Jump to content

Avira Antivir warns about visiting Lovers Lab as Malware Site


Winston

Recommended Posts

Posted

Google's Safe Browsing diagnostic is still giving it a clean bill of health.

http://www.google.com/safebrowsing/diagnostic?site=loverslab.com

 

Safe Browsing

Diagnostic page for loverslab.com

 

What is the current listing status for loverslab.com?

 

This site is not currently listed as suspicious.

 

What happened when Google visited this site?

 

Of the 88 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-07-01, and suspicious content was never found on this site within the past 90 days.

 

This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS21844 (THEPLANET).

 

Has this site acted as an intermediary resulting in further distribution of malware?

 

Over the past 90 days, loverslab.com did not appear to function as an intermediary for the infection of any sites.

 

Has this site hosted malware?

 

No, this site has not hosted malicious software over the past 90 days.

 

The problem still seems to be most likely a trojan via one of the advertisers.

http://www.loverslab.com/showthread.php?tid=8215&page=4

Posted

Google's Safe Browsing diagnostic is still giving it a clean bill of health.

http://www.google.com/safebrowsing/diagnostic?site=loverslab.com

 

Safe Browsing

Diagnostic page for loverslab.com

 

What is the current listing status for loverslab.com?

 

This site is not currently listed as suspicious.

 

What happened when Google visited this site?

 

Of the 88 pages we tested on the site over the past 90 days' date=' 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-07-01, and suspicious content was never found on this site within the past 90 days.

 

This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS21844 (THEPLANET).

 

Has this site acted as an intermediary resulting in further distribution of malware?

 

Over the past 90 days, loverslab.com did not appear to function as an intermediary for the infection of any sites.

 

Has this site hosted malware?

 

No, this site has not hosted malicious software over the past 90 days.[/quote']

 

The problem still seems to be most likely a trojan via one of the advertisers.

http://www.loverslab.com/showthread.php?tid=8215&page=4

 

Well what do you expect they are linked to porn sites for god's sake. When it comes to computers you always get this result if you click on an advertiser located within a adult forum.

 

If you stupid enough to click on them then it serves you right for getting one.

 

As for LL itself there is no virus coming out of it.

Posted

Well what do you expect they are linked to porn sites for god's sake. When it comes to computers you always get this result if you click on an advertiser located within a adult forum.

 

If you stupid enough to click on them then it serves you right for getting one.

 

As for LL itself there is no virus coming out of it.

From the other thread I linked to' date=' it's a trojan that redirect users with vulnerable computers automatically to another site [b']without the user clicking on anything[/b]. In that thread, we have a screenshot of someone using XP with Avast and the trojan was blocked and named. The OP in that thread was the first to block and name the trojan then stopped visiting LL. Now, we have Avira warning about this site.

But what can Ashal do? He needs the ads for income to run the site. And, really, it's the responsibility of the one running the ad service to monitor their ad providers. I just hope we're not losing too many members because of it.

Posted

After i got the message i installed Sandboxie because i did not want to give up this site.

 

Thanx for the hint with Ad Blocker. I now installed that too and it works very goos.

 

Only problem i see is how can Lovers Lab get ayway from these blacklists now?

Posted

Use ad-block plus or NoScript maybe?

 

Ad-block plus stops the ads from appearing and NoScript stops hidden Javascript code from running in your browser. People have most likely got a virus from another site without knowing left it on their computer and when it tries to access a page here it complains saying it's a virus.

 

For your information I have known Avast to go nuts and start blocking every website on the internet you try an access after detecting a virus either in a file or embedded on a webpage which the user visited.

 

There is no virus in this site if there was everyone would be getting virus warnings and not 3-5 people.

Posted

After i got the message i installed Sandboxie because i did not want to give up this site.

 

Thanx for the hint with Ad Blocker. I now installed that too and it works very goos.

 

Only problem i see is how can Lovers Lab get ayway from these blacklists now?

 

Maybe because it's not infected? If LL was infected then the server it is located on would be screaming in pain and would be taken offline by the host and Ashal would be informed about it. No such thing as happened yet.

 

Beside I have scanned this site with every trusted website scanner and it keeps coming up clean, hell I even did it with a hack scanner too.

Posted

Ad-block plus stops the ads from appearing and NoScript stops hidden Javascript code from running in your browser. People have most likely got a virus from another site without knowing left it on their computer and when it tries to access a page here it complains saying it's a virus.

 

There is no virus in this site if there was everyone would be getting virus warnings and not 3-5 people.

 

That is incorrect because this particular warning is of a trojan that runs on the server end. It's not a virus that installs on the user's computer. Thus, it's either on LL's server or in an iframe like an ad. Ashal has already scanned his server so that's probably not it. Being an ad would also explain why not everyone gets the warning. Also, if people are using adblock and noscript, then of course, duh, they wouldn't get a warning.

Posted

Well I still think it's because people are going on to porn sites and getting infected that way other we would all be getting them. Plus if people do not take the advice of installing adblock and NoScript then there is nothing more that can be done. Also users using IE will get them because IE is well let's face it, it's shit.

Posted

Well I still think it's because people are going on to porn sites and getting infected that way other we would all be getting them. Plus if people do not take the advice of installing adblock and NoScript then there is nothing more that can be done. Also users using IE will get them because IE is well let's face it' date=' it's shit.

[/quote']

 

Well, you're still not making sense. It's an iframe trojan, not an infection. In order for a user to be harmed by it, they must be redirected by the trojan to another site that then tries to install malicious software. And the only people who have reported on it were those who had security software that stopped it from redirecting.

 

If you are using AdBlocker, then the trojan would be completely blocked so your security software would have no way of detecting it because your browser would never see the script. If you're using NoScript, you might still get a popup message depending on your settings.

 

Also, at least one user who blocked it was actually using XP and IE with free security software, so no reason for them to switch just based on that alone. Expecting the world to all upgrade their OS and/or switch browsers isn't a realistic way to help LL retain members or gain new ones.

 

It would probably be bad PR to actually have a front page warning and ask users to use things like AdBlock on a website that relies on ads.

 

Getting off topic, I don't think the recent version of IE is shit at all. If you compare Firefox without 3rd party plugins to IE, then I prefer IE. With plugins, I prefer Firefox. But apps like AdBlocker, NoScript, and Ghostery aren't Firefox; they are plugins. Otherwise, the new IE is slicker with a better interface and smoother graphics and scrolling.

Posted

Well at the end of the day nothing can be done about it, LL needs the ads to stay up and running and it only seems to be happening to certain people, even people without adblock and NoScript don't get it as well so I don't know what people expect Ashal to do about it. He's already proven the site is clear. At the moment it only seems to be happening to 4 people.

Posted

Yeah, it's a sucky situation. And the few people who have posted about it are likely way outnumbered by those who didn't. Hopefully, whoever runs the ad service knows it's in their best interest to weed out a problem ad and will take care of it.

Posted

It would be helpful if people posted links to what pages they're getting the warning on, and let me know what ads are visible at the time of the warning so I can look into those as well.

Posted

Yeah' date=' it's a sucky situation. And the few people who have posted about it are likely way outnumbered by those who didn't. Hopefully, whoever runs the ad service knows it's in their best interest to weed out a problem ad and will take care of it.

[/quote']

 

True, unless they are doing it on purpose.

Posted

Some javascript code was added to one of the main theme files, looks like all it did was inject an advertisement from somebodies server onto the website, likely an advertisment that once clicked installed some adware/spyware.

 

It's been cleared out of all files and I'm looking into how the code was added now to prevent it from happening again.

Posted

But isn't Cloudfire ment to stop that from happening?

 

Cloudflare has nothing to do with this sort of thing. Cloudflare is more about saving bandwidth and preventing some spam bots.

Guest Lady Luck
Posted

thats wierd my anti avir doesnt pick up this site as a virus are , i think your pc is high on skooma or something this site is clean lol

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...