Did you not read the email or understand it? Your suggestion won't work!!! It's on ad add that was rotated in on many pages(URL's) via a hook. The issue is how to deal with it, this style could make the internat unusable as could appear on any page with an advert!! It takes over the page. The only way round I can think of at the moment is no advertising! Whilst this may make many people happy, it will leave a lot of people out of pocket. No reseting Firefox is not a fix either…You would need to rotate the add in again to be visible.
Hi Ken. The purpose of my question, of whether this same experienced disruption happens (or does not happen) on another installed browser, is to be able to answer your questions.
As a troubleshooting process of elimination, if the disruption is only specific to one browser, will be indicative that this specific to Firefox browser, as opposed to a more widespread system disruption.
Also, you incorrectly referenced that AVG Secure Browser is Bing based, wheres it is actually Chromium based.
Let me know if this disruption happens when using another browser. Thanks, Shawn
New attack today on ebay 2:30pm, slightly different, the scammers are learning! Same attack method thoough, viewing the ad is enough to take over the main window, but this time avg identifies the threat and blocks it but can't identify it. Page it takes you to is a little different :-
https://eu.retailwm.xyz/83715e515195ca54d1c64ddae4c2b22f/index.html?ip=217.32.34.209&siteid=YjY0NzMzMDg0MzE1MTc2MzcwNDIjMTU5MjY1OTgzOUA1NzE3QF84ZWY1OGZlYjM5MGIxZjBmMzFlNjlmMTNjNDMyMDczOA&trackid=2020062013304914479
Hi Shawn,
I didn't confirm-I failed miserably, but discovered different browsers use different advert lists 
AsI said on ebay migrated to a BT variant, with a different hostile hackers website eu.consumerconference.xyz, with both FakeComments and JS.Scam.J.Also eu.yakuzaretail.xyz eu.visitcomactivate.xyz
Guessing someone else has reported it?
Do you want me carry on with Fiddler,? Still not sorted
Hello Ken. Thanks for the update.
Specific to using two browsers, the purpose was to determine if this is an isolated browser disruption, or more wide-spread.
As you confirmed, the disruption is experienced on more than one browser. Thank you for that clarifying information.
Moving forward, it's not necessary to continue trying to replicate this disruption using two browsers. You are welcome to revert back to your browser of choice, and to try and record the session using a network analyzer (i.e. Fiddler).
When you have a recorded session of the experienced disruption, to write back, and we can proceed trying to diagnosing this experienced disruption.
I look forward to hearing from you. Regards, Shawn
Hi Ken. Thank you for writing back.
Can you confirm if this same disruption is happening in another browser (i.e. Chrome, Edge), different from the browser you are presently experiencing this disruption (Firefox)?
Thanks, Shawn
Shawn, I am not an idiot, nor is my browser compromised. How many times do I need to make that clear to you!!! Yet this seems impossible to get through to you. For one if it were attacked it would not be specific to EBay(all other windows open at the time remained clear as did two other ebat windows presumbly without the Ad rotating in., nor it would not wait ten days between attacks. Does nothing when not scrolling. The attacks match Ads rotating in and out, in that I initially thought I was seeing two threats as I could not backpage. The only add-on I have nabled is IDM anyway, plus been through two full scans by your AVG. Continued suggestion of this will lead me to believe you have no faith in your own product.
As a profession before the nhs crippled me in a routine op, I was a chartered electronic engineer designing microchips, everything for simple UART's, like 6402,16550's small processors 8051, through to graphics processors like Permedia series and multimedia chips the size of a modern microprocessor! Consequentially I can code and think rationally, so please treat me as such. For the final time my browser is NOT compromised.
Now I do know a little how Firefox works, identifying indivual windows is a task and a half, software uses heuristics to do so. As it happens I had three minimised watch list windows, all got hit at the same time, but a windows I've called "backup" and "coins" did not. Realistically no-one is going to write heuristic code to attack only windows marked "watch list".
Onto the question which once again you've avoided answering. Have you seen such an attack method before?. Engineers training has taught me to be one stage ahead of a problem, so that if a complete blocker is found, have an alternative so switch to, and certainly used to be able to have two or three of these for every stage of design and layout of microchips- yes one of the very few that could do both, which worked exceptionally well. As an engineer I have no idea how to avoid this type of attack, it hits you before you see it. So no clever "don't click on any dodgy windows or buttons" technique will work. If it get onto Ads on th like of Google, Bing etc and becomes more common it could stop the internet
Now if you wish to suggest I use use Edge instead of IE for some reason to determine whether Mozilla or Firefox has the weakness, and I would want to know why, that miht be helpful, rather than rubbish suggestions about my browser being compromised.
As to your earlier suggestion about your secure browser being Chrome based not Bing, care to explain why I got the Bing based logo in the top left corner - I never like or use Bing.
Please tell my you have at least been onto the two Ad providers that EBay use to try and get a copy of the hackers code, that would at least give you a clue as to where the weakness is. I've tried to avoid telling you how to do your job, each time you've been challenging my professional ability, but these browser claims are beyond a joke. Now are you going to answer the questions or not? I've never seen or heard of this attack style and hackers are smart, and as I said making progress.Maybe they will find another weakness that will avoid me needing to press a button to start a download and install!
Hi Shawn,
been unlucky twice to catch a varient- in that it's BT. ach time I've opened up IE the ad has rotated out- sort of knew that because I could backpage.once again its HTML.FakeComments.C, , but pointing to eu.consumerdprinters.xyz
Still not got fiddler working ith ebay yet
Not a popup-I have those blocked with Firefox, took over the whole window! Window attached
Hi Ken. I am still with you. I will get another set of eyeballs to look over your concern, and report back to you if there is any further development.
In the interim, as a process of elimination, let me know if you are able to replicate this disruption from another browser. I understand this is not an easy or desired task, using another browser, but will be most helpful.
And lastly, specific to AVG Secure Browser, the default search engine upon install is Google. It is possible upon installation that you imported settings from another browser, hence the Bing search.
Thank you for your continued patience and cooperation. Regards, Shawn
Hi Ken. Thanks for writing back.
First and foremost, I never implied you are not competent, and have only tried to help address your expressed concern.
Let me know what is determined, in trying to use another browser, if you are able to replicate the disruption. This way we can move forward in diagnosing the caused disruption.
And specific to your installed Avast Secure Browser, from within the browser settings, you may choose which search engine is used (i.e. Google, Bing, DuckDuckGo, etc.). I suspect your search engine is designated as Bing, hence the misconception. But I assure you, Avast Secure Browser is indeed Chromium based.
Good luck. All the Best, Shawn
Hi Ken. Thanks for writing back.
Specific to this latter thwarted attack, you referenced AVG notified you of a threat secured. Your AVG AntiVirus is working as intended. From within your AVG quarantine, you should be able to gather more detailed information, specific to the site that was blocked by AVG.
Also, I highly suggest not clicking or following links that you are nor familiar with or suspect to be malicious. If these malicious ads are appearing on known sites you are visiting (i.e. Ebay) to contact the site administrator.
Lastly, to ensure your computer is not compromised with unknown malware, I further suggest that you perform a thorough Boot-Scan, https://is.gd/IHROaD, which is an advanced scan function that scans for known types of malware and removes threats before the operating system and other services run.
Hi Ken,
We are sorry to hear this.
We will help you to resolve the issue.
Please share us the screenshot of the popup to investigate further.
You can post the screenshot here in your topic. Click on "Answer" & then click on the "Image" [mountain symbol] & follow the instructions.
Keep us posted.
Hello Ken. Thank you very much for taking the time to communicate, and for your patience. My name is Shawn, and I am writing to you on behalf of the AVG Senior Support team.
I took the liberty of checking the referenced domain, which is from a recently registered pack of more suspicious domains, of which several are already blocked by Google.
I suspect these domains are serving as scam ad campaign infrastructure, and given the nature of many paths with malicious redirect script stored in temp data, I suggest that you clean your browser(s).
For future reference, you are welcome and encouraged to report malware samples to our Threat Lab sample scanning portal: https://www.avg.com/en-ww/report-malicious-file
All the Best, Shawn
Just got hit by this on ebay, AVG is reporting it as eu.xweaponvisitor.xyz and infected with both JS.Scam-J[Phish] and HTML.FakeComments-C[Phish]
but it's nasty, just scrolling down a page it takes over the window and points tp a Vodafone rating window as a scam
https://eu.xweaponvisitor.xyz/e17cd1a846334bdc4c9bd61185aa3485/index.html?ip=217.32.34.209&siteid=YjY0MTQ4NjI3ODcxNjY1OTc3NTcyIzE1OTE1MjE2NjZANTY3M0BfYmZiYzI0ODI1M2VmMTU4MmRhMWFjMjg0NGJjNzdkNmQ&trackid=202006070921145003
Not stupid to click a button, but looks like a secure site with it's https .It's faster than my frantic backpage and took over my ebay watch windows which were minimised prusably when the ad rotated in. Closing the windows was the only alternative to waiting for the ad to rotate out when I could backpage. Made ebay unusable as appeared every few search pages
but it's nasty, just scrolling down a page it takes over the window and points tp a Vodafone rating window as a scam
https://eu.xweaponvisitor.xyz/e17cd1a846334bdc4c9bd61185aa3485/index.html?ip=217.32.34.209&siteid=YjY0MTQ4NjI3ODcxNjY1OTc3NTcyIzE1OTE1MjE2NjZANTY3M0BfYmZiYzI0ODI1M2VmMTU4MmRhMWFjMjg0NGJjNzdkNmQ&trackid=202006070921145003
Not stupid to click a button, but looks like a secure site with it's https .It's faster than my frantic backpage and took over my ebay watch windows which were minimised prusably when the ad rotated in. Closing the windows was the only alternative to waiting for the ad to rotate out when I could backpage. Made ebay unusable as appeared every few search pages
Hi Ken.
We regret the inconvenience caused.
It looks like this is a browser redirect caused by an adware application or a malicious browser extension installed on your PC.
Please check the list of installed programs and uninstall any unwanted applications. We did suggest you to reset the browser to remove if there is an unwanted or malicious browser extension.
Kindly try these, reboot your PC and let us know if the issue persists.
We regret the inconvenience caused.
It looks like this is a browser redirect caused by an adware application or a malicious browser extension installed on your PC.
Please check the list of installed programs and uninstall any unwanted applications. We did suggest you to reset the browser to remove if there is an unwanted or malicious browser extension.
Kindly try these, reboot your PC and let us know if the issue persists.
Nothinf has gone into quarantine, well not since March 2018! Just appears under notifications history, which for some reason I can't copy and paste. In the first attack avg successfully identifies the names of the phishing attack. In the second attack it couldn't, so the hackers have got better as I suspected they would. As it happens I did a fll scan the other day, being congratulated on it finding nothing. Funnily enough EBay tech team said contact you, but did provide the two advert providers they use as above(ie I did the heavy lifting for you. Their tech team is also sking for an event log which I can't find and don't think exists. Best I could do was notifications.
What I really cannot get over to you is how different the new nature of this attack is. So will try a different way- questions!
1) Have you ever seen an attack where simply scrolling down, viewing an Ad is enoughh to set the attack off, ie no click.
2) Have you seen an attack where it takes over the main window rathar than creating a new one?.
What I really cannot get over to you is how different the new nature of this attack is. So will try a different way- questions!
1) Have you ever seen an attack where simply scrolling down, viewing an Ad is enoughh to set the attack off, ie no click.
2) Have you seen an attack where it takes over the main window rathar than creating a new one?.
New attack today on ebay 2:30pm, slightly different, the scammers are learning! Same attack method thoough, viewing the ad is enough to take over the main window, but this time avg identifies the threat and blocks it but can't identify it. Page it takes you to is a little different :-
https://eu.retailwm.xyz/83715e515195ca54d1c64ddae4c2b22f/index.html?ip=217.32.34.209&siteid=YjY0NzMzMDg0MzE1MTc2MzcwNDIjMTU5MjY1OTgzOUA1NzE3QF84ZWY1OGZlYjM5MGIxZjBmMzFlNjlmMTNjNDMyMDczOA&trackid=2020062013304914479
What part of reading my reports do you not get? I give up, there is NOTHING malicious on my laptop!!! As I said disappeared when the add rotated out, not seen it since. Look I'mrobably as techy as you, can probably program in more scripts and languages than you- I used to design microprocessors, interface chips,graphics processors and multimedia chips. From the start your replies have been basically crap, treating me like an idiot! I've done the heavy lifting for you, finding out from EBay where their adverts come from. This is a new style of attack I've never seen before. Whether it requires a fix by microsoft(windows 10) or Mozilla(firefox) I know not, the writers have found a new weakness. If you can't deal with it, pass it upwards to someone who can. I'm guessing the writers are busy quietly using their phishing results from those without adequate virus protection before going back on the internet big time. You have the lead - use it before they crash the internet. That I''ve seen nothing else since the ad rotated out would indicate your last response was rubbish and you really should read all the reports before coiming out with c… I know how it attacked, what it did, what it was trying to do, but just not how to stop future attacks! That's your job. End of patience reached.
Comparing different browsers is going to be more difficult than anticipated. I had been aware that different windows of the same browser had the same ads since they got hit together, this is not true for different browsers. The BT fake ad appears flavour of the month. Powered my laptop up this morning and when I got to it, the fake ad had got to two of the ebay windows, so obviously not me clicking on a bad ad! Then later it hit another ebay window I could get to quickly with IE, so was thinking only Firefox, until I realised that IE and Firefox had different ads. Yes I pulled up another Firefox window to make sure again it was the same ad as first Firefox window. Current plan is to leave both windows up(IE and Firefox) and hope the Ad rotates into them. If the IE one is hit obviously affects both browsers. If it isn't hit and the Firefox one is a few times it either means a different ad list or not affected!