Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Advertisement box compromised
#1
Hello,

I suggest the advertisements shown in the ad box for non Pro/Plus users be filtered better or removed altogether. Today I opened Vuze and it started opening IE windows with malware saying my computer was infected. I used task manager to end all IE window tasks but they kept coming back until I also ended the task for Vuze. This is compromising the security of my computer. I have saved the two intected advertisments that resulted in this malware attach and zipped them into a password protected file. I can upload them if you need proof.

The malware identified coming from Vuze ad window were Rogue:JS/FakeCall.D and Ransom:JS/FakeBsod.A

Regards,
Chris
Reply
#2
Please tell me if you continue to see things like this - our ad provider has disabled a campaign that they believe was the source of this.

Thanks for reporting.
Reply
#3
(09-25-2015, 04:31 PM)'parg' Wrote: Please tell me if you continue to see things like this - our ad provider has disabled a campaign that they believe was the source of this.

Thanks for reporting.

 
Thanks,

Will do,
Chris
Reply
#4
This is incredibly frustrating. I don't mind ads if they help support the product, but malicious ads are an insult to all users. Ads that spawn pop-ups are nearly as bad. You can disable and/or unload azpromo, but it always comes back. Something has to be done about this.
Reply
#5
(09-25-2015, 04:31 PM)'parg' Wrote: Please tell me if you continue to see things like this - our ad provider has disabled a campaign that they believe was the source of this.

Thanks for reporting.


 

I'm not sure, but I believe it is related. The suspicious activity is after Vuze install, an executable with the name of ??.tmp (with ? being a number) being downloaded to [TEMP] and ???????.dll (with ? being lower case letter) downloaded to C:\Documents and Settings\[User]\Local Settings\Application Data and a key added to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ to autostart it with Windows logon.

Heuristically all this points very heavily to malware type behavior, using randomly changing names and arranging startup with obscure registry keys. The dll and tmp executable lack provider identity data or signatures.

Versions:
Java 1.8.0_60
 Oracle Corporation
SWT v4508, win32
Windows XP v5.1, x86
V5.6.2.0/4 az3
Reply
#6
F-Secure indicates that the temp files are trojans of unidentified type (by heuristics). FS nor ZA reports nothing about the DLL, but I would expect it to be the launcher for the TMP files. Disinfection of this is easy, just remove the registry key for the DLL and then the DLL and TMP files. Doesn't look like this malware has any serious stealth features, so it seems different from the detections listed by vbjsk.


Attached Files Thumbnail(s)
   
Reply
#7
I had an audio message played through vuse this morning saying my computer has become compromised and all of my data has been accessed including banking details. It was showing this message through the ad provider. Is there anything I need to do? As a saftey precaution I have deleted my Vuze.
Reply
#8
Please Vuze,

DON'T open the door to Mackeeper, the most invasive malware for Mac. Thanks

[Image: o8b70x.png]
Reply
#9
(09-25-2015, 10:09 AM)'vbjsk' Wrote: Hello,

I suggest the advertisements shown in the ad box for non Pro/Plus users be filtered better or removed altogether. Today I opened Vuze and it started opening IE windows with malware saying my computer was infected. I used task manager to end all IE window tasks but they kept coming back until I also ended the task for Vuze. This is compromising the security of my computer. I have saved the two intected advertisments that resulted in this malware attach and zipped them into a password protected file. I can upload them if you need proof.

The malware identified coming from Vuze ad window were Rogue:JS/FakeCall.D and Ransom:JS/FakeBsod.A

Regards,
Chris


 


Same thing here. Just happened today. Thankfully, I have Norton antivirus to stop the pop-up ad virus attacks from Vuse. I think I'll look to switch if it happens again. What good are program features if they come with viruses?
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Message box file "cannot be found" on Mac sakjvpouw 0 3,101 04-19-2017, 06:46 AM
Last Post: sakjvpouw
  Use Standard OS X Save File Dialog Box? GeorgeF 0 3,067 04-17-2017, 03:51 PM
Last Post: GeorgeF



Users browsing this thread: 1 Guest(s)