Hallo, sorry ich bin Deutsch, ich spreche nicht Englisch.
Ich Habe Ein Problem, this page ( http://static.ernmoneynow.com/ac/?z=1&ilmernzkvtaztusnt=002564845340DF77&pu=&s nm = & = & t = ilmern...) OffNet Selbst denBrowser und verlangt Eine Windows-überprüfung.
Wie Kann ICH das. verhindern?
Solved! Go to Solution.
oldie: If you don't already have it I would add a translator to your browser add-ons. Google Translator is good.
Oldie: Wenn Sie nicht bereits haben würde ich einen Übersetzer, um Ihren Browser-Add-ons hinzufügen. Google Translator ist gut.
Hi, sorry I'm German, I do not speak English.
I Have a problem, this page (http://static.ernmoneynow.com/ac/?z=1&ilmernzkvtaztusnt=002564845340DF77&pu=&s nm = & = & t = ilmernzkvtaztusnt) OffNet self denBrowser and requires a Windows check
Google's translation not the best however I gather you need the red rating reevaluated if so follow this method
here are the steps:
No, I don't think so. This isn't a case of this-site-is-Red-please-make-it-Green.
The site URL (http://static.ernmoneynow.com/ac/) looks suspicious, and in fact it maps to another URL : http://hvvproduction.nfshost.com/ac/
All the scuzzy fix-malware-fast websites are full of instructions to remove this, whatever it is, but they don't have a name for it - they use the domain names above as their description.
Both of those names map to the IP address 208.94.116.244
https://www.virustotal.com/en/ip-address/208.94.116.244/information/
There appears to be a history of malware detections in different sub-sections of those sites. Now, it is .../ac/ which is the problem; last time it was ../bg/
This looks like an aggressive adware campaign, because there is some packed and obfuscated javascript on the site which Sucuri takes violent objection to (see HERE).
Our scanners identified a packed (encoded) javascript block related to the "runforestrun" malware botnet that has been compromising Plesk-powered servers.
Those links lead to multiple exploit kits affecting desktop (Windows) users. Additional details here: http://blog.unmaskparasites.com/2012/07/26/runforestrun-now-encrypts-legitimate-js-files/.
Affecting: Sites with Plesk outdated.
Clean up: Malware is hidden at the javascript files.
ESET is blacklisting both of those domain names) which are, in fact, the same site. It looks as if the site exists to switch users to advertising sites elsewhere, some of which may modify browser settings.
The decoded javascript has a number of references to "ads.yahoo.com" and "ask.com" so it would be best to run the usual tools :
Malwarebytes (Free version)
CCleaner (Free)
Thanks Peter the translation confused me.
oldie: If you don't already have it I would add a translator to your browser add-ons. Google Translator is good.
Oldie: Wenn Sie nicht bereits haben würde ich einen Übersetzer, um Ihren Browser-Add-ons hinzufügen. Google Translator ist gut.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: