# Getting Hijacked when viewing the forum



## LoREvanescence

Is it just me, or are other peoples browsers getting hijacked while viewing these forums?

I am using safari on Mac OS X. I can know with 100% certainty there is now spyware installed installed and I have no plug ins / extensions installed. This issue is only happening on these forums and I have only seen in twice now all in the last month.


It happened this morning, I clicked the "Last Page" link to "The Official Mac Thread" and instead of being brought to the last page. I was brought to something like softwareupgrader.com and a popup alert that my software is out of date. 

On the page behind the alert is a windows 7 interface appearance that kind of mocks windows update and let lets me know my browser is out to day and to update to Internet Explorer 11. 

Any attempt to use the back button to get back to the TiVo forums results in a ton more of message box alerts are you sure you want to leave this page and my system has not been upgraded and my still be vulnerable. 


Anyone else have this happen?

Added note: It has happened to me multiple times now this morning since posting this in the things that annoy you thread.


----------



## waynomo

On Windows with Chrome. No problem. 

I'd reconsider your no spyware position.

ETA: Spyware might not be the correct term. Hijack might be better.


----------



## LoREvanescence

There are no extensions installed in any of my browsers, and I have Mac OS X currently set up to only allow software bought form the App Store to be able to run and install.

Pretty sure there is nothing on my end on the mac. I even have Avast Antivirus installed and there is spyware protection there.


----------



## Mike Lang

If it was on this end, this thread would already be several pages long...


----------



## jrtroo

I had this happen earlier this AM


----------



## LoREvanescence

yeah, it only happened to me about 3 times this morning within a 10 minute period and I haven't seen it since.

It happened to me a couple weeks ago here as well.


----------



## stevel

Maybe it came from a banner ad?


----------



## LoREvanescence

that was one thought that crossed my mind.

It seems like the most plausible explanation.


----------



## David Bott

Sometimes ads can and are an issue when one gets inserted that is, well, not nice. The ad networks usually detect and stop them before hand, but as you know, such people change they way they do things to again get the ad going. 

It could be that one got in and finely was caught by the ad network that had it and it was killed. I can only hope so as those are very hard to find as you need the banner data to track it down.


----------



## leeherman

LoREvanescence said:


> Is it just me, or are other peoples browsers getting hijacked while viewing these forums?
> 
> I am using safari on Mac OS X. I can know with 100% certainty there is now spyware installed installed and I have no plug ins / extensions installed. This issue is only happening on these forums and I have only seen in twice now all in the last month.
> 
> It happened this morning, I clicked the "Last Page" link to "The Official Mac Thread" and instead of being brought to the last page. I was brought to something like softwareupgrader.com and a popup alert that my software is out of date.
> 
> On the page behind the alert is a windows 7 interface appearance that kind of mocks windows update and let lets me know my browser is out to day and to update to Internet Explorer 11.
> 
> Any attempt to use the back button to get back to the TiVo forums results in a ton more of message box alerts are you sure you want to leave this page and my system has not been upgraded and my still be vulnerable.
> 
> Anyone else have this happen?
> 
> Added note: It has happened to me multiple times now this morning since posting this in the things that annoy you thread.


It happened to me too, yesterday, several times.

I closed my browser because I was concerned about attracting malware.

Additionally, at work I regularly get pop-ups from the browser indicating spyware behavior. Regretably, I haven't screen captured it but I will do so when it happens again and will post here.

Edited...the alert just occurred...see attached.

LH


----------



## David Bott

Thanks for the grab, but that did not really help to identify what called it.

However please note...MyWebSearch is usually not something put in by an ad...but is installed as part of something else (either known or unknown that it was installed as part of another install.) It runs only in the browser so it seems that a page is calling it when really it is not. You may want to look for it just in case.

See here... http://malwaretips.com/blogs/remove-mywebsearch/

(Note...I am saying the above as a precaution.)

I also have setup Sucuri to watch the site.

See report...You can check at any time by clicking the Sucuri logo at the bottom of any page.


----------



## LoREvanescence

That MyWebSearch is something different then what I was seeing.

Checking my history I see I was brought too: https://softwareupdaterlp.com

Going back to the page does not show me the IE 11 Update that it tries to get me to download.

Instead all I can see is



> Ad Server LP Cloud: US_WEST-09


Which confirms that it was most definitely from a ad. And the ad probably gives more information as to what to display after you are redirected.

Good to hear we have Sucuri installed now, hopefully it will catch this as it's been very spastic. It happened to me a couple weeks ago. Happened a few times then goes away for awhile.


----------



## David Bott

It's been installed a few weeks. I think you and the other member are separate issues. (Thats my guess at least.)

I am kind of surprised by this time this thread is not pages long if we had something going on.


----------



## leeherman

To clarify, what I experienced and attached as a screen capture is something I've seen periodically on my work PC.

I also experienced what LoRevanescence did with the software updater highjack, yesterday, for the first time, and several times yesterday on my Windows 8.1 PC. I closed the browser to avoid accidentally clicking something I might regret.

LH


----------



## keirgrey

stevel said:


> Maybe it came from a banner ad?


This is where they usually come from.


----------



## 59er

I'm having this issue again on mobile at least.


----------



## Mike Lang

For a specific ad?


----------



## 59er

I couldn't tell, because I literally wasn't able to stay on a page for more than 15 seconds at a time without the iTunes App Store launching.


----------



## David Bott

Mobile is a totally different area and beast. Would need to know where you were redirected as this is also a KNOWN issue, not just here but anywhere, that can happen with ads that get through screening. Apple is even aware of it but can not seem to stop it directly.


----------



## mlsnyc

Just happened to me right now on my iPhone. Was going to New Posts when I got thrown into the App Store. Went back to Safari and was able to copy the URL:



Code:


http://t.mobitrk.com/?a=t&aff_id=5093&tags=&o_id=1277&sub_param1=YTo4OntpOjE7czo0OiIyOTQ1IjtpOjI7czo0OiI2MDc3IjtpOjM7czo0OiIxMDE2IjtpOjQ7czoxMzoiX1pPTkVJRFRPS0VOXyI7aTo3O2k6MztpOjg7czo0OiJpb3M4IjtpOjk7aToxNzU1NTA1NzY3O2k6MTA7czoxMjoiVVNfTVhEQlNfQUxMIjt9&sub_%20param2=US_MXDBS_ALL

Edit: sorry it wasn't New Posts but one of the threads but can't remember which one.


----------



## David Bott

Thank you. I sent in a note to the same ad network that we had this show up from last time.


----------

