What the hell SDMB?

So this happened at work. I thought it was just something wrong with my computer there.

Then I get home and it does the same thing here.

Both times I was surfing the dope.
What happens is my windows browser will just automatically shut down and start trying to do some sort of virus scan. Then a window pops up saying “We highly recomend you do this virus scan, press OK to continue”

I assume whoever this is; is trying to sell me something.

I don’t mind the spam on these boards but damn! They shouldn’t be allowed to close my browser!

Yikes–that happened to me a week or so ago while I was surfing the Dope, and I couldn’t even task-manager away the window. I had to shut Windows down, uninstall Chrome, and reinstall it.

I thought it was a coincidence, but it sounds like a real problem.

It is possible that an ad call on the SDMB triggered a virus/spyware that was already on the machine.

Please follow the instructions in this thread to clean your machine:

If that doesn’t fix it for you, please let me know.


This is bullshit, xash. It’s the party line, but it’s bullshit.

After I stopped posting and stayed logged out while lurking, once ads were enabled I got the virus/malware referred to in this OP while on the SDMB. (It’s also referred to in justin_bailey’s recent OP. It was also referred to a couple three weeks before that, which is where this bullshit excuse came from.) I emailed tubadiva then, and got the same response that you just gave. It happened to me again this morning.

I joined Prodigy 18 years ago. In all that time online, I have never - NEVER - had a virus or malware or spyware on my computer until the SDMB accomplished the task. Virgin no more.

Something is wrong with the ads. I can no longer even lurk in safety; I leave the conclusion as an exercise for the Reader.

I see what you are saying, but I don’t have enough information to determine whether it was a virus/spyware picked up from somewhere else and triggered by an ad call on the SDMB, or whether it was infact an ad on the SDMB that initiated the virus/spyware download.

If it was an SDMB ad that installed the virus/spyware, I would expect a larger number of users experiencing this issue.

We embed standard code in our pages that calls to doubleclick and asks for an ad. Most of the ads we run come from brokers; although it’s not out of the question that somebody would pull a fast one, these ads get served up by the million to hundreds of sites, and if one person has a problem, thousands of people will have the same problem. So far, we have just a few reports, as you pointed out in your links.

I am not in denial that it is impossible for the SDMB ads to initiate a download of a virus/spyware. If such a rogue ad has indeed infiltrated the SDMB ad service, it is of the highest priority to us and must be terminated. However, unless we have information that confirms this and identifies the ad or ads, it doesn’t help us solve the issue. Right now, we do not have information that confirms this or identifies the ads.

Eitherway, this issue has been escalated. If there is any further information you could provide that helps us identify such an ad, we would appreciate it.

To anyone who comes across this reported malware: Please do not click anywhere on your screen once it pops up with the virus message. Reboot your computer immediately, and follow the instructions in this thread:

To the rest, please update your computer with the latest antivirus and spyware protection as detailed in the link above.


I got this virus last week. I got aggravated with McAfee about a month ago because it was slowing down my system. So I unstalled it. Big mistake.

I got the virus immediately after opening Internet Explorer to view a webpage that Firefox was having trouble with.

I couldn’t access the web at all, and every time I booted, the fake virus scanner came up…even in safe mode…so I tried using recovery console to remove the files. In the end, I wound up screwing up the Windows installation and I couldn’t log into Windows at all.

I ended up doing a fresh install of Windows XP on a spare hard drive and then copying all my data and bookmarks over from the other drive.

I got the same fake virus scanner thing this morning too. No problem, Norton caught it. I’m a little bit of a fanatic about keeping my machine clean, scanned, etc. It probably came from here, in my opinion.

Just chiming in to say it happened to me too- on Sunday (yesterday) . . . AT WORK!

Happened to me this morning at work also, and I’m on a very tight network. It’s almost inconceivable that it was something already on my computer.

Links to doubleclick are seen by at least one of the anti-virus/anti-bad-cookie software programs as being bad news – it was 18 months ago, on another computer, that I got the reports on doubleclikc, so I don’t remember which program it was. But that may be a small part of the explanation – though why it would close down a browser if that’s it, I don’t have a guess.

Same here.

Here too. I let it run through to the fake “scan” and it is all being run inside Internet Explorer. The actual malware site is nextgenprotection03.cn, but it goes out of its way to hide - it won’t activate unless it sees a particular session key in the URL and once that key times out, the URL will give a 404 Not Found.

This is definitely being served in one of the SDMB ads.

Is it possible for a virus to get on your computer just by moving your cursor over a link or an ad, or do you actually have to ‘click’ on something?

Can you activate a virus merely by opening an email, or would you have to ‘click’ on something within it?

Is it just the guests that are getting hit?

Can I depend on my “paid member” status to protect me from a potentially infected ad, or do I need to doublecheck my machine?

It’s possible to get a virus even by simply visiting a website. Even if you dont click on anything, a virus can be installed on your machine through malicious scripting or other vulnerabilities in an unpatched browser or OS.

In theory, you’d have to initiate an action since things like JavaScript (used for the hover-over pop-ups) are supposed to run in a “sandbox” where they can’t affect things outside the sandbox.

But… Implementation errors allow things to escape. Many of the security updates you see from software publishers are fixes to particular instances of this type of problem.

Opening an email message can invoke one of the pieces of software which has a security problem. Among other software with problems, in the past we’ve seen attacks via images (Windows error in .GIF handling), Flash, and PDF files. This is one of the reasons I don’t read email with a web browser - I use PMDF on a VMS system on Alpha hardware, which no malware writers target for attacks since it is so rare.

It is much easier to trick a user into clicking on a dangerous link, which is what the current SDMB fake antivirus thing is doing. That doesn’t depend on the user having the vulnerable software installed. Even better for the Bad Guys if they can fool you into thinking you want to install their stuff.

Back to the current SDMB fake - this sort of thing has popped up on DoubleClick for years. As an example, see this eWeek article from two years ago, entitled “DoubleClick Serves Up Vast Malware Blitz”

Guests see ads, members don’t. However, if you are signed out, you will see ads.

We’re still trying to gather information on whether there is any rogue ad in our ad system, but so far we haven’t been able to confirm this. We have contacted our ad publishers to see if they have any reports of malicious ads across their networks.

To protect your computer from Internet malware, please update your antivirus and spyware protection by following the instructions in this thread:


If an advertisement is infecting computers with a virrus/malware, you should ammend your instructions to included the installation of an adblocker. Rebooting the computer is not an acceptable solution to this problem for most users.

We don’t know that this is the problem.

Rebooting prevents the virus from being activated by a user clicking anywhere on the screen after it pops up. The first instruction in the linked thread is to go offline, which prevents any malware from connecting with their host servers. The rest of the instructions in the linked thread walk a user through cleaning up any malware that has already infected the computer, and help protect against future attacks.

If a user sees the pop up from the fake antivirus scan, telling them to install an adblocker will not help solve their problem. It was this scenario to which I was referring when I advised an immediate reboot.

A computer patched with the latest antivirus and spyware protection as detailed in the linked thread, will not be affected by any malicious ads. Not all browsers support adblock extensions. If you have Firefox, you can get AdBlock from here.