1064Views87Replies

Author Options:

Virus on Instructables! Answered

There is an instructable that will install a virus when you click to open it!  It is titled "How to get a free Itunes account (without using a credit card).  Written by Efrum.  Do not click on this intructable!!


****Please post all new virus reports on the new official virus problem topic here!****


Discussions

We are looking into the problem. Meanwhile, if you're having this issue, please leave a comment or PM me with information that can help us track it down.

This includes:
- any ads serving on the page that they remember
- description of malware
- user location
- direct URLs
- screenshots

I don't listen to any music on my phone, and I'm not about to start. When I tried to access the question answer site just now it immediately said there's a malicious virus, but I selected to access your site anyway. Any help would be much appreciated. Kenneth McLaws

Please send as much information as you can to service@instructables.com - dates, times, exact pages visited, browser being used, operating system being used, add-ons installed etc.

I try to open Instructables and I keep getting the virus warning. I try to exit and it won't let me, I have to close the whole window. I'm not tech savvy but I'm trying to learn, so if the lingo in my email is hard to understand, just ask and I'll try to explain. Kenneth McLaws

Please send as much information as you can to service@instructables.com - dates, times, exact pages visited, browser being used, operating system being used, add-ons installed etc.

evidentally you guys are doing something right, because i haven't had an attack in quite some time. thanks!

I've encountered it several times since Jan 1st.  Just hit it again 5 mins ago on the Hans Solo Carbonite Wooden Cabinet instructable.

It pulls up McAfee screens showing infections everywhere.  It pops up another alert screen from MICROSOFT or similar - all very real looking.   It also tries to prevent you from closing out the browsers, keeps poppingup new ones.  First time I was so startled I pulled the LAN cable out, power out, and popped the battery as quickly as I could.

I'll have to stop coming back to INSTRUCTABLES while the site is infected.

We just shut down yet another ad network and hour ago - can you let me know if it happens to you again?  Thanks!

I've had two assalts by" the computer is infected, then starts running
virus check," I tracked the site down and went back to it today, no problems yet. Enclosed is a picture of the site that gave me problems. NOTE;
this is a picture only!

Hmmm.... I only had this problem with other computers than my own, and I recognized it right away, mainly because I had a virus before called "antivirus 2009".  Fun little virus, essentially popped up a nice little screen that told me that my computer was infected, and I should download their software.

Strange though, I never encountered it at home.  Firefox?

We just shut down yet another ad network and hour ago - can you let me know if it happens to you again?  Thanks!

0
user
noahw

8 years ago

**UPDATE**

Hey everyone having virus troubles - we've just made a change and blocked a whole bunch of ad networks that appear to be the cause of our virus troubles. 

Can anyone still actively having this problem please post on this thread and let me know if they are still getting warnings and alerts? 

Thanks for your help - we're working hard to resolve this.

I had it again today when I went to a link on the main page,' how to upcycle plastic bags'.  Think I clicked on a link there and it popped up again.  I've run virus scans and my computer's come up clean, but I shut it down right away, though the first time it happened it mimicked my own virus scanner.  It happened about 8:07 a.m.

We just shut down yet another ad network and hour ago - can you let me know if it happens to you again?  Thanks!

Thanks for the update - it really helps us figure out what ad networks to turn off.  Keep 'em coming please!

I went into "building your laptop" 2-3 page and I got a fake virus warning and started scanning my hard drive...a few days ago I was here  and got the virus, even tho I did not accept the warning, got the old blue screen and had to fresh install win xp, but I lost everything.  Is there any way you can scan this website?  Can you make it  in order to access this site, you need to log in? I'll be back in a couple of weeks, Good Luck

We just shut down yet another ad network and hour ago - can you let me know if it happens to you again?  Thanks!

That certainly is an unfortunately timed ad right now.

(not a virus report itself I assume though)

My Norton has just started (in the last half hour, and as I type) flagging up a threat on the site as a whole:

Threats found: 1
Here is a complete list:

Threat Name:Infostealer.Gampass
Location:https://www.instructables.com/files/orig/FQW/G5Y1/F4L2T7N8/FQWG5Y1F4L2T7N8.tmp
  

----------------------------------------------

Discovered: November 12, 2006
Updated: March 16, 2007 7:51:32 AM
Also Known As: LIneage YI [Computer Associates], Bloodhound.KillAV [Symantec]
Type: Trojan
Infection Length: Varies
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Infostealer.Gampass is a generic detection for a Trojan horse that steals online game accounts, such as Lineage, Ragnarok online, Rohan, and Rexue Jianghu.

Note: Virus definitions dated November 17, 2006 or later may detect this threat as Bloodhound.KillAV.

Protection

  • Initial Rapid Release version November 12, 2006
  • Latest Rapid Release version January 6, 2010 revision 034
  • Initial Daily Certified version November 12, 2006
  • Latest Daily Certified version January 6, 2010 revision 023
  • Initial Weekly Certified release date November 15, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Kaoru Hayashi

Rachel reports that that particular file was uploaded by a user back in July of 2007.  It has just been deleted and the user has been warned, so hopefully this case is closed. 

Strange that it just popped up for your now though, I guess something triggered it to turn up on the site.

We're assuming that the user did not know that their file was infected and don't suspect that has anything to do with what we've been experiencing related to the virus on our ad networks.

I have just logged on, and the site is showing "green" in the Norton toolbar.

Awesome.  After deleting the file you pointed us to Cloude submitted the site for a safety review yesterday and we were given a clean bill of health.  It feels good to be green again.

Thanks for the update!

Can you re-post at the new & official topic I just published?  We're trying to aggregate...

https://www.instructables.com/community/Virus-Problem-Updated-Topic-Post-Here/

Make me glad I don't click adds or view instrucables often.

0
user
noahw

8 years ago

Has anyone had any problems so far this morning? 

Wednesday, January 6th

yes this a.m. I went here
https://www.instructables.com/id/DIY-CNC/ 
this morning and a window popped up saying I had a terrible virus and it fake started scanning my drive... and then a dialogue box popped up to run or save some file that tried to look like a virus protection app.  I X'd out of pop ups, then closed IE. then scanned my drive with my own virus prot software and had none.  This happened to me yesterday also. I've been browsing around in the last 10 minutes, and no virus threat popus. I'll try to get screen caps if it happens again

Thanks for your help!

After visiting the site before christmas i got the same fake virus warning page, just closed every window with X, no "ok" or "cancel" button.

This was on my work computer, and after a few minutes I recewied a mail from the IT-department, saying my computer might have been infected with virus. Some of the text is in Norwegian, saying IDS reporting this computer might be infected, see log.

IDS rapporter at denne er mulig infisert, se denne.
22.12.2009 10:17:16 ***.***.***.***: 54743 94.102.63.245 : 80
HTTP - Access to injected site with fake Antivirus

I've ***'d out my ip adress, but the other one might help your guys.

Afterwards i used the christmas holidays to install Windows7 and today the second internetpage I visit after reinstalling, is instructables.com, the frst was windowslive.com. After loading the home page I click on the banner showing a rubics cube made with dice and magnets, and boom the same fake antivirus page shows up..

Now I'm just waiting for the IT-department to come and smack my fingers and take my computer away... And I might not get any icecream for a year..

The virus happened to me as well only moments ago.  I had only just logged in and clicked on the DIY on Organizing your stuff.   Someone above commented that they have scanned the instructables site and found nothing. Of course, you will find nothing. The virus is not there. It is directed to client machines through a script that points elsewhere. Unless the virus scanner is savvy enough to parse all scripting languages and intepret the script's intentions, you will never find it looking with a virus scanner.  This sort of thing can and will bring this site to a total halt.  I recommend that "instructables" stop insisting that it is not their site.  It is clear that the lot of us from different locations and systems could not all have the same virus.  My windows system is clean. Currently running another indepth scan on it while I type this out on my impervious linux box.  We could irradicate this virus garbage altogether if we rid ourselves of windows OS and servers. Good luck folks! I hope you find this problem soon.

0
user
dresch

8 years ago

The Feds are trying to shut down the "scareware" SOBs also. If you have info you can provide, log onto: www.IC3.gov
I would really like to put these guys out of business and into jail if possible.

The problem is in  the scrolling advertising. I have had several different advertisers doing it.  It takes no response from user to initiate. I  would contact whoever is giving you the scrolling advertising and complain. I have already told a few people (older) to stop using the site as it panics them.

I and a friend both repeatably get FakeAlert-KW in IE on https://www.instructables.com/id/DIY-Soda-Water-%26-Home-Carbonation---Pays-For-Itsel/

It puts up a 'scan your computer now' dialog that won't accept 'no' for an answer.

Doesn't occur in firefox with noscript and adblock, of course.

I also tried to send this to your specified contact email (info at instructibles dot com) but got a 550 #5.1.0 Address rejected error.

From the recent "new instructables" email I tried to look at the "make a spare key from a soda bottle" instructable and got the "your PC is infected" pop-up.  I know the PC is clean.

I did that, in fact I clicked every single link in the newsletter, and got nothing at all except the promised pages.


Did you log-out first for max-ads?
(I got bored looking and not finding...)

L

Nope - I never thought of that...

I just entered the site, without incident.

I clicked on the first Instructable, the Telsa Christmas Tree to see what that was about and I received the same Anti-Virus install program which forced me to close the browser session.

I entered it again and there did not seem to be a problem. Not sure if this is a random thing or something that is based off of my URI?

According to AVG and Norton, this whole site is clean.

I just went to the ible in question.  Not my thing, but clean.


 PRO members don't get the rough 3rd party ads

I am pretty sure it is coming from the non-pro-member advertisements. because i OFTEN go to the ANSWERS section. It happens only when I FIRST turn on my computer... PLUS when i go to INSTRUCTABLES and PLUS when  I click on the first ANSWERS question.  Whatever popup ads are on instructables are the problem and it is the ad that comes up when you first click on an ANSWERS item. I completeley re-installed EVERYTHING on my computer and it still only does it on INSTRUCTABLES only. 

0
user
dresch

8 years ago

I have been getting the fake "spyware" cleaner  pop ups ONLY ON INSTRUCTABLES also.  This started mid -December, has been on nearly every weekly mailing. In fact, it just happend this morning with the email: 3D Scanning, Spare Key from a Soda Bottle, Swiffer Mod
The "Spare Key" instructable set the fake spyware screen right off. I love Instructables and really hate to see this infestation ruining the experience. I lost a hard drive a while back attempting to clean off one of these "spyware helpers" so I am particularly freaked by these &^%s.
Any thoughts on containing this would be greatly appreciated.

Hey, I got instantly redirected when I stumbled onto the popup facebook pic page. AVG free caught it, didn't note the virus name sorry, it was a trojan though, and hit the back button and all ok. I now get a javascript error on every page because access to a URL being called from the page is being blocked, presumably by AVG. The URL it's blocking is http://www.burstnet.com/cgi-bin/ads/ad15928a.cgi/v=2.3S/sz=728x90A/2203/RETURN-CODE/JS/

I hope this helps narrow which ad provider the dodgey ad is coming from.

Good luck, what a sucky problem!

just come to the site on my dad's PC and was redirected to a website that looks like a windows XP window. Screenshot attached.

instructables virus.jpg
0
user
gmxx

8 years ago

 The same thing that happened to qwertboy on the 30th happened today.

Mac OSX 10.5 with all updates, so im secure. This is a windows virus (it even goes on to emulate the windows UI)

-popup window to the virus site... (either scanlivesite.com or antivirusscavideo.com, dont remember which)

-continues to "scan" my hard drive (flash animation with the windows UI)
-several javascript popups to tell me the computer has a virus
-another javascript popup  when i try to close the window. (warns that i should download whatever thier crap is.)

-Force Quit (system override) 
-Restart Safari, all is good.


I noticed a few weeks ago, I went to visit KILLERK's profile, and was suddenly redirected to a blank site, and my antivirus popped up and said that my PC had a virus or something.  I got rid of it.  It hasn't happened again.