1,105,644 Community Members

Google Chrome - Automatically opens new tab http://www.omniforexsignals.com

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Last week I started having a problem with Google Chrome.

Unwanted Advertisements open in a new tab (between my home page tab and my email page tab:

  1. http://www.omniforexsignals.com/?hop=ppccrash
  2. http://socialsecuritydisabilitybenefits.co
  3. http://www.getautoinsuranceforless.com/?sid=TE-Z-FRT-50&source=zipsubmit&c1=518&c2=55821&c3=DISPLAY&hit=645787350&m=em
  4. http://auto-insurance-hub.com/a/?afid=189149&sid=&affiliatereferenceid=0000RM-470958485208
  5. http://plan.enjoyfreegifts.net/SplashPage.aspx?g=3757a7d1441640e1b81f32877dcdf1f3&ust=8007ec4e6a91443e969c5eeec92e621d&nm=01zgarr6jux6ai&s=50150&se=51

I am running an IBM Thinkcentre with Windows XP Professional... Google Chrome 20.0.1132.57 and I also use Foxfire daily and have not had the problem.

Thank you in advance for your help!

THP

HTMLperson5
Deleted Member
 
0
 

Maybe you might want to re-install Google Chrome, and if that fails, I am guessing this may be some sort of malware. Which you can fix by downloading an Anti-Virus, like Avast!

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

That may be worth a try...fyi, I do have Norton 360, have run scans and Norton Power eraser. Thanks, THP

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

exact same problem, running Avast, also checked with spybot and malwarebytes, started around the same time and opening the same tabs

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

chodson, I looked at programs that I installed that could have caused the problem. Did you install a program that was recommended by "Kim Komando" called WordWeb? I'm wondering if it has some type of adware?

Thanks, THP

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 
Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I have not installed the program you mention above. I've had that mate1 one also. I have to assume that something has gotten into our browsers that is not yet being caught by the AV programs or adblock or Malwarebytes or Spybot types of programs. They open up mostly when clicking on the new tab (+) tab. These are not pop-ups (although once open they may contain pop-ups (the last one I got.. http://guaranteed-issue.com (DO NOT GO HERE) sends pop-ups when you try and x out the tab (do you really want to close this tab type of pop-up)), the new tab opens, but also a tab containing one of these things opens. I am in the midst of running a full Avast scan, which will take a long time, and if I see anything interesting in that report I'll post it.

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks for the update. I too have had the same webpage appear in a "popup tab".

According to Norton's Safe Web, this site (see report below) and all other sites that have poped up on my computer are "safe".

guaranteed-issue.com
Summary
Norton Safe Web found no issues with this site.
• Computer Threats: 0
• Identity Threats: 0
• Annoyance factors: 0
Total threats on this site: 0
• Community Reviews: 0
add your review
Anonymous
(Sign In or Sign Up)
user reviews (0)

**********Total threats found: 0
Viruses (what's this?) Threats found: 0
Drive-By Downloads (what's this?) Threats found: 0
Malicious Downloads (what's this?) Threats found: 0
Worms (what's this?) Threats found: 0
Suspicious Applications (what's this?) Threats found: 0
Suspicious Browser Changes (what's this?) Threats found: 0
Security Risks (what's this?) Threats found: 0
Heuristic Viruses (what's this?) Threats found: 0
Adware (what's this?) Threats found: 0
Trojans (what's this?) Threats found: 0
Phishing Attacks (what's this?) Threats found: 0
Spyware (what's this?) Threats found: 0
Backdoors (what's this?) Threats found: 0
Remote Access Software (what's this?) Threats found: 0
Information Stealers (what's this?) Threats found: 0
Dialers (what's this?) Threats found: 0
Downloaders (what's this?) Threats found: 0
Embedded Link To Malicious Site (what's this?) Threats found: 0*****
**
Please let us know the results of your Avast Scan.

I am concerned that when I installed WordWeb (which i have unstalled and still had one popup tab since rebooting), I might have given permission to such advertising...I'm usually careful not to allow such.

Thanks, THP

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

The point is not whether or not the site is considered "safe" by Norton (although any site that tosses pop-ups at you when you try and close it is not what I consider a safe site), but why are they popping up at all. I want to find what is using my opening of a new tab as a good reason to serve me an ad. Hiding the underlying trigger is sleazy at best. I am also quite careful of hidden adware and other tricks. I've been using Chrome for a few years, and this is a new one on me. Chrome is acting more like the old style porn sites that just kept opening window after window if you ended up on one of them....a behavior I happily thought had faded into history...

Full scan with Avast has just finished. Infected files found 0. This means no results now with Avast, Malwarebytes, Spybot, to name 3, and Adblock is running always. If this is acceptable behavior now for Chrome it's looking like time to give Firefox another go maybe...

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I share much of your frustration.

The problem you described: "any site that tosses pop-ups at you when you try and close it...."

My problem seems to be different: unwanted advertisement webpage opens in a new tab. My problem only occurs one or two times a day. I can close the tab without any problem or without it "tossing pop-ups". So far, my problem is an aggervation, not a threat.

I like you would like you would like to find the trigger and agree that any site that that does this is sleezy.

FYI, Foxfire does not have this problem. I keep both open, so I can access 2 different emails that are yahoo based, even though one is att.net.

FYI, I tried to do a system restore to a point before my problem started..."could not restore to that point. Have you tried to do a system restore?

Thanks, THP

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Not realizing it was not an isolated incident, it was a couple of weeks before I got annoyed enough to start trying to track it down, by which time I had no idea how far back to try and restore, so no, I have not done a system restore. Re the pop-ups, my behaviour is exactly the same as yours, with the same pages coming up..a few times a day, in a new tab. The pop up behavior I mentioned seems to be localized to that particular ad (guaranteed-issue), and is not how all of them respond to an x out. If google is serving them, their analytics need a tweek...I've been with the same auto insurance company for well over 20 years, and have not gone to any sites or talked about it in any emails, and in fact none of the sites served up seem to have any relevance to either my surfing habits or any recent conversations. Given that we are getting the same ads, my guess is that those url's may be hard coded into whatever is opening the tabs.

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I looked at my history and found that my first one started July 3.

They are easy to spot in my history because there is a "light gray world globe" to the left of the name and it is followed by the .d37u147w1ofw0w.cloudfront.net entry.

4:51 PM "light gray world globe" Car Insurance auto-insurance-hub.com
immediately followed by
4:51 PM "light gray world globe" .d37u147w1ofw0w.cloudfront.net

I do not think it is a Google problem, because, I like you have NOT shopped or Googled for ANY of the products that have poped-up.

Do you know anything about ".d37u147w1ofw0w.cloudfront.net"? Is it appearing in your history as well?

Thanks, THP

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I just did some research on Cloudfront.net and found the following:

We are not alone.

CloudFront.net is not a web site. It is a redirect to Amazon CloudFront. Amazon CloudFront is a web service for content delivery. It integrates with other Amazon Web Services to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no commitments. It is a pay-as-you-go service.

Solution (I hope) was found in Google Groups: https://productforums.google.com/forum/?fromgroups#!topic/chrome/Ck68F9UTF4s

The solution as stated is: "**A little later.... I've looked at my cookies (Chrome/spanner/settings/show advanced settings/Content Settings/All Cookies and site data/) and searched for cloudfront.net and found three cookies from them, all of which I've deleted.

At the time they were accepted by Chrome I was viewing only Facebook. Amazon, Facebook, unwanted and intrusive ads, slyly installed?!? What gives?

Hopefully this is the last I'll see of these cloudfront.net ads."

I just searched my history and found 5 cookies from the cloudfront.net and deleted only those cookies. Hopefully that will fix the problem. I should know by the end of the day tomorrow.

chodson, Hope this is helpful for you as well!

Thanks, THP

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I don't think this is it. I show no cloudfront cookies at all, and have not seen any, and I have been in that section of settings often over the past few days deleting cookies and adding some to blacklists. I am on Amazon frequently enough so that I would think I would see it, but no. What we may have here is some people looking around to find what is causing this and noticing that they have a cloudfront cookie...which may otherwise have gone on sitting there un-noticed. On the other hand...I am noticing that Facebook has come up a couple of times in conversation...and the possibility that they have snuck something onto my machine seems highly likely. Wouldn't be the first time they've added something to my account I have no desire to have...and I do generally have a facebook tab open. I think maybe I'll try keeping it closed when not actively viewing for a few days and see if that has any effect.

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I am changing my mind, even though I find no cloudfront cookies by name. Here is my history from yesterday. I was in my gmail account and likely then clicked on the new tab tab or a link in a mail message....

Social Security Disability Benefits
socialsecuritydisabilitybenefits.co

10:46 AM
Social Security Disability Benefits
socialsecuritydisabilitybenefits.co

10:46 AM
http://kpm7.com/c/23307/55821/?sid=0000RM-471005338719
kpm7.com

10:46 AM .
d37u147w1ofw0w.cloudfront.net

since this is from history, read from bottom to top. First cloudfront, then kpm7.com (another Amazon ad server...are we seeing a pattern here?) then to the ad. Note it is for socialsecuritydisabilitybenefits.co not .gov or even .com . This is a site that is trying to get it's hands on a percentage of a SSD award by offering easily available free advice...in other words...like most of the ads coming through this method...probably not doing anything illegal, but sleezy at best. The forex ad that comes up is also for a product generally considered no better than a coin flip for buying/selling on forex markets. In other words, all of these ads are from sites that are using distortions at best, so no surprise to see them popping up using this stealth method. Most legitimate ad servers would have culled them out long ago.

It is looking like Amazon has some explaining to do. I am a Prime account member and regular customer for years, but I will be quite willing to switch to a Nook and another site for incidental purchases if this is the new Amazon business model. I expect to be served ads while browsing their site..I do not expect my work flow to be interrupted by unwanted crap sites.

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I agree with you that the cloudfront.net always hits the history first. Thank you for the update. Please keep us informed as to yyour progress.

BAM! - Update, I just got hit with: Insurance.Comparisons.org - Save Big Money On Your Auto Insurance!
http://insurance.comparisons.org/ver2/?sub=1072- and

d37u147w1ofw0w.cloudfront.net

I don't know if I got all cookies or not so I have just deleted all of my cookies and blocked: d37u147w1ofw0w.cloudfront.net and cloudfront.net every place that I could. Will keep you updated.

Thanks, THP

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Me too. This one just now

10:50 AM
http://www.dream-marriage.com/members/new/aff6.php?neverblue2=35413&subid=0015430061008263784
www.dream-marriage.com

10:50 AM
Page is loading, please wait!
tutvp.com

10:50 AM
.
d37u147w1ofw0w.cloudfront.net

blocking the cloudfront cookie in chrome did nothing. I have just blocked cloudfront.net at my router. This may make the difference, but I think we are not much closer to finding out which entity snuck this POS malware onto our systems in the first place. Looked up tutvp.com also, and I'm adding them to my routers block list on general principles.

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

So much for deleting all cookies and blocking "all that CHROME" will allow. Again I have received my daily "SPAM" pop-up tab.

9:30 AM Mate1.com - Find Someone Today registration.mate1.com

9:30 AM .d37u147w1ofw0w.cloudfront.net

Hope you are having sucess! I'm going to do some more research on cloudfront.net today.

Thanks, THP

Member Avatar
chodson
Newbie Poster
12 posts since Jul 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

I got the attempt..a few moments ago...and a tab with this in the address bar https://d37u147w1ofw0w.cloudfront.net/dailytab.html?mzid=47 which in turn I'm sure would have redirected to the ad proper had it not done this instead

This page is unavailable due to policy restrictions.
Detected: "cloudfront.net" in the address.

So, that being either my block at the router or firewall I did not get the ad proper...but I did still get a new tab with that stuff on it instead...which still requires me to stop what I am doing and close it, so I am not gaining much benefit besides not having a bunch of cookies for dubious companies set also.

There are a couple of other threads about this also if you use the set of numbers in front as well as the .cloudfront.net address in your search, none of which have come to any conclusions yet...and a lot in german with the word "trojan" in them, but I haven't tried to translate them...all seemed to start around the same time, and at least on the english side, no one has discovered the vector. I think that first set of numbers should be the company name (were they not intentionally trying to hide it), and cloudfront merely the equivalent of the hosting servers. I can't really imagine Amazon risking so much of a backlash intentionally. I suspect someone has bought whatever service it is that cloudfront offers, and has twisted it to their own purposes..hence hiding the name behind a hash tag.

Member Avatar
thp
Light Poster
41 posts since Sep 2011
Reputation Points: 7 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

unfortunately, I have found a couple of links that bother me.

1st - from this post( https://forums.aws.amazon.com/thread.jspa?threadID=96347 ) it appears that Amazon Web Services June 6, 2012 had a post that Google has flagged cloudfront.net as distributing malware and AWS was working to "fix" it.

2nd - It appears from the Google post http://google.com/safebrowsing/diagnostic?site=cloudfront.net/ it is now "safe"

Thanks, THP

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: