Looking for OS X/Linux/network infection help Solved/Closed

Question

Hello, 

smed79 over in the EasyList forums sent me here for assistance. I do not know Kioskea's view regarding ad-blockers, so, if Kioskea is negative toward them, I will confine future posts strictly to this thread's title.

While testing Adblock Plus on Safari, I encountered a site, Newser.com, that displays some ads (mostly MacKeeper banners and AdSupply page-unders) through the adblocker. All adblockers in all browsers I've tested in all OS's I've tested and on all networks and machines I've tested, actually. That includes Firefox, Chrome, and Ubuntu Linux. For more detail please see the thread at: https://forums.lanik.us/viewtopic.php?f=62&t=20215&sid=4e50f8080f08ddccf88660c9cb0123a3

I followed smed79's and fanboy's advice for cleaning my machines, as well as the malware and adware removal guides over at thesafemac.com. I cannot find anything on my machines. Apparently, they do not see the ads that I do, nor similar ones, so, presumably, something is up with my systems, no matter how unlikely that may seem to me. (I've been at this computer thing, digging into them since 1984, so I thought I could figure something like this out. Apparently not.)

Without further input, I don't know what else to say, other than help! I've been dealing with this for more than 10 days now, and I feel I cannot trust my systems until I know what is (or isn't) going on. Can someone else, with known clean machines, at least check the newser.com site for what I describe over at the EasyList forums (above link) and see if the same thing occurs?

Thanks for any help,
Shawn


Configuration: Mac OS X (10.10.1) / Safari 8.0.2

kieferschild · Answer

Hello Shawn,

the likeliness of your Mac being infected is very slim.

i've just visited the website on my Windows laptop and I too go an advert in the bottom right corner.

This is nothing to worry about. The cookies on your Mac will tell the site that you're on a Macbook and it will give you Mac related adverts to try and boost their sales.

Obviously, what you seem to be saying is that you're using Adblocker on several web browsers and it is still occuring - Am i correct?

And just to clarify - Are you trying to stop the advert from popping up?

Also, have you checked your applications to ensure you've got no adware programs installed? 

I've tried this website in IE with no adblocker and i can tell you that there are A LOT of adverts on that website.
 

**UPDATE

I've been doing some testing and find that if you use Firefox and run the latest version of Adblocker Plus with YesScript and you blacklist newser.com, that annoying slide in advert does NOT appear.

https://addons.thunderbird.net/en-us/seamonkey/addon/yesscript/

If at first you don't succeed; call it version 1.0

smed_79 · Answer

Do not install MacKeeper https://discussions.apple.com/docs/DOC-3691

Anonymous User · Answer

smed_79,

Thanks for your input, and for your time with this issue and with EasyList in general.

I understand that you are not seeing the ads on newser.com. However, that does not mean that others don't see them. kefierschild, above, has stated that he sees a floating banner on newser.com in Windows, though I do not know his system setup. I see them in OS X and in Ubuntu Linux.

I have checked my systems extensively, and, as far as is possible to know, I do not have any adware installed on them. I do not install any ad-supported programs, and I only install known, trustable software from known, trustable sources. I do not have MacKeeper installed on my computers, and I've known about that mess of a program for many years and would never install it or any software like it. Besides, why would MacKeeper keep advertising for itself if I already had it installed (no sarcasm intended)? And, to my knowledge, MacKeeper and the various advertising engines out there cannot be installed in linux.

At the moment, the MacBook Air I am typing this on only has installed on it Apple software, Firefox (d/l'd from Mozilla), and f.lux (d/l'd from the developer). The MacBook Pro I've checked Newser.com with, additionally, has Google Chrome (direct from Google) on it. Only well-known, trusted, ad-free extensions have been installed in the browsers, and during testing of this issue, only Adblock Plus is active. The linux install I've tested with is installed on a flash drive and cannot modify itself on the drive. I have to install ABP fresh each time I use it.

The screenshots below are from newser.com today, in OS X and the current Ubuntu linux distro. ABP and filters are up-do-date, the following running: EasyList, Malware Domains, Fanboy's Social Blocking List, EasyPrivacy, and "Allow some non-intrusive advertising unticked" (thus, blocked). Looking closely at the OS X screenshot, Adblock Plus has even blocked 4 elements on the adsupplyads.com page-under, but did not block the page-under itself. Bear in mind when checking newser.com, the page-unders and floating banners do not necessarily re-appear once they've displayed, unless site preferences are cleared and the site is browsed some more.

Anonymous User · Answer

smed_79,

Here's one additional screenshot, this one in OpenSuse 13.2 GNOME edition. This one, ABP and EasyList just installed, only the EasyList filter set active and non-obtrusive advertising allowed (stock install of ABP). As you can see in the linux screenshots, either the ad images for the floating banners are failing to load, or ABP/EasyList is catching those particular images and leaving the floating banner box; however, the particular OS X (MacKeeper) ad image loads through the EasyList filters. The adsupplyads.com page-under loads successfully through ABP/EasyList, triggered by random newser.com pages (but, again, only newser.com pages), regardless of computer, OS, or network used.

I don't know how it may be that you do not see the ads on newser.com, but I am able to reproduce them readily from various machines and OS's. Maybe they are location-specific? I'm in the U.S., and keiferschild is in the U.K. Perhaps the ads do not display to countries where English is not an official or dominant language, as it does seem to be a U.S.-based and -oriented site? 

I don't see at all how these ads on newser.com could possibly be from adware/malware... OS X, Windows, Ubuntu, OpenSuse... If you have not done so, please go take a look at the demos on AdSupply's corporate website. You can see both of these sorts of ads demonstrated there (scroll down the page a bit).

smed_79 · Answer

Hi nwahs, 
1. run an OS on a flash drive for exemple Ubuntu Linux without any Adblock installed.
2. edit your hosts file (DNS settings) requires superuser permissions.
#sudo gedit /etc/hosts and replace by http://sharetext.org/awDs
(add an empty line at the end of file)
save the file and try to browse Newser.com

about location: i have try from my location (ALGERIA), using VPN with an ip adresse from France an Canada and browse Newser more then one hours and i cant see ads.

My Adblock Plus Subscriptions:
Liste AR+Liste FR+EasyList
EasyPrivacy
Fanboy's Annoyances
https://adblockplus.org/fr/subscriptions

Greasemonkey :
Anti-Adblock Killer | Reek http://ww38.monkeyguts.com/code.php?id=351&subid1=20200115-0338-138f-b42c-ab33a8e92c6d
AdsBypasser http://ww38.monkeyguts.com/code.php?id=351&subid1=20200115-0338-138f-b42c-ab33a8e92c6d

Anonymous User · Answer

I gave the AnonymoX extension a quick test. Set to the U.K., the ads that bypass Adblock Plus did change region.

smed_79 · Answer

I can reproduce now : https://forums.lanik.us/viewtopic.php?f=62&t=20215&start=15#p65594
sorry and thank you for insisting to solve this problem.

Looking for OS X/Linux/network infection help

7 responses

Similar discussions

Subscribe To Our Newsletter!