Go Back   nV News Forums > Website Related > Feedback Forum

Newegg Daily Deals

Reply
 
Thread Tools
Old 12-16-05, 09:58 PM   #49
Elvin Presler
Registered User
 
Elvin Presler's Avatar
 
Join Date: Aug 2004
Location: USA
Posts: 633
Default Re: More on the hijacking popups here

OK, now you guys are just repeating stuff I already answered or commented on.

I said about 3 times I clear my cache and it stops. I even ID'ed the bad java script files in the cache first (iframe2.js). My IE was set clear cache every time it's closed and save pages 0 days as well.

I did the totally offline install bit with firewall about 6 times. About 3 times my first url visited immediately after plugging the cable back in was nvnews and I got the popups...other time nothing, til a day or 2 later.

I said I am using Firefox now + several blocking methods. I block Java script completely. No popups anymore.

I'm not here to complain about popups anymore, just answering questions people asked. I know how they start. Intellitxt, or pricegrabber (or one of the banners they fetch) is loading some bad java scripts. I can't tell you exactly which or how because I don't know much about java.
Elvin Presler is offline   Reply With Quote
Old 12-16-05, 10:08 PM   #50
Clay
Registered User
 
Clay's Avatar
 
Join Date: Oct 2002
Posts: 4,993
Default Re: More on the hijacking popups here

Java and Javascript are not the same thing. It may sound like nitpicking but you're either talking about compiled code (Java, in the form of Java applets, etc) or you're talking about interpreted/scripted code (Javascript). If nvnews.net is the cause/source of this problem as you seem to be claiming...then why isn't nvnews.net causing it for everyone?
Clay is offline   Reply With Quote
Old 12-16-05, 10:15 PM   #51
Elvin Presler
Registered User
 
Elvin Presler's Avatar
 
Join Date: Aug 2004
Location: USA
Posts: 633
Default Re: More on the hijacking popups here

I don't know which java I'm talking about. iframe2.js (java script?) was in my temporary internet folder and had a boatload of references to zedo.com (where some of the popups came from). When I come to this site, my NoScript Firefox Extension begins blocking and "informing" me of all these domains trying to run...java? java scripts? If I don't let them, I get no popups. nvnews java begets pricegrabber java. If I block nvnews, pricegrabber doesn't even show up. Who knows what pricegrabber will beget, or the intellitxt one.

I put 2 and 2 together and figure those java things are the source. I could be wrong, and I sure don't know exactly how it works, but I'm pretty sure that's where they come from. I offered my entire cache and cookies copied during and "episode" for examination a while back and to MikeC in a PM, no one responded.

More on the *.js files, from memory now, so not real acurate. I saw suspicious parts something like "position or size=absolute" and "directx9 opacity=100%". Full screen, invisible Flash link (the hijacking)? Stuff like that. Most of it was mumbo jumbo to me though so I couln't pin it down.
Elvin Presler is offline   Reply With Quote
Old 12-16-05, 10:21 PM   #52
Clay
Registered User
 
Clay's Avatar
 
Join Date: Oct 2002
Posts: 4,993
Default Re: More on the hijacking popups here

yes, files ending with .js are Javascript files.

I'm looking through our files on the server now for any signs of or references to the zedo.com domain.
Clay is offline   Reply With Quote
Old 12-16-05, 10:30 PM   #53
Elvin Presler
Registered User
 
Elvin Presler's Avatar
 
Join Date: Aug 2004
Location: USA
Posts: 633
Default Re: More on the hijacking popups here

I only got those once the popups started and they were in iframe2.js. I lost my copies of them now or I'd offer to upload them to you. Should I start using IE again and wait for the popups, then copy all that for you? May take a few days.
Elvin Presler is offline   Reply With Quote
Old 12-16-05, 10:35 PM   #54
Clay
Registered User
 
Clay's Avatar
 
Join Date: Oct 2002
Posts: 4,993
Default Re: More on the hijacking popups here

Quote:
Originally Posted by Elvin Presler
I only got those once the popups started and they were in iframe2.js. I lost my copies of them now or I'd offer to upload them to you. Should I start using IE again and wait for the popups, then copy all that for you? May take a few days.
We have no file named iframe2.js on the nV News server, nor do we have any mention of zedo.com in any of our Javascript libraries or html files.

I wouldn't suggest that you reinfect yourself just yet but I would suggest that you contact pricegrabber about your issue/concerns. You can do so here:

http://www.pricegrabber.com/info_popupfree.php

Please keep us posted on what you find out.
Clay is offline   Reply With Quote
Old 12-16-05, 10:38 PM   #55
Elvin Presler
Registered User
 
Elvin Presler's Avatar
 
Join Date: Aug 2004
Location: USA
Posts: 633
Default Re: More on the hijacking popups here

Oh I didn't think the iframe/zedo stuff came from here at all...I figure a random bad banner from pricegrabber or intellitxt or something loads it. It seems like java begets more java begets more java etc. from all different domains. Who knows which one is doing it.

I don't get "infected" anyway....I just get popups until I nuke my temp internet cache. It's not a big deal, just an annoyance, which is why I gave up and started using Firefox again. It's not something that goes on forever or anything like adware....just a java script (I assume) that behaves like adware until nuked.

PS: Thanks for taking the time to check it out though.
Elvin Presler is offline   Reply With Quote
Old 12-16-05, 10:50 PM   #56
AthlonXP1800
Registered User
 
AthlonXP1800's Avatar
 
Join Date: Jan 2003
Location: United Kingdom
Posts: 4,352
Default Re: More on the hijacking popups here

Quote:
Originally Posted by Elvin Presler
I know how they start. Intellitxt, or pricegrabber (or one of the banners they fetch) is loading some bad java scripts. I can't tell you exactly which or how because I don't know much about java.
Java Control Panel have debugging tracing and logging features, I think it worth a try enable both and it could reveal the source of the problem.
__________________
Intel Core i7 3770K, Corsair H80 liquid cooler with Noctua S12-1200 fan, ASUS P8Z77V with UEFI 2104, 16GB Samsung Green 30nm DDR3-RAM, Pioneer BDR-S09XLT 16x Blu-ray writer, Corsair AX850 PSU, Western Digital 2TB SATA3 hard drive, CanonScan LiDE 210 scanner, Microsoft Internet Keyboard, Microsoft Touch Explorer mouse, 32inch Sharp LC32LE600 LED TV, EVGA Geforce GTX 670 SC 4GB with Geforce 370.50 driver, 50Mb broadband Virgin Media VMDG480 Super Hub, Aspire Xplorer Midi Tower, Windows 8.1 Pro 64bit.
AthlonXP1800 is offline   Reply With Quote

Old 12-16-05, 11:21 PM   #57
AthlonXP1800
Registered User
 
AthlonXP1800's Avatar
 
Join Date: Jan 2003
Location: United Kingdom
Posts: 4,352
Default Re: More on the hijacking popups here

Oh... that very interesting, I just checked my Norton Internet Security 2006 Log Viewer, here are all activities in NvNews were logged.

Here some entries:

Quote:
Private Data:
Date Time: 17/12/2005 04:50:32
User:
Action: Blocked
Type: Referer
URL: http://itxt2.us.intellitxt.com/al.as...c8d36b8bdb4e71
Data: http://www.nvnews.net/vbulletin/show...d=1#post772428

Private Data:
Date Time: 17/12/2005 04:50:30
User:
Action: Blocked
Type: Referer
URL: http://itxt2.us.intellitxt.com/v3/sp...&nbc=0&adi=0&a
Data: http://www.nvnews.net/vbulletin/show...d=1#post772428

Private Data:
Date Time: 17/12/2005 04:50:28
User:
Action: Blocked
Type: Referer
URL: http://ah.pricegrabber.com/export_fe...65x25&iframe=1
Data: http://www.nvnews.net/vbulletin/show...d=1#post772428

Private Data:
Date Time: 17/12/2005 04:50:28
User:
Action: Blocked
Type: Referer
URL: http://ah.pricegrabber.com/export_fe...65x25&iframe=1
Data: http://www.nvnews.net/vbulletin/show...d=1#post772428
The log are too long to post so I attached a text file.
Attached Files
File Type: txt NIS2006Privacy.txt (21.8 KB, 151 views)
__________________
Intel Core i7 3770K, Corsair H80 liquid cooler with Noctua S12-1200 fan, ASUS P8Z77V with UEFI 2104, 16GB Samsung Green 30nm DDR3-RAM, Pioneer BDR-S09XLT 16x Blu-ray writer, Corsair AX850 PSU, Western Digital 2TB SATA3 hard drive, CanonScan LiDE 210 scanner, Microsoft Internet Keyboard, Microsoft Touch Explorer mouse, 32inch Sharp LC32LE600 LED TV, EVGA Geforce GTX 670 SC 4GB with Geforce 370.50 driver, 50Mb broadband Virgin Media VMDG480 Super Hub, Aspire Xplorer Midi Tower, Windows 8.1 Pro 64bit.
AthlonXP1800 is offline   Reply With Quote
Old 12-17-05, 08:29 AM   #58
retsam
Registered User
 
Join Date: Jul 2002
Posts: 2,602
Default Re: More on the hijacking popups here

i looked at your log and there really isnt much out of the ordinary. i have used many versions of IE and firefox on this site and have come up with zero popups. i think elvin has deeper problems that none here are going to be able to fix.
retsam is offline   Reply With Quote
Old 12-17-05, 10:15 AM   #59
Sazar
Sayonara !!!
 
Sazar's Avatar
 
Join Date: Jan 2003
Location: Austin, Texas
Posts: 9,297
Default Re: More on the hijacking popups here

Quote:
Originally Posted by retsam
i looked at your log and there really isnt much out of the ordinary. i have used many versions of IE and firefox on this site and have come up with zero popups. i think elvin has deeper problems that none here are going to be able to fix.
He's not the only one

I am reformatting my system over the weekend but I have been relatively pop-up free from this site for a while
Sazar is offline   Reply With Quote
Old 12-17-05, 12:45 PM   #60
Son Goku
Registered User
 
Son Goku's Avatar
 
Join Date: Feb 2003
Location: 439 East District, Mount Paozu
Posts: 1,714
Default Re: More on the hijacking popups here

Well see how a reformat goes; but for anyone who continues to see them, try this if any of you don't want to switch from IE

http://www.proxomitron.info/files/index.html

It's been out of development since June 1993, so some of the newer stuff it won't be further developed to detect anymore. The main thing it wasn't blocking for me (and reason I went searching elsewhere) was flash ads. Popups of different varieties it was still getting...
Son Goku is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 08:12 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.