WARNING -- Audiogon has a Trojan Horse

NewHTguy

Last night I was surfing audiogon and out of the blue my pc was infected with a virus/malware/call it what you want. The virus tried to fool me into thinking that it was a windows antivirus program that needed to be "updated" to remove the viruses on my pc. Of course it wanted a CC number to upgrade. I'm not the most well informed on security issues but I realized it was a scam. Today I spent hours reinstalling Windows XP and downloading 80 efing security patches (many of which I had downloaded when I first bought the machine). I also upgraded my virus software in the process. Tonight I was looking at audiogon again (at a pair of Lsi 15s) and my new antivirus software told me that it prevented a trojan horse. It seems that the new Beta version of the gon may have some security weaknesses. If you shop on the Gon, make sure you have an updated AV program!

headrott

So the thread Jesse started is even more true than we all realised!?!? Actually, it's worse than we thought apparently.

Greg

Syndil

Actually it's the ad service that Audiogon is using, but the result is the same. Reputable ad services will screen the advertisements that are submitted to them to make sure they are not malevolent and do not contain any viruses. Less than reputable ones like the one Audiogon is obviously using do not screen.

I just checked their site, and it looks like they are using several different ad services in rotation. Opera is blocking at least one of them out, so that's probably the one that contained the virus. Looks like it's either doubleclick.net or quantserve.com.

With Opera, whenever I see an ad like that, I can permanently block the ad provider that showed the ad. I don't like blocking all ads, as I like the Internet to be free, and many of my favorite sites are supported by ad revenue. But I do like having the option to block specific ad services that let viruses through.

BeefJerky

Syndil wrote: »

Actually it's the ad service that Audiogon is using, but the result is the same. Reputable ad services will screen the advertisements that are submitted to them to make sure they are not malevolent and do not contain any viruses. Less than reputable ones like the one Audiogon is obviously using do not screen.

I just checked their site, and it looks like they are using several different ad services in rotation. Opera is blocking at least one of them out, so that's probably the one that contained the virus. Looks like it's either doubleclick.net or quantserve.com.

With Opera, whenever I see an ad like that, I can permanently block the ad provider that showed the ad. I don't like blocking all ads, as I like the Internet to be free, and many of my favorite sites are supported by ad revenue. But I do like having the option to block specific ad services that let viruses through.

Syndil is right, it's just an ad. However, if the software managed to install itself on your computer, then you must have clicked on the ad; it wouldn't have installed itself otherwise. While those ads (and the ad service that serves them) may be a bit unscrupulous, it is still your fault for not using more common sense. You should be fully aware of what antivirus program your computer is running, and not be fooled by some other fake one. I say take this as a lesson and be smarter about these things in the future.

Nonetheless, Audiogon really does need to re-evaluate its choice of ad providers before they lose customers over it.

NewHTguy

BeefJerky wrote: »

Syndil is right, it's just an ad. However, if the software managed to install itself on your computer, then you must have clicked on the ad; it wouldn't have installed itself otherwise. While those ads (and the ad service that serves them) may be a bit unscrupulous, it is still your fault for not using more common sense. You should be fully aware of what antivirus program your computer is running, and not be fooled by some other fake one. I say take this as a lesson and be smarter about these things in the future.

Beefjerky, if you would re-read my post you would see that I wrote "tried to fool me" indicating that I was not fooled. I DO know what AV software I have on my pc. You should read more carefully before you make accusations.

To be clear, I never clicked on an ad. I never do. Show me one article in a respected PC mag, written within the last two years, that says as long as you never click on an ad you'll never have a problem with malware. You can't do it. Yes, you're chances of becoming infected are greater if you click on ads. But clicking on an ad is not a necessary condition.

I don't really care whether you believe me, however, your crazy talk is doing a disservice to others.

inspiredsports

Syndil wrote: »

. . . reputable ad services will screen the advertisements that are submitted to them to make sure they are not malevolent and do not contain any viruses . . .

This is true, but what's happening in many cases is the (bad) advertiser changes the code on the page that the banner add calls after it's been screened and approved.

As mentioned, updating malware and anti-virus software constantly is your only defense.

One other hint for the more technically advanced: If a popup opens on your screen that you looks sketchy, attempting to close it with the buttons it displays might actually activate it. To get rid of it safely, you need to right click in a blank portion of your toolbar (or simultaneously press ctrl/alt/del) to open Windows Task Manager.

Open the "Processes" tab and find the browser process(es) you are running (Ex.: iexplore.exe, firefox.exe, chrome.exe, opera.exe).

Once in Task Manager / Processes:
-- "Left Click" on the process to highlight it
-- "Right Click" and select "End Process"
-- the process for the browser you are using is probably showing multiple times if a popup is present, so do the "End Process" for every instance running.

BeefJerky

NewHTguy wrote: »

Beefjerky, if you would re-read my post you would see that I wrote "tried to fool me" indicating that I was not fooled. I DO know what AV software I have on my pc. You should read more carefully before you make accusations.
To be clear, I never clicked on an ad. I never do.

If you didn't click something to activate it, you wouldn't have to reinstall your OS. Enough said.

Show me one article in a respected PC mag, written within the last two years, that says as long as you never click on an ad you'll never have a problem with malware. You can't do it.

You're right, I can't. But, that's because there are no respected or respectable PC magazines anymore. Well, unless there is some underground one that I am unaware of.

Yes, you're chances of becoming infected are greater if you click on ads. But clicking on an ad is not a necessary condition.

Take a look at what inspiredsports posted, as he brings up an excellent point. They will even fake the "x" button that is normally used to close a window. Clicking that fake button is the same as clicking it to activate it. Right click the window in your taskbar to close it if it really is a separate window; if it is not a separate window, then close the browser altogether.

I don't really care whether you believe me, however, your crazy talk is doing a disservice to others.

Call it what you want, but I stand by what I've said. I base what I say on years of IT experience, as well as many years of personal computer knowledge. However, I'm glad I'm out of IT because of users like you who refuse to take responsibility for your own errors. Instead, people like you will choose to ignore our advice and wonder why the problem repeatedly occurs.

AsSiMiLaTeD

I'll agree that the general aggressive tone is a bit over the top BJ. Go back and read the whole thread, you may be right in your assessment of the situation but your tone is unnecessarily aggressive and is just uncalled for.

BeefJerky

AsSiMiLaTeD wrote: »

I'll agree that the general aggressive tone is a bit over the top BJ. Go back and read the whole thread, you may be right in your assessment of the situation but your tone is unnecessarily aggressive and is just uncalled for.

I was not aggressive in any way in my first post; a bit blunt, sure, but there is nothing wrong with that. However, I only responded the way I did in my second post because of his attitude, particularly the last line of his second post. If he's going to make statement like that, he should be prepared for others to respond in the way that I did.

NewHTguy

BeefJerky wrote: »

You're right, I can't. But, that's because there are no respected or respectable PC magazines anymore. Well, unless there is some underground one that I am unaware of.

Based on this I will be using the ignore button. Enjoy the game.

NewHTguy

This will be my last post on the topic. My Avast antivirus caught a trojan on Audiogon last night and I did not click on an ad.

Lasareth's advice is excellent. Perhaps I could have saved myself some grief two nights ago. I should have tried to use task manager to stop the processes as soon as I saw what looked like a program running. I can't say for sure if that would have worked, but it would have been worth a try.

Best, NewHTguy

Inspector 24

At least Audiogon is working for you guys, on both the iPhone and the iMac at home all I get is this:

Application Error

An error occurred in the application and your page could not be served. Please try again in a few moments.

If you are the application owner, check your logs for details.

Perhaps that Virus got to the 'Gon's servers??

polkfarmboy

Spotify has trojan horses too when you go to download the software from the sight. I try'd to download it with my fancy computer and kaspersky found trojans

F1nut

Is Audiogon safe yet?

headrott

I bought something from there yesterday Jesse. I didn't seem to have a problem (other than still being in "beta"). Can't gurantee it's OK, but I have been there several times in the past couple days without a problem.

Greg

F1nut

Ok, thanks.

Drenis

I have been talking with a seller on there and let me say I HATE the messaging system. Ask seller a question and that's how you communicate. Unless you click to privately send the message, then it's there for all to read. What a security risk!!