# New Chrome shows malware on a DBSTalk forum?



## itzme

I just got the latest stable Chrome. I have a google bookmark to a view of the cutting edge forum. Specifically the bookmark is http://www.dbstalk.com/forum/58-directv-cutting-edge/

Today when I clicked on that bookmark Chrome showed:

The site ahead contains malware
Attackers currently on *similarki.com* might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).

Automatically report details of possible security incidents to Google. Privacy policy

Yet I got here just fine when I typed in the DBSTalk.com URL. I can also surf over to the CE forum just fine. Strange.


----------



## itzme

Update: I fixed the issue by updating/changing that URL in my bookmarks. Thanks!


----------



## David Bott

It seems it was detecting code from a 3rd party ad server ad that was coming down. We hope the issue has been resolved, or will be in the next X hours when Google scans the site again and then removes the warning from Chrome.


----------



## MysteryMan

David Bott said:


> It seems it was detecting code from a 3rd party ad server ad that was coming down. We hope the issue has been resolved, or will be in the next X hours when Google scans the site again and then removes the warning from Chrome.


When using Google I get the warning when selecting "New Content".


----------



## David Bott

Any page that has an ad on it, even the NEW CONTENT page could through the warning. This can occur until Google Adsense stops whatever 3rd party ad server is sending the ad with the weird code.


----------



## sangs

I just received the same warning using Safari.


----------



## Steve

Same here with Chrome 37.x


----------



## MysteryMan

MysteryMan said:


> When using Google I get the warning when selecting "New Content".


Update: Am no longer experiencing the issue when using Google.


----------



## David Bott

I really hope they clear it as I think it was coming in via a 728x90 ad as it was also on the Page Not Found page and that only had the 728x90 ads on it.

So I turned off currently Google Adsense 728x90 ads and put in Yahoo ads for now.

This kills me as takes away the ad revenue the site needs as the Yahoo ads don't do as well.


----------



## MysteryMan

MysteryMan said:


> Update: Am no longer experiencing the issue when using Google.


Update: When using Google malware warning is again appearing when I select "New Content".......Minutes after posting the issue is gone. :shrug:


----------



## jimmie57

Quite often I get a warning from Norton that I have had a website 32 intrusion blocked.

Message as follows: Blocked

Web Attack: Exploit Toolkit Website 32.
Risk: High
Attacking Computer : 217.23.3.187
Attacker URL: is super long so I will just put the first part : gipor.hbasic-slider.kalisz.pl/1657180754/ and it keeps going and going.
It says that website matches the signature of a known attack.

PS: This is running IE 10. I have not tried it in chrome.


----------



## longrider

I just experienced the issue in Firefox and 10 minutes later it was gone. The warning was pointing to similarki.com as others have posted


----------



## mexican-bum

longrider said:


> I just experienced the issue in Firefox and 10 minutes later it was gone. The warning was pointing to similarki.com as others have posted


Me too, firefox...


----------



## MysteryMan

Am getting the warning message again went selecting "New Content" while using Google. Am not experiencing the issue when using Internet Explorer.


----------



## MysteryMan

longrider said:


> I just experienced the issue in Firefox and 10 minutes later it was gone. The warning was pointing to similarki.com as others have posted


Warning message I'm getting points to www.dbstalk.com, not similarki.com.


----------



## longrider

I agree the first warning did say dbstalk.com but when I went to a more info link it mentioned a link to similarki.com Everything points to an ad as David was saying, I find that interesting in that as club members we see a lot less ads plus I run an ad blocker so I see no ads. My guess on the blocker is that the protection sees the ad before the blocker keeps it from being displayed. Hopefully the fact it is an ad that club members see will narrow down the search for David


----------



## Laxguy

I keep getting mackeeper pages popping out when on the site. One just happened when I clicked "Quote" to reply to a post.
I hate mackeeper, and will find a way to block those MFers. I use Safari mostly.


----------



## David Bott

Hi...It would not matter if it was a club member or not as when Google scans the pages when it indexes, it does so as a normal user. So it would see the ads you do not.

This is driving me nuts. Seeing it is telling me that threads or even search, like show new threads, shows up as an issue page, the only ad that both would have in common would the the top and bottom 728x90 ad.

I have now removed all the in thread ads top, bottom, middle. The only ads showing are on the right side bar and those only show up on the forums list and threads list which Google has never reported to be an issue. Also, most of the threads it reports are older and not current, so I know it is happening during indexing.

it says it finds...

<sc ript type="text/javascript" src="http://simi larki.com/Aob6XdxPCsfZ-REgn9Wt/FyJAb.js?V-9pSfOGFRcZE-1rXun_DwJ=01487d6a71feb789f48ef70">
It also changes...But always the same domain name.

<sc ript type="text/javascript" src="http://simi larki.com/XizQY4CVg/Dxplr.js?4qWHjsXlOCEkw-N0t_p-7UcQ_uMY=949efd78c08e127bf343122e3ab71">

I added the spaces.

I can not find anything related to that url in any of the pages Google referenced as malware injected. Thus it had to be coming from an ad. This really is killing me in more ways than one.

Sorry all.


----------



## Laxguy

David Bott said:


> Hi...It would not matter if it was a club member or not as when Google scans the pages when it indexes, it does so as a normal user. So it would see the ads you do not.
> 
> This is driving me nuts. Seeing it is telling me that threads or even search, like show new threads, shows up as an issue page, the only ad that both would have in common would the the top and bottom 728x90 ad.
> 
> I have now removed all the in thread ads top, bottom, middle. The only ads showing are on the right side bar and those only show up on the forums list and threads list which Google has never reported to be an issue. Also, most of the threads it reports are older and not current, so I know it is happening during indexing.
> 
> it says it finds...
> 
> <sc ript type="text/javascript" src="http://simi larki.com/Aob6XdxPCsfZ-REgn9Wt/FyJAb.js?V-9pSfOGFRcZE-1rXun_DwJ=01487d6a71feb789f48ef70">
> It also changes...But always the same domain name.
> 
> <sc ript type="text/javascript" src="http://simi larki.com/XizQY4CVg/Dxplr.js?4qWHjsXlOCEkw-N0t_p-7UcQ_uMY=949efd78c08e127bf343122e3ab71">
> 
> I added the spaces.
> 
> I can not find anything related to that url in any of the pages Google referenced as malware injected. Thus it had to be coming from an ad. This really is killing me in more ways than one.
> 
> Sorry all.


*This just in:* The first time I click on Quote, I get bumped to a site I do not want, example: http://www. ev o bulls .com/20761 18123__31784; spaces added to nuke the URL. Also, Mackeeper keeps coming up. The second time I click on quote, I get to quote box and so it is with this one.

HTH!


----------



## David Bott

Laxguy said:


> *This just in:* The first time I click on Quote, I get bumped to a site I do not want, example: http://www. ev o bulls .com/20761 18123__31784; spaces added to nuke the URL. Also, Mackeeper keeps coming up. The second time I click on quote, I get to quote box and so it is with this one.
> 
> HTH!


I get no such issue, from the sounds of it, especially the MacKeeper coming up, I would think have something on your machine/browser making for such an issue.


----------



## NR4P

Just got the malware red screen on Chrome 64 bit edition when going to a dbstalk,com linked page


----------



## Karen

I just got it when I clicked on New Content!


----------



## David Bott

Yes, not surprised as Google still has not rechecked the site. All ads at this time are off the site. This really, well, sucks to say the least. Until Google rechecks the site, the warnings will continue. I have no way to control that. For all I, they are false positives.

Example...if you go to this site and click URL...

https://www.virustotal.com

...put in this URL which Google says has malware on it...

http://www.dbstalk.com/topic/163534-wga600n-firmware/

...It comes up clean.

Even if you put in the New Content Link, it come up clean...

http://www.dbstalk.com/index.php?app=core&module=search&do=viewNewContent&search_app=forums

All I can say is I am sorry it is happening.

BTW...What Chrome 64 Bit edition?


----------



## Steve

David Bott said:


> BTW...What Chrome 64 Bit edition?


The Windows 64 bit edition here. Didn't see any warning yesterday or earlier today, but tonite they seem to be back.



> Version 37.0.2062.102 unknown-m (64-bit)


----------



## MysteryMan

Issue is getting worse when using Google Chrome (version 37.0.2062.102). Malware warning is now blocking me from using "My Content" as well as "New Content".


----------



## Stewart Vernon

Now today I'm finally seeing this on my Mac with Firefox 32. I had not been seeing the warnings until today. Funny, I didn't see the warning on the main site or when I logged in. Even going into the forums... but opening any discussion thread brings up the warning page for me today.


----------



## inkahauts

Seeing the sane with new content unfortunately.


----------



## Karen

I just saw it again with new content and this is what they're saying about the site.

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.dbstalk.com%2Findex.php%3Fapp%3Dcore%26module%3Dsearch%26do%3DviewNewContent%26search_app%3Dforums&client=googlechrome&hl=en-US

I'm using Version 37.0.2062.102 m


----------



## texasbrit

Now seeing this with firefox on win7


----------



## Laxguy

I got bitten badly over the last week or so, and it turns out my warnings were off, and I was careless in OK ing something I should not have. Could have gotten it in Canada, who knows.

But I removed five adware gremlins, by running this script from The Safe Mac:
http://www.thesafemac.com/art/

Now, I do hope this helps someone somewhere!

And now I guess I'll go and admire my post count in the thread that extolls such milestones! 

Have a good evening, all.


----------



## armophob

FF 27.0.1 Win XP being blocked.


----------



## David Bott

I just hired a company to track the site and find the issue. 

Sorry again all.


----------



## Joe Tylman

Chrome 64 is also reporting the issue.


----------



## coolman302003

FWIW, you can temporarily turn off the malware alert in Chrome. Details here. I do suggest re-enabling once the issue is resolved for the site.


----------



## MysteryMan

Not experiencing issue using Google Chrome this morning.


----------



## FHSPSU67

All's well here with Chrome this morning, too.


----------



## David Bott

I think we may be good. Lets hope.


----------



## dpeters11

David Bott said:


> BTW...What Chrome 64 Bit edition?


Google released an actual 64 bit version of Chrome, right now it has to be manually downloaded and doesn't support 32 bit plugins (which Chrome is going to be dropping anyway even on the 32 bit version.

Appreciate your assistance on this.


----------



## Blowgun

Today there are no such warnings. For the record, this is what I received Yesterday when attempting to view threads, and only threads, using v29.0.1 of Firefox:










Clicking on "Why was this page blocked" results in:


----------



## Stewart Vernon

Yep... that's what I started seeing yesterday morning too... and then at some point it has stopped for me.


----------



## itzme

David Bott said:


> I think we may be good. Lets hope.


David kept apologizing and I think we all just felt terrible for him. I couldn't even get to this thread to tell him. It all seems fine now.


----------



## David Bott

I still have some ads off as the issue is still being looked at but we have some now that we have cleared and thus are now running.


----------



## armophob

No FF issues for a couple days. Thanks.


----------

