbatim... But wait, now the C5.zedo.com ad too! Are the doctors in?

I have popups enabled for this site...

Address (the Search Inqwire ad...) http://www.inqwire.com/homepage.prec...s&pop=no&float Size is 22755 bytes.

Another Search Inqwire ad just popped up - that's two of those and the one Zedo total = 3.

Properties of the second Search Inqwire ad... same exactly as the above EXCEPT for this - ...troika1c&lpt... Size same as above.

Oh boy, now a (http://www.swbtk.net - Test Document - Microsoft Internet Explorer) ad popped up, total of four now... Not doing anything but typing this and closing those dialog boxes and windows... Can't get properties or resize this one, but am seeing http://ad.doubleclick.net/click;h-v5...0;12051803;514 (cant see anymore and visible in bottom of window when cursor is held over the ad)

That looks to be it... Closed the windows, nothing else is popping up. 4 Total Popups/behinds...

Ran Microsoft AntiSpyware app (Quick Scan) to no avail before beginning to post this.

I'm not at all upset - these seem benign, just have to close them...

Edit: the URL stuff was truncated, of course if you try an edit of my post you can see the untruncated URL information.

__________________
It's not so much getting your way that matters or not - what matters is how you go about getting it.

pr0digal jenius

http://www.spywareinfo.com/~merijn/downloads.html

CWShredder may fix a large portion of it, and hijackthis will reveal other thigns you probably had no idea existed.

Robert McClelland

I have no ad pop up on my system Drye think you should used opera I don't have any ads popup if I did it would tell me maybe you need freash formated?
Try spybot search and destroy program.

__________________
"XTREME AUDIO IS CRAP!" "There no support for it. It's crapist card on face of the earth it should be throw into the sun"
http://www.speedtest.net/result/1949536385.png

Dyre Straits

Fellas,

I use both AdAwareSE and Spybot Search and Destroy. I use these right after clearing my browser cache and also after updating the programs.

Now, one other thing that does happen each time I get one of these Inqwire ADs...and it ONLY happens with DH: In my Favorites, when I clear the Browser cache, all those little icons in front of my Favorites list turn into the little 'e' to indicate Internet Explorer. Even the one for DH does this. BUT, once this Inqwire AD shows up, my DH icon with the little 'e' returns to the proper little icon with the DH insignia. And, DH Favorite is the only one that returns to the site's insignia. This has been going on for a long time, too.

I don't have an explanation for it, either. Just that it does happen.

__________________

Zardon

I believe you, however I cant reproduce it, the ad company cant reproduce it, we dont have popunder or popcode even running. so there really is nothing else I can do. Try another browser see how that goes, your IE might be critically infected beyond repair.

Vikingod

I'm getting these same ones (dont care really), what differnt with me, I JUST reformated my lappy, first site I visited was DH, on explorer I got one ad, opera... nothing. Use opera mostly, just use IE for news posting, I get the ad when I get to the news archive.

Robert McClelland

Zardon can you go to Local Library? Maybe try it? There unless you got very great firewall on your broadban connection hehe Maybe thats why you can't reproduce it.

__________________
"XTREME AUDIO IS CRAP!" "There no support for it. It's crapist card on face of the earth it should be throw into the sun"
http://www.speedtest.net/result/1949536385.png

BWX

-just for reference- (don't kill the messenger! )

I think it is one of those 3 ads at the bottom.. These pics were taken after the pop-up code was taken out completely. It bypasses IE6 and google toolbar pop-up blocker..

http://driverheavenuploads.co.uk/BWX...code-gone2.png
http://driverheavenuploads.co.uk/BWX...opup-code-.png



Also since that thread saying the pop-up code was gone I still get this one once in a while.. but have not in a couple days- so it may be gone for me anyway- it also bypasses Google and IE6 pop-up blocker. (I also know it is not coming from DH- probably an ad)
http://driverheavenuploads.co.uk/BWX/weird-ad5.jpg

__________________

Dyre Straits

I had to leave for work directly after my last post about this. Since I arrived home I've run my Virus scanner, it found nothing. I also ran that CWShredder mentioned above. It placed one hit on Qttask.exe. If this file is infected/hijacked it will reset the browser home page to www.space.com. That's not happening at all.

So far, I haven't found anything on my system that is getting a hit.

I have one other app to download and try that also uses Hijackthis in conjunction with it's fixes. We'll see what happens.

__________________

Zardon

Tried from 5 connections with all the major browsers even OSx browsers, then I tried proxies to reproduce USA IPs, still nothing, asked the ad company, they verified the codes, they also tried to reproduce the issues, they have reported nothing as ive said in this thread a few times already.

On top of all this we have removed the popup code, nothing else I can do, however you can all free feel to vent in here, ill leave the thread open but i doubt ill be checking as regularly, ive said and done all I can. Advertising on this site is more than likely going to quite dramatically change in 2006 but im not going to discuss that yet.

Thanks.

swimtech

I was on for a while from home last evening - updated SpywareBlaster and enabled all protections but still (as always...) left popups enabled for DH - that's all - and no popunders/overs/arounds/throughs/behinds/ups were apparent...

Edit: No modifications at all to the laptop after the 4 popbehinds yesterday (other than scans - nothing definitive) and haven't seen the popups at all today either...

__________________
It's not so much getting your way that matters or not - what matters is how you go about getting it.