Copy link to clipboard
Copied
Hi,
In the last hour I started receiving anoying messages in my browser asking me to download this Adobe Flash Player 11.5.502.16 version. There is a download button in the message which leads me to a supicous website (http://81.4.120.101/FlashInstall.zip) and I don't believe it is from Adobe. The file to download is about 3 MB and it is compressed.
The problem is that I can't do anything and this message keeps appearing and does not allow me to navigate on the sites. I use chrome, win8, have the latest mcafee antivirus installed and could not find much about this issue on Google.
Please, could you help me?
Thanks!
Daniel
Copy link to clipboard
Copied
Are you in Brazil by any chance? I've been receiving the same messages regardless of what browser or computer I use. The only thing that seems to fix it for me is using a VPN, which leads me to believe it could have something to do with my ISP (Virtua).
Copy link to clipboard
Copied
Yes, I'm in Brazil as well. Seems odd that this topicwas viewed more than 400 times within 50 minutes. I have read one possible solution saying that this "virus" or whatever this is affects your router, therefore its reset and reconfiguration is needed. I'm looking for a simpler solution. I'm not an expert but there must be another way to solve this. I'd really appreciate if someone could shed some light on this.
Thanks,
Copy link to clipboard
Copied
I am also in Brazil and I was having the same problem.
Turns out this is a way that mackeeper forces you to renew its antivirus subscription. Once I renew it, the message got away.
And now I am feelling robbed by mackeeper.
Copy link to clipboard
Copied
I don't think that is the case here. Most likely the fact that you renewed your AV solution caused it to remove whatever was infecting your computers.
Copy link to clipboard
Copied
Interesting. I don't kave MacKeeper installed, so I don't think that could be the source of the problem for me at least. I'm with NET on the phone atm, as it seems this is only affecting people in Brazil, but so far the lady has been (unsurprisingly) unhelpful.
Also, cleaning the cache did nothing for me, unfortunately.
Copy link to clipboard
Copied
They usually don't even know what a DNS is and they rarely transfer to higher level support. Guess we're on our own, at least until this blows up and they are unable not to present some explanation.
I'm still trying to make the window reaper, but with little luck.
After killing the chrome process I mentioned (the one I didn't even bother to take a screenshot), the behaviour disappeared from all devices in the network.
Copy link to clipboard
Copied
It's also gone for me. I still think it might have been something on NETs network. Clearing the browsing data was literally the first thing I did, and it didn't help. Also the fact that it was present on all browsers and devices on the network (and this wasn't just me), and it happening to so many of us at the same time only makes me more suspicious.
Copy link to clipboard
Copied
I'm betting on something on the NET's side as well.
After changing the DNS on the router to google's the issue disappeared from everything.
I initially thought it was the chrome process I killed, but that doesn't seem reasonable.
It would seem that the DNS change was what caused the issue to disappear and that it was being injected via NET's DNSes into the victim's devices. That's how it managed to appear on IOS and Windows devices alike.
A dude in the kaspersky forum posted a screenshot of the div code: http://s21.postimg.org/npytequyf/flash_virus_2.png
Here's the thread: http://forum.kaspersky.com/index.php?s=fea0705eb0268ba4db2e73bc28fca024&showtopic=276270
Also, a thread on reddit: http://www.reddit.com/r/techsupport/comments/1s1m0b/adobe_flash_player_asking_to_download/
We must not let this die.
Copy link to clipboard
Copied
Same issue here:
Located in Belo Horizonte, Brazil, using NET Virtua ISP. Yesterday this page began appearing on iOS and Macs alike. Only in my MacBook Pro this is not showing, and, since I use OpenDNS only on this machine, it can certainly be traced to an issue with the ISP provided DNSs. Changed the DNS for one iOS device to OpenDNS, and the page never appeared back. So, NET Virtua's DNSs have been compromised for sure.
When I'm back home I'll try to contact their support, but don't think that they'll know what I'll be talking about as Topliff said. And since the first thing I did after the technician left my house for installing the modem was changing the administrator credentials, I'm sure that's not just the modem that was compromised, but their whole servers…
Anybody got a response from their side?
Copy link to clipboard
Copied
Eu uso net também,mas depois de fuçar um cadinho,ao apagar o "cache" e apagar o "conteúdo web offline e dados do usuário",resolveu!
Copy link to clipboard
Copied
Re:MacKeeper
Copy link to clipboard
Copied
Same thing here. Brazil with Virua ISP.
Any device presents the div. Including IOS devices (2 ipads tested). Same IP.
Nothing new installed in any device in the network. Nothing updated either.
Strangely, a suspicious chrome process was running in one of the computers. I killed it to test and the screen stopped showing in all devices. I was unable to make the weird process run again. Trying to get it back now.
Kaspersky detects the packed zip. Malwarebytes shows nothing in the windows computer.
Copy link to clipboard
Copied
It's so easy.....just clean your cache,and cache offline....
Solved for me !
Copy link to clipboard
Copied
Hey, that worked for me. Thanks
Copy link to clipboard
Copied
Thanks, Americo.
To everyone with the same issue, I used CCleaner and the messages seemed to go away. I'm using chrome, testing on many websites for 15 minutes and no problems so far.
Let's hope this does the trick.
Thanks to everyone.
Copy link to clipboard
Copied
Look in your Control Panel>Programs and features>Uninstall a program
Look for File.org, FileType Assistant or ANY updater/assistant program that you don't SPECIFICALLY remember installing.
Antivirus won't find these because they're "browswer hacks" and not viruses by definition.
Copy link to clipboard
Copied
Hi Mike,
Unfortunately there aren't any programs I could find with similar description nor did not recall installing. Thanks for your help anyway.
Copy link to clipboard
Copied
I'm having this problem as well. As Mike M suggested, I checked my installed software in "Programs and Features" and found nothing I didn't install myself. And I'm also from Brazil and using the same ISP as Topliff, but I don't know if this is related.
Copy link to clipboard
Copied
I did everything that you guys posted, but nothing was happening
so I tried unable my pluggins and solved.
One by one I discovery that my problem was my old Mcafee.
Copy link to clipboard
Copied
Just got for over half an hour with NET Virtua's Tech support trying to explain the case to the attendant, but got no luck in talking to the right department or someone who could understand the matter…
Switching my computer from OpenDNS to NET's DNS back and forth makes the problem appear and disappear. And it seems to appear in different pages each time, so it seems like it substitutes random DNS requests, since some pages that were showing the symptom are not anymore.
So, simply clearing caches would solve the problem for some pages, but it'd reappear in others after some time.
For everyone, I'd suggest switching your computer (or router) to OpenDNS or Google's DNS, and flushing your DNS records so it'll use the new ones in the meantime (clearing the caches, as suggested).
Copy link to clipboard
Copied
I am in Belo Horizonte/MG, Brazil too. I only have the message on my mac book air and only on safari. Chrome and mozila is clean. No other device on the network has the problem. First I thought tha my mac was infected. Tried anti-virus, but no sucess. Searched on the internet, but only found post from the first flashback appearance, on april, 2012. Seens to be a new threat. But at the end, I cleared my cook cache and its solved. No anoying messages. Very strange.