Today when I open up the PF.com homepage I'm getting what seem like malware pop-ups that I can only close via task manager.

They all have the "ALET ALET URGENT" verbiage and are made to look like windows security pop-ups.

One has this odd language "WARNING!!! Your Flashplayer version is outdated, have security risks. Please Update Now!"

Another is "UPDATES RECOMMENDED! It is recommended that you install the software to ensure your browser is the latest version. Please update to continue."

I'm using Windows 8 with Windows Defender and IE 10 with the latest updates. Nothing detected on my machine. It only comes up when I open PF.com not arf or M4C or any of the multitude of other forums and sites I visit.

Besides not clicking is it possible the forum servers are infected? Just wanted to give staff a heads up.

Obviously ignored the "warnings" and logged in then closed IE with task manager. Re-opening the browser (it retained my log-in) and nothing shows up when I re-open PF.com. Every time I opened PF.com without logging in the bogus warnings showed up.

Am I weird or should I burn my laptop?

I'm not having similar issues.

Does it do it with other browsers?

Nothing like that here, but I auto login...

I'm not seeing the behavior from IE on several machines I've attempted to load the site on, both Win7 and Win8 with various versions of IE.

The site itself isn't typically the culprit for those sorts of malware attacks, but the ad streams used by various websites can sometimes get hijacked by hackers pushing the malware popups. To the best of my knowledge all the major ad stream services out there have been compromised in this fashion at one time or another. The scans they run to catch this sort of thing are usually pretty good, but not perfect.

If possible, can you grab a screenshot of what's showing on the PF homepage when these popups happen? Do you have any other tabs/windows of the browser open when this occurs?

If anyone else out there is experiencing this, please chime in and let us know.

I tried it using Chrome (without being logged in) and the same thing happened. A new tab auto-opens with an address I forgot to copy but sure wasn't to anything legit with a similar generic "you must update your software" message. The tab would not let me close it by either clicking on the "X" or by right clicking and selecting Close Tab/Window. The only way I could close the browser was by opening task manager and selecting End Task.

ETA - This was happening with only one tab open to PF.com.

I just logged back on with IE and now there's nothing popping up.

A scan by Windows Defender found nothing on my machine. If it happens again I'll see if I can grab a screen shot and copy the url.

Can you scan your computer with Ad-Aware (http://www.lavasoft.com/)?

FWIW: Windows defender, especially the Anti-Virus and browser integration, isn't that great of a program.

I'll 2nd TCinVA's assessment... it's frequently NOT the host site but the ads that bring bugs in for people. FWIW I can't even check if an ad is doing it as my router blocks them automagically. :cool: Bugs the kittens out of me when I go anyplace else with my laptop as I'm inundated with ads then.

generic "you must update your software" message. The tab would not let me close it by either clicking on the "X" or by right clicking and selecting Close Tab/Window. The only way I could close the browser was by opening task manager and selecting End Task.


Not PF. I'd scan your computer with another malware solution.

Not PF. I'd scan your computer with another malware solution.

Doing that next. The odd thing was in the same 15 minute period I could close my browser, re-open it and check out arf, youtube, and any other site with nary a problem then go to the PF opening page to log in and the garbage would come up. A half hour later there's no problem and now (15 hours later) still no issue.

I just wonder if it could have been the ad stream as TC mentioned and that has since been corrected by that outfit. I'll report back on a scan by non-windows software.

I can state conclusively that it wasn't the ad servers. Not that it can't happen, but generally speaking it only happens when a site is running re-sold inventory, and PF is running all direct sell inventory right now.

Malwarebytes Anti-malware software works well. Worth a scan every once in awhile.

UPDATE!

I made sure my browsers & OS were set to auto update which they have been since I got this laptop. It's an HP Pavilion G7 using Windows 8.1 and I use IE and Chrome as browsers. I've had Windows Defender on auto update from day one and loaded Malwarebytes last night.

Scans with both Windows Defender and Malwarebytes last night came back with no threats detected on my machine (no browsers were open).

I access pistol-forum.com via the button at pistol-training.com to see if Todd has posted any new musings. Once at pf.com I manually log in.

This morning I used IE to open my email (hosted by godaddy for my business), log on to the Trek bicycle dealer website and 10 minutes later opened a tab to hit pf.com via pt.com in my usual manner.
As soon as I open pf.com a warning block from Malwarebytes pops up.
I've attached a sequence of screen captures below and the text report log from Malwarebytes.

This malware issue has only happened yesterday and today and only intermittently. If I close and re-open the browser and return to pf.com it's maybe one out of three or five attempts that will open up a malware window. If I get a clean pf.com (no malware) and log in once logged in I don't get a malware window or tab opening at all no matter how long I'm on the forum or how many threads I click on.

I used IE today but it happened with both IE and Chrome yesterday.

The malware opens a new window (see images below) that I can't close except by task manager. The pretty red "X" in the top right corner is for show only, right clicking does nothing and I can't even copy the url that appears in the address bar. Being a wise man I don't touch the "OK" button.

Screenshots from this morning. I left them super sized to make the text easy to read.



Three tabs open in IE and warning popping up as I opened PF.com and clicked on the Marksmanship & Gun Handling board without logging in to try and provoke a malware attack.
I opened a fourth tab after the detection to learn how to do a screen capture.
http://i190.photobucket.com/albums/z67/bonecreekgunclub/Forum%20photos/Screenshot1.png




************************************************** ************************************************
Here's the notice that came up while three tabs were open.
I was uploading the first screen captures to photobucket when I remembered to screen capture the actual malware window.
http://i190.photobucket.com/albums/z67/bonecreekgunclub/Forum%20photos/Screenshot5.png




************************************************** ************************************************
After closing IE with task manager and re-opening pf.com all by itself a new window (not tab)
is opened with some bogus "update notice" by Lightspark Player.
http://i190.photobucket.com/albums/z67/bonecreekgunclub/Forum%20photos/Screenshot3.png




************************************************** ************************************************
Here's that Lightspark Player malware window.
http://i190.photobucket.com/albums/z67/bonecreekgunclub/Forum%20photos/Screenshot2.png


Here is the malwarebytes activity report text after this morning.


Detection, 5/8/2014 10:29:39 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 53591, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:29:39 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 53591, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:29:40 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 53590, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:37:23 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 54.243.212.97, imp.premiuminstaller.com, 54004, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:37:23 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 54.243.212.97, imp.premiuminstaller.com, 54005, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:37:23 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 54.243.212.97, imp.premiuminstaller.com, 54004, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:41:28 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.123, onclickads.net, 54383, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:41:28 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.123, onclickads.net, 54382, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:41:28 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.123, onclickads.net, 54383, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

I'm not savvy enough to do anything but take the scan reports at face value that no threats were on my machine. Do the report lines above mean those IP's were trying to install something on the IE folder on my hard drive or is there something in that folder already???

I have to get cranking at work but will try to check this out a few times during the day to answer questions or try suggestions.

Here's how you can remove your malware, Lightspark Player Pro
http://malwaretips.com/blogs/lightspark-player-pro-popup-removal/#adwcleaner

Modern malware or adware is extremely prolific with free software or other free downloads that otherwise look legitimate and innocuous. They will hijack your browser all the time. For example, a few weeks ago my wife downloaded free "frozen" coloring book pages for my five year old. I had to disinfect and reset browser settings after that episode.

Here's how you can remove your malware, Lightspark Player Pro
http://malwaretips.com/blogs/lightspark-player-pro-popup-removal/#adwcleaner

I was going to send that exact same link; this is one that actually gets blamed on ad servers a lot and actually has nothing to do with them.

OK so I ran all the scans recommended at the site JV linked and ADWcleaner cleared a few items off my registry. None of the other scans found anything including Windows Malicious Software Remover and Safety Scan I found on the Windows security site. Windows Defender of course was clueless.

It was just very weird that it came up only when visiting here but I don't have a clue how that interwebby thing works.

Hopefully that's the end of it. Thanks for the help!