I just had this come up with Chrome, is it kosher, is there a problem? I used IE to get in again.

http://i43.photobucket.com/albums/e359/cmeakins/Capture-1_zpsc36b6450.jpg

Me too. I just clicked "continue at own risk" . . :rolleyes:

Same with Firefox

Clive,

Just tested access via Chrome, and it is working fine for me (version 24.0.1312.52.m).

Regards,
Alex

When other sites (eg DIY Audio) had something similar it was usually a rogue advert.

Clive,

Just tested access via Chrome, and it is working fine for me (version 24.0.1312.52.m).

Regards,
Alex
I have the same version.

I am getting this message too on Chrome, no problem with Microsoft internet explorer though

Yeah just got the same message on Firefox.

I believe google classify sites and adverts for malware. Something, maybe a link, has caused a problem.

Same problem - just PM'd Marco before thread started - I am using Chrome. Obviously the site is now marked on Google's servers so situation needs to be rectified ASAP.

Thanks, guys. We're onto it! Incidentally, I'm having no problems with Aol, Firefox or IE.

Hang with it and we'll sort it :)

Marco.

Update... I've just tried using Chrome and got through straight away, so dunno what's going on. Maybe it's an ISP thing? :scratch:

Marco.

Must have missed this thread after reporting it the high command :)

It's still there just a few mins ago btw..

Update... I've just tried using Chrome and got through straight away, so dunno what's going on. Maybe it's an ISP thing? :scratch:

Marco.

It could be that your Chrome has connected to a different google server which hasn't yet replicated the threat list.

I'm on it. Though unable to do very much until I'm back home at night.

Google serve all advertising on the site so I doubt one of their ads is triggering this.

Updates as and when, but please bear with us.

Working fine on Chrome for me...:)

http://www.infosecurity-magazine.com/view/30320/false-google-chrome-malware-warning-blocks-tech-sites/

Came up this morning and yesterday

The same on Firefox although the data firefox is using is from google.


http://i759.photobucket.com/albums/xx234/server9/forum-pictures/aos-Capture-1.png

google webmaster tools should show the infected url.

https://www.google.com/webmasters/tools/

http://i759.photobucket.com/albums/xx234/server9/forum-pictures/aos-2-Capture.png

Only Chrome blocking site. Firefox and IE are OK.

Paul.

I'm using chrome and it's fine. Malware is apps for chrome and checks sites. Sometimes, when as forum is being checked by chrome, Firefox etc this can create problems getting back onto the forum. Just give it a little time and it should correct itself, it just the servers doing there specs. Generally on an annual basis. I might be wrong, but I believe this is what's going on.


Cheers Natalie

Firefox also, check the big red banner across the top of any page.
If you not seeing that then maybe your security settings are low?

http://i759.photobucket.com/albums/xx234/server9/forum-pictures/aos-3-Capture.png

Only very minor so I am sure it will be fixed today.

I use open DNS http://www.opendns.com/home-solutions Premium name servers ( completely free) in my router and everything OK with Open DNS , if there was anything really dodgy open DNS would have blocked it completely by now as all my traffic goes through Open DNS and they are keen.

So nothing to worry about as it will be found and fixed soon.

Just give it a little time and it should correct itself, it just the servers doing there specs.

Cheers Natalie

It wont correct itself as once its reported it needs clearing.

The webmaster ( Nick I think) will have to jump through hoops with google, it will look like it fixes itself but behind the scenes some work has to be done to remove what ever triggered the alert and then to get google to rescan the site.

Now seeing this via Chrome, Firefox and IE. I guess it takes some time for Google servers to replicate the blacklist consistently.

I have access to a Webmaster tool which will allow me to recan the site, I'll get this sorted tonight. It's looking like a link within one of the posts on here is going to a dodgy place, so I'll need to track that down and delete it to clear the issue.

Firefox now blocking with "Reported Attack Page" screen.

Paul.

I have access to a Webmaster tool which will allow me to recan the site, I'll get this sorted tonight. It's looking like a link within one of the posts on here is going to a dodgy place, so I'll need to track that down and delete it to clear the issue.

Yup, we'll have to guard against this in future.

Marco.

I think Aos webpage tried to download a file to my pc just now. Thankfully the browser stopped it.
It automatically opened acrobat on my pc but didnt open the file.

Call me at the shop if you want me to explain what happened. Website link below has my phone no.

Just seen the Chrome block for the first time too - it was fine last night. I suspect it will be a dodgy link somewhere, but Nick will no doubt sort it out this evening - just be careful and avoid any links you're not sure about.

According to the Google Webmaster tools the Tapatalk plugin is being classed as malware as well. I've raised this on the Tapatalk forum owners forum and they're looking into it.

According to the Google Webmaster tools the Tapatalk plugin is being classed as malware as well. I've raised this on the Tapatalk forum owners forum and they're looking into it.

I could have been this.

When opening AoS with MS Internet explorer 8, it blocked a pop-up and at the same time launched Acrobat. MSE came up with a warning message.

Strange, because the Tapatalk pop up usually only comes up when I'm using a tablet, not my PC.

Seems to be sorted now.

I have had the same issues, I went through Facebook and used the Facebook link, now it is fine.

Natalie;)

Hi all.

Is anyone getting a Malware alert when logging on to AOS?

Been getting this today and can't get in to AOS using Chrome.

Cheers

Whole thread here.

http://theartofsound.net/forum/showthread.php?t=23399

Yes. Me too.

- Richard

yes! I have just got it using google....."this site may harm your computer"

heres the result:http://www.google.co.uk/interstitial?url=http://theartofsound.net/forum/

I'm still getting it with Firefox v 18.0.1, but its easily ignored :)

yes! I have just got it using google....."this site may harm your computer"

heres the result:http://www.google.co.uk/interstitial?url=http://theartofsound.net/forum/

Im using internet explorer

I get

" Reported Attack Site " Warning using Firefox

I get

" Reported Attack Site " Warning using Firefox

Same for me as well...:(

DIYaudio.com had it a couple of weeks back took a week to get cleared.

Same as well in Safari, Google says at risk and names a data base, from where makware was placed on two seperate places, and requires site owner to check with the google tools??. I would post it, but the system will not let me post or respond to a thread.

I have had to come home as I have some messages to leave, and annoyingly, a seperate issue as this is a 'Doze machine the wireless keyboard refused to respond until re booted twice :steam:

Not sure which item contains the trojan, but something somewhere may have?

Safe Browsing
Diagnostic page for theartofsound.net/forum

What is the current listing status for theartofsound.net/forum?
Site is listed as suspicious - visiting this website may harm your computer.

What happened when Google visited this site?
Of the 23 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-24, and the last time suspicious content was found on this site was on 2013-01-24.
Malicious software includes 1 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including 129.121.116.0/.

This site was hosted on 2 network(s) including AS20860 (IOMART), AS15169 (Google Internet Backbone).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, theartofsound.net/forum did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.

For peace of mind I would advise running any security software you have installed on your PC ;)

It would appear that the piece of malware is called PriceGong and it is proving to be a tad stubborn to remove :rolleyes:

For peace of mind I would advise running any security software you have installed on your PC ;)

I have seen that Safe Browsing page, and Google have sent us a more thorough email giving a link to a thread started in 2009 which I have cleared of links, a number of which were broken and could have been problematic.

Google have also pointed to the Tapatalk plugin which I am taking up with Tapatalk directly.

Thanks for your help guys but this is under control.

It would appear that the piece of malware is called PriceGong and it is proving to be a tad stubborn to remove :rolleyes:

I doubt for 1 second you got that here Dave! :scratch:

Its already been stated that its due to a couple of bad link in posts going back to 2009.

Just in case there is mad panic.........

You dont need to do anything unless you happened to browse to the effected threads from 2009 then clicked on the links which had their destinations substituted for malware. AoS is not infected at all, the bot that google (or sophos or whoever anti-virus/malware) ran found a link here to another website that contains the malware.

This can happen becuase people post links in threads and then loose control over the destination domain. As an example, if I post a link to my website which has a picture, all the while I maintain that site its going to stay as a picture or at worse case and bad/dead link (i.e. the picture gets removed) If after several years, I let the website go and dont renew the domain ownership, there is nothing stopping a new owner replacing my picture file with a virus or malware with the same name hosted as the same URL.
Voila, you now have a link to a malware executable...... Google scans and checks the links and then lists the source domain as problem (in this case "theartofsound.net").

The answer is to identify the offending links and remove them (as Nick has done here). Its a shame, but its a fact of internet life. Imagine the damage you could do if you could take over the DNS for photobucket and replace all the images with malware!!!!:doh::stalks:

Now the offending links have been removed, AoS domain will be delisted once the remedial action is varified. Then its BAU

http://theartofsound.net/forum/showthread.php?p=405259#post405259

PriceGong was not on my PC this morning (I've been playing music on it all day). MSE only began flagging it up after I logged on to AoS at about six this evening when I discovered the warning page. Anyhoo, if anyone else finds they have PriceGong on their PC this is how I got rid of it:

On a Windows machine you will find it residing within the Program Files (x86) folder (you will not find PriceGong in the Installed Programs list in Control panel). Deleting the folder doesn't work as it will just reappear the next time you boot your machine. I used a file shredder that comes with a sweet utility called Advanced System Care (http://www.iobit.com/advancedsystemcareper.php). Right click the file and choose File Shredder from the context menu then select the default option and 'poof', it is gone. To make absolutely sure there is nothing hiding in the registry run ASC's registry cleaner and it will remove the relevant registry entries. Reboot the machine and all should be well :cool:

I am also blocked by chrome too. Tried IE and it took me to a teen porn site that I could not get away from at all so the last resort was a CTRL-ALT-DEL and kill it that way. Sent this post with tapatalk

It started last night while I was posting in diy forum.
It wouldn't let me post then doubbled the post.
Then I couldnt get back in o. Thr computer or cell.
The block happened at 1:00am California time.

Dave, I seriously doubt you got the malware here based on the information known about the problem. With respect to the "clean up" software, you should never download anything that claims to clean anything unless you are 100% of it. I'm not saying the link you provided is bad (I have no knowledge of iobit) but what I'm saying is that most software that claims to clean up, actually installs more malware!

With respect to the current issue, its probably best to just wait for a few days while things get back to normal and try not to have members worry that something bad has happened when in really hasnt! :)

My avast AV detected a virus while logging on.

Yes, an exploit or 'code injection' that tries to hijack your session and send you to some other site. It seems that this is real issue that needs to be fixed at the moment. I am trying to get things sorted in conjunction with our web host at the moment.

Last night I did a scan and Kaspersky found nothing but malware bites found 3 so if you have any doubts get the free down load and do a scan.

Dave, I seriously doubt you got the malware here based on the information known about the problem. With respect to the "clean up" software, you should never download anything that claims to clean anything unless you are 100% of it. I'm not saying the link you provided is bad (I have no knowledge of iobit) but what I'm saying is that most software that claims to clean up, actually installs more malware!

With respect to the current issue, its probably best to just wait for a few days while things get back to normal and try not to have members worry that something bad has happened when in really hasnt! :)

I am an experienced Windows user Ian and I built the PC myself. I've been using IObit software for donkeys years and it does exactly what it says on the tin. This is the only malware that has managed to successfully penetrate the system since I built it 3 years ago ;)

Well I don't have PriceGong on my machine and I have just run a scan with MSE with a clean bill of health and I have not been directed anywhere else, but I don't use IE or Chrome. I am using Windows 7 x64 with Firefox 18 as the browser, A/V is Microsoft Security Essentials.

So from my perspective my machine is not encountering the issues others are reporting, other than the browser reporting AoS as a suspicious site?

Just tried to log in with chrome and was blocked by the malware threat, my AVG has just detected a threat and binned that as well,


I can get on with IE ok but my laptop is running a bit slow now :rolleyes:

i think i got this pricegong thing as well

Well I don't have PriceGong on my machine and I have just run a scan with MSE with a clean bill of health and I have not been directed anywhere else, but I don't use IE or Chrome. I am using Windows 7 x64 with Firefox 18 as the browser, A/V is Microsoft Security Essentials.

So from my perspective my machine is not encountering the issues others are reporting, other than the browser reporting AoS as a suspicious site?

I can't say for certain whether my problems stem from AoS or not Tim but it is a bit of a coincidence that the only security threat the music PC has encountered in three years happened to coincide with my attempt to login to AoS and the subsequent appearance of the warning page. Curiously my lappy, which is the machine I use for browsing 99% of the time, remains unaffected :scratch:

Both machines are running Win7 64bit and installed AV software is MSE. IOBit's Advanced SystemcarePRO and Spybot S&D take care of anti-malware duties. I use the Chrome browser on both machines (using it now) ;)

It is odd that different users are experiencing different problems :scratch:

I can if needs be just lay an image on my machine from last week, one of the benefits of doing regular full disk images is total piece of mind. I'm actually using Firefox in a Linux distro at the moment which is running entirely from RAM and don't have any drives mounted, so I'm 100% safe if anything nasty is going on. :D

I hope you guys beavering away in the engine room at the moment don't have too many problems and your efforts are appreciated.

I hope you guys beavering away in the engine room at the moment don't have too many problems and your efforts are appreciated.

+1 :)

One of the Hamsters must be sick, Marco has probably taken it to the vets... :D

I am an experienced Windows user Ian and I built the PC myself. I've been using IObit software for donkeys years and it does exactly what it says on the tin. This is the only malware that has managed to successfully penetrate the system since I built it 3 years ago ;)

Sorry if I sounded abrupt Dave.....wasn't supposed to be :)

Wasn't disrespecting the software but merely pointing out that software claiming to remove malware is actually often malware itself and that only known trusted software should be used to attempt repair.
Clearly there are issues here which are being worked on but I will say neither my home or work laptops appear to have any malware issues and I've been using IE this evening.

3x price gong last night.
Use malware bites to remove it.
It's free and works for getting rid of pricegong.

I don't know that the Price Gong thing is at all related to what I'm dealing with, but here are details on removing it:

http://www.pricegong.com/FAQs.aspx

There are some unpleasant comments about this issue on Wigwam along the lines of 'all the more reason not to go there'. I was going to respond but decided that rising to the bait would not be of any benefit.

Hi Jerry,

Could you provide a link to said discussion, and I'll complain to James. We don't allow people to slag off Wigwam here, so I expect the same courtesy to be extended to us on Wigwam.

The funny thing is, the people guilty of this wouldn't say boo to you, face to face at Scalford! ;)

Marco.

There are two threads Marco but this is the most offensive:
http://www.hifiwigwam.com/showthread.php?81678-What-happened-to-the-AOS-website
Tel seems the most unpleasant.

Update here: http://theartofsound.net/forum/showthread.php?p=405506#post405506

As for the above, Jerry, there but for the grace of God goes any website.

Yep, that's the post I've complained about, Jerry, as the rest is just the usual waffle. That one, however, is particularly nasty. I've no idea what's up with the bloke, but I bet you if I bump into him at Scalford, he'll be as nice as pie! :eyebrows:

I'll certainly be keeping an eye out for a name badge with 'Tel' written on it, and if the opportunity arises, finding out politely what his problem is.

In any case, the matter has now been reported to James. Hopefully, the comments will be removed, as requested.

Marco.

Yep, that's the post I've complained about, Jerry, as the rest is just the usual waffle. That one is particularly nasty. I've no idea what's up with the bloke, but I bet you if I bump into him at Scalford, he'll be as nice as pie! :eyebrows:

I'll certainly be keeping an eye out for a name badge with 'Tel' written on it, and if the opportunity arises, finding out politely what his problem is.

In any case, the matter has now been reported to James. Hopefully, the comments will be removed, as requested.

Marco.

Why do you want the comments removed Marco?

I find it quite an eye-opener to see what people really think, as long as no libel has taken place of course ...

Hi Jules,

I take your point, but I've asked for them to be removed, simply because such comments are not conducive to achieving friendly relations between the forums, especially at a time just before the Scalford Hall show, when we'll all be mingling together under the one roof! :doh:

Indeed, I see James has now made that very point on Wigwam. Let's hope the guilty parties take note and behave accordingly. We don't need the bad blood.

If anyone here wrote that sort of stuff about Wigwam, it would be removed instantly and the person responsible warned that such comments were unacceptable. Tony does the same on pfm, on the rare occasions that this sort of nonsense crops up. There is simply no need for it.

Marco.

I don't know that the Price Gong thing is at all related to what I'm dealing with, but here are details on removing it:

http://www.pricegong.com/FAQs.aspx

Didn't work for me Nick as PriceGong was not in my ADD/REMOVE programs list, I explain how to remove it in a previous post if anyone should find themselves in the same boat ;)

Sorry! Been a bit busy lately :rolleyes:

S'ok dude. When I did some research into PriceGong I discovered that it first appeared in 2009 and was in fact a rather pushy price comparison tool which installed itself unbidden onto PC's. My suspicion is that the version I've had to deal with is a nasty evolution of the code which has been altered to deliver a trojan.

Pricegong is one of those nasty little things that comes bundled with free software. You click no for all of it - bar what you want - and its downloaded anyway. Most recently I came across it while looking for a free WAR file opener 7Zip had PG bundled with it. It was hard to remove but I got rid of it eventually.

I have been getting the warning via Google since late afternoon yesterday. I logged in for the first time tonight (still a warning though, I use Chrome), no issues so far and no nastiness downloaded when I did.

I suspect PG was picked up elsewhere and as its everywhere I don't think AOS is to blame but you never know.


Regards Neil

Can I suggest that all Members clear their browser cache as this could still be caching compromised scripts (if they get Virus / Malware warnings) when as far as I can tell the site itself is now clean.

Can I suggest that all Members clear their browser cache as this could still be caching compromised scripts (if they get Virus / Malware warnings) when as far as I can tell the site itself is now clean.

Hi Nick

I do that everyday and did so earlier but Google still shows the warning - go figure.

completely cleared browser cache and ran disk clean program, message still showing on google

The Google warning is based upon a database they maintain. We are still waiting for them to do a rescan and hopefully find the site clean and remove the flag.

The cache advice addresses the issue that some people are reporting AntiVirus software warnings when visting today, when the compromised scripts and posts were dealt with yesterday.

Cache cleared Nick

Thanks Andr'e.

Cleared all the cached pages for the last month and still getting the malware message :(

The Malware message won't go until Google themselves rescan the site and confirm it is clear. The Malware message was set on the 24/01, unfortunately it is taking a little while for them to get round to rescanning the site. Unfortunately the internet is a big place, so they must have quite a few sites to go through each day :(

The Malware message won't go until Google themselves rescan the site and confirm it is clear. The Malware message was set on the 24/01, unfortunately it is taking a little while for them to get round to rescanning the site. Unfortunately the internet is a big place, so they must have quite a few sites to go through each day :(
Lazy buggers.:lol:

Yaayy....finally back, :) up to late last night, it was still shown malware message.

Interesting to see how it was viewed elsewhere, while PFM reported the problem, no malicious posts and locked the thread,
the mood was different on the other place, strange. :scratch:

Every thing seems back to abnormal as usual.

Indeed. Google rescanned the site overnight (UK time) and found us clear.

Please can everyone clear their cache / temporary internet files as a precaution, if they've not already done so in the last 24 hours.

Thanks!

I am also blocked by chrome too. Tried IE and it took me to a teen porn site that I could not get away from at all so the last resort was a CTRL-ALT-DEL and kill it that way.

Nah - that'll be your regular home page, Frank. :eyebrows:

___________________

Good that it's sorted - well done folks! :thumbsup:

Nah - that'll be your regular home page, Frank. :eyebrows:



Bugger, I have been finally sussed :lol: