Forum has malware?

[Lomshek]

Not PF. I'd scan your computer with another malware solution.

Doing that next. The odd thing was in the same 15 minute period I could close my browser, re-open it and check out arf, youtube, and any other site with nary a problem then go to the PF opening page to log in and the garbage would come up. A half hour later there's no problem and now (15 hours later) still no issue.

I just wonder if it could have been the ad stream as TC mentioned and that has since been corrected by that outfit. I'll report back on a scan by non-windows software.

[jetfire]

I can state conclusively that it wasn't the ad servers. Not that it can't happen, but generally speaking it only happens when a site is running re-sold inventory, and PF is running all direct sell inventory right now.

[EMC]

Malwarebytes Anti-malware software works well. Worth a scan every once in awhile.

[Lomshek]

UPDATE!

I made sure my browsers & OS were set to auto update which they have been since I got this laptop. It's an HP Pavilion G7 using Windows 8.1 and I use IE and Chrome as browsers. I've had Windows Defender on auto update from day one and loaded Malwarebytes last night.

Scans with both Windows Defender and Malwarebytes last night came back with no threats detected on my machine (no browsers were open).

I access pistol-forum.com via the button at pistol-training.com to see if Todd has posted any new musings. Once at pf.com I manually log in.

This morning I used IE to open my email (hosted by godaddy for my business), log on to the Trek bicycle dealer website and 10 minutes later opened a tab to hit pf.com via pt.com in my usual manner.
As soon as I open pf.com a warning block from Malwarebytes pops up.
I've attached a sequence of screen captures below and the text report log from Malwarebytes.

This malware issue has only happened yesterday and today and only intermittently. If I close and re-open the browser and return to pf.com it's maybe one out of three or five attempts that will open up a malware window. If I get a clean pf.com (no malware) and log in once logged in I don't get a malware window or tab opening at all no matter how long I'm on the forum or how many threads I click on.

I used IE today but it happened with both IE and Chrome yesterday.

The malware opens a new window (see images below) that I can't close except by task manager. The pretty red "X" in the top right corner is for show only, right clicking does nothing and I can't even copy the url that appears in the address bar. Being a wise man I don't touch the "OK" button.

Screenshots from this morning. I left them super sized to make the text easy to read.



Three tabs open in IE and warning popping up as I opened PF.com and clicked on the Marksmanship & Gun Handling board without logging in to try and provoke a malware attack.
I opened a fourth tab after the detection to learn how to do a screen capture.





************************************************** ************************************************
Here's the notice that came up while three tabs were open.
I was uploading the first screen captures to photobucket when I remembered to screen capture the actual malware window.





************************************************** ************************************************
After closing IE with task manager and re-opening pf.com all by itself a new window (not tab)
is opened with some bogus "update notice" by Lightspark Player.





************************************************** ************************************************
Here's that Lightspark Player malware window.



Here is the malwarebytes activity report text after this morning.

Detection, 5/8/2014 10:29:39 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 53591, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:29:39 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 53591, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:29:40 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 53590, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:37:23 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 54.243.212.97, imp.premiuminstaller.com, 54004, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:37:23 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 54.243.212.97, imp.premiuminstaller.com, 54005, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:37:23 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 54.243.212.97, imp.premiuminstaller.com, 54004, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:41:28 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.123, onclickads.net, 54383, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:41:28 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.123, onclickads.net, 54382, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

Detection, 5/8/2014 10:41:28 AM, SYSTEM, ROGER-PC, Protection, Malicious Website Protection, IP, 78.140.143.123, onclickads.net, 54383, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

I'm not savvy enough to do anything but take the scan reports at face value that no threats were on my machine. Do the report lines above mean those IP's were trying to install something on the IE folder on my hard drive or is there something in that folder already???

I have to get cranking at work but will try to check this out a few times during the day to answer questions or try suggestions.

[JV_]

Here's how you can remove your malware, Lightspark Player Pro
http://malwaretips.com/blogs/lightsp...al/#adwcleaner

[EMC]

Modern malware or adware is extremely prolific with free software or other free downloads that otherwise look legitimate and innocuous. They will hijack your browser all the time. For example, a few weeks ago my wife downloaded free "frozen" coloring book pages for my five year old. I had to disinfect and reset browser settings after that episode.

[jetfire]

Here's how you can remove your malware, Lightspark Player Pro
http://malwaretips.com/blogs/lightsp...al/#adwcleaner

I was going to send that exact same link; this is one that actually gets blamed on ad servers a lot and actually has nothing to do with them.

[Lomshek]

OK so I ran all the scans recommended at the site JV linked and ADWcleaner cleared a few items off my registry. None of the other scans found anything including Windows Malicious Software Remover and Safety Scan I found on the Windows security site. Windows Defender of course was clueless.

It was just very weird that it came up only when visiting here but I don't have a clue how that interwebby thing works.

Hopefully that's the end of it. Thanks for the help!