VideoHelp Forum
+ Reply to Thread
Results 1 to 15 of 15
Thread
  1. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    Have been using them regularly for many years, but think I may have run into some browser hijacking / persistent popup site boxes yesterday: something_fresh_something, or Yourfresh_something (?) (I didn't make good note of it at the time.) In the past, I was always able to evade that sort of stuff there, but that was with a different browser that has NoScript to the hilt.

    Anyone else run into this ? For sure, you need to be careful what you give permissions to over there. I'd defer to one of the other subs sites, but -- unfortunately -- they have long been King of the Hill for clear reasons.
    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  
  2. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    O.K., here it is and it's back . . . after I ran a couple sweeps with Windows Defender AV (not a particularly good AV, btw), one of them an Offline scan, plus one by Malwarebytes, and a run of Ccleaner just in case that was of any use. You'll see it -- Yourfreshposts.com -- in the attached pic, lower right corner. Have to do some research to see where this lives, and how the hell to get rid of it. Possibly that whole 6 or 8 step rigamarole with Hitman, etc. Something else may have knocked out all the sound on this computer, as well.
    Image Attached Thumbnails Click image for larger version

Name:	Browser invader -- hijacker.jpg
Views:	59
Size:	55.0 KB
ID:	56139  

    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  
  3. Member
    Join Date
    Mar 2008
    Location
    United States
    Search Comp PM
    That looks like a scam security alert to me.
    Try Adwcleaner:
    https://www.malwarebytes.com/adwcleaner/
    Quote Quote  
  4. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Originally Posted by Seeker47 View Post
    O.K., here it is and it's back . . . after I ran a couple sweeps with Windows Defender AV (not a particularly good AV, btw), one of them an Offline scan, plus one by Malwarebytes, and a run of Ccleaner just in case that was of any use. You'll see it -- Yourfreshposts.com -- in the attached pic, lower right corner. Have to do some research to see where this lives, and how the hell to get rid of it. Possibly that whole 6 or 8 step rigamarole with Hitman, etc. Something else may have knocked out all the sound on this computer, as well.
    see here https://www.youtube.com/watch?v=F0CAMmZ6gtY
    go to settings - site settings - notifications, delete the your fresh posts from the list.
    Last edited by october262; 8th Dec 2020 at 02:43.
    Quote Quote  
  5. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    Originally Posted by october262 View Post
    Originally Posted by Seeker47 View Post
    O.K., here it is and it's back . . . after I ran a couple sweeps with Windows Defender AV (not a particularly good AV, btw), one of them an Offline scan, plus one by Malwarebytes, and a run of Ccleaner just in case that was of any use. You'll see it -- Yourfreshposts.com -- in the attached pic, lower right corner. Have to do some research to see where this lives, and how the hell to get rid of it. Possibly that whole 6 or 8 step rigamarole with Hitman, etc. Something else may have knocked out all the sound on this computer, as well.
    see here https://www.youtube.com/watch?v=F0CAMmZ6gtY
    go to settings - site settings - notifications, delete the your fresh posts from the list.
    Thanks to all for your replies.
    That YT video refers to the Mac, but I'm strictly Windows PCs here.
    I've used adwcleaner years ago on other PCs, will try it again. The browser in question (Opera) is a portable version, which may present some special issues. [Windows is minimally aware of portable programs.]

    Yourfreshposts does not seem to be an accessible Extension or Plugin that could be deleted. (Firefox had both Extensions and Plugins, but Opera only seems to have the former.)
    I turned OFF every access feature I could find in Opera Settings for Yourfreshposts -- see the next attached pic -- which seems to be noticeably helping, but so far I wasn't able to remove the listing of it entirely.

    Image
    [Attachment 56147 - Click to enlarge]


    If possible, I'd like to avoid having to replace the browser, or -- much more drastically -- to have to roll back the entire Win-10 to the last partition image, which is from November something.

    Opera had climbed to becoming my favorite browser, after I did not like a lot of changes that were instituted in FireFox awhile back. I am aware that Opera is generally based on Chrome. Wouldn't use Chrome itself, as I never liked the design and have little trust in Google. But then in doing some more research this morning, I find that Opera was purchased by a Chinese consortium in 2016 . . . although it is said to be based in Norway and operating under Norwegian law. I may have to revisit this whole subject of what is today a secure and trustworthy browser, if there is such a thing. Trust is a hard thing to come by these days, and for example I have never gone in for any online banking.

    It's a real shame that Opensubtitles now misleads you into having to to click on something dodgy like this, under the pretense that you won't get the access you need without it. Still, my bad for not being more vigilant.

    [It turns out that the sound problem I referenced is unrelated to any of the above. The primary sound port outbound to the speakers on this computer may be flakey. After a couple days of no sound, I replugged several times and jiggled the connector around, and sound has returned -- for now. A good thing, because editing or playing video is halfway to useless without the sound.]
    Last edited by Seeker47; 8th Dec 2020 at 13:48.
    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  
  6. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Originally Posted by Seeker47 View Post
    Originally Posted by october262 View Post
    Originally Posted by Seeker47 View Post
    O.K., here it is and it's back . . . after I ran a couple sweeps with Windows Defender AV (not a particularly good AV, btw), one of them an Offline scan, plus one by Malwarebytes, and a run of Ccleaner just in case that was of any use. You'll see it -- Yourfreshposts.com -- in the attached pic, lower right corner. Have to do some research to see where this lives, and how the hell to get rid of it. Possibly that whole 6 or 8 step rigamarole with Hitman, etc. Something else may have knocked out all the sound on this computer, as well.
    see here https://www.youtube.com/watch?v=F0CAMmZ6gtY
    go to settings - site settings - notifications, delete the your fresh posts from the list.
    Thanks to all for your replies.
    That YT video refers to the Mac, but I'm strictly Windows PCs here.
    I've used adwcleaner years ago on other PCs, will try it again. The browser in question (Opera) is a portable version, which may present some special issues. [Windows is minimally aware of portable programs.]

    Yourfreshposts does not seem to be an accessible Extension or Plugin that could be deleted. (Firefox had both Extensions and Plugins, but Opera only seems to have the former.)
    I turned OFF every access feature I could find in Opera Settings for Yourfreshposts -- see the next attached pic -- which seems to be noticeably helping, but so far I wasn't able to remove the listing of it entirely.

    Image
    [Attachment 56147 - Click to enlarge]


    If possible, I'd like to avoid having to replace the browser, or -- much more drastically -- to have to roll back the entire Win-10 to the last partition image, which is from November something.

    Opera had climbed to becoming my favorite browser, after I did not like a lot of changes that were instituted in FireFox awhile back. I am aware that Opera is generally based on Chrome. Wouldn't use Chrome itself, as I never liked the design and have little trust in Google. But then in doing some more research this morning, I find that Opera was purchased by a Chinese consortium in 2016 . . . although it is said to be based in Norway and operating under Norwegian law. I may have to revisit this whole subject of what is today a secure and trustworthy browser, if there is such a thing. Trust is a hard thing to come by these days, and for example I have never gone in for any online banking.

    It's a real shame that Opensubtitles now misleads you into having to to click on something dodgy like this, under the pretense that you won't get the access you need without it. Still, my bad for not being more vigilant.

    [It turns out that the sound problem I referenced is unrelated to any of the above. The primary sound port outbound to the speakers on this computer may be flakey. After a couple days of no sound, I replugged several times and jiggled the connector around, and sound has returned -- for now. A good thing, because editing or playing video is halfway to useless without the sound.]
    try this next -
    Press and hold Windows key Windows key and hit X key.
    Select Apps and Features from the menu.
    Optional: click on Sort by: above the list of programs and select Install date.
    Select a program you wish to uninstall.
    Click Uninstall.

    you may have it installed on your computer - https://www.computips.org/remove-myfreshposts-com/
    Quote Quote  
  7. Originally Posted by Seeker47 View Post
    Have been using them regularly for many years, but think I may have run into some browser hijacking / persistent popup site boxes yesterday: something_fresh_something, or Yourfresh_something (?) (I didn't make good note of it at the time.) In the past, I was always able to evade that sort of stuff there, but that was with a different browser that has NoScript to the hilt.

    Anyone else run into this ? For sure, you need to be careful what you give permissions to over there. I'd defer to one of the other subs sites, but -- unfortunately -- they have long been King of the Hill for clear reasons.
    I have had trouble on open subtitles too my AV blocks it. see attached

    It came from https://in-page-push.com 139.45.197.15,443

    Adding in-page-push.com to host files seems to have stopped it
    Image Attached Images  
    Last edited by David Banner; 26th Feb 2021 at 10:50.
    Quote Quote  
  8. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    After my unpleasant encounter, I tried a whole litany of AV products -- Hitman Pro, Unhack Me, etc. etc. -- and nothing has been able to purge that malware's continued presence in this browser. I may have to remove and reinstall the browser, which in this case will be a pain because of Opera's encrypted linking of certain key files to a particular computer (as a security measure), making transfers a lot of extra work unless you make use of their cloud sync feature -- which I refuse to do. I could not find any wider evidence of the YourFreshPosts infection, such as in the Win Registry, so I hope it was limited to affecting that single browser. Anyway, this run-in has undermined any faith I had in Opensubtitles, and I'm now deferring to Subscene first. I'll check out that hosts file measure, but I'd now limit any visits to Opensubtitles to a different browser that is equipped with the NoScript extension, which provides a fine-grain control over what webpage elements are allowed to load. (I don't think Opera supports NoScript . . . . ) It might also be useful to obtain the IP address for YFP and anything related to it, for addition to the hosts file. Of course, that may not be an ironclad approach, as I understand that Win 10 ignores the hosts file as regards its own updates, so it seems very possible that malicious hackers have also mastered avoiding that particular blocking trick.
    Last edited by Seeker47; 26th Feb 2021 at 12:21.
    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  
  9. Originally Posted by Seeker47 View Post
    After my unpleasant encounter, I tried a whole litany of AV products -- Hitman Pro, Unhack Me, etc. etc. -- and nothing has been able to purge that malware's continued presence in this browser. I may have to remove and reinstall the browser, which in this case will be a pain because of Opera's encrypted linking of certain key files to a particular computer (as a security measure), making transfers a lot of extra work unless you make use of their cloud sync feature -- which I refuse to do. I could not find any wider evidence of the YourFreshPosts infection, such as in the Win Registry, so I hope it was limited to affecting that single browser. Anyway, this run-in has undermined any faith I had in Opensubtitles, and I'm now deferring to Subscene first. I'll check out that hosts file measure, but I'd now limit any visits to Opensubtitles to a different browser that is equipped with the NoScript extension, which provides a fine-grain control over what webpage elements are allowed to load. (I don't think Opera supports NoScript . . . . ) It might also be useful to obtain the IP address for YFP and anything related to it, for addition to the hosts file. Of course, that may not be an ironclad approach, as I understand that Win 10 ignores the hosts file as regards its own updates, so it seems very possible that malicious hackers have also mastered avoiding that particular blocking trick.
    I stay away from Open as much as possible too. I use Firefox and I don't know Opera. I have had that block and warning from other sites too. NAV always blocks it.

    When you say "nothing has been able to purge that malware's continued presence in this browser" do you see it all the time or how do you know it's there?
    Quote Quote  
  10. Unfortunately, this nonsense plagues nearly all subtitle sites to varying degrees for varying periods of time. It seems all of them either get infected by or intentionally allow nefarious actors with shady spam ads. OpenSubtitles and SubScene trace a majority of their offerings to the Addic7ed subtitle origination site. Addic7ed usually posts new subs first, followed by the other two, except in cases of extremely arcane titles or languages that appear exclusively on OpenSubtitles. Addic7ed itself cycles from malware-free to typical amounts of garbage to utterly infested to the site being completely dysfunctional several times a year. OpenSubtitles is more unpredictable, SubScene is consistently the cleanest of the three by far but does stumble occasionally.

    The only sure crap-avoidance workaround I've found is to access these sites with an old cheap Mac, or a WinPC loaded with brute-force commercial AV like Norton. Its helpful to have a spare cheap "disposable" PC or Mac dedicated solely to surfing such sites: keeps them totally isolated from your primary computer. Wiping or disinfecting a spare that has no other function beyond surfing risky sites is a lot less trouble than cleaning up my primary, esp in the middle of an important project.
    Quote Quote  
  11. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    Originally Posted by orsetto View Post
    Unfortunately, this nonsense plagues nearly all subtitle sites to varying degrees for varying periods of time. It seems all of them either get infected by or intentionally allow nefarious actors with shady spam ads. OpenSubtitles and SubScene trace a majority of their offerings to the Addic7ed subtitle origination site. Addic7ed usually posts new subs first, followed by the other two, except in cases of extremely arcane titles or languages that appear exclusively on OpenSubtitles. Addic7ed itself cycles from malware-free to typical amounts of garbage to utterly infested to the site being completely dysfunctional several times a year. OpenSubtitles is more unpredictable, SubScene is consistently the cleanest of the three by far but does stumble occasionally.

    The only sure crap-avoidance workaround I've found is to access these sites with an old cheap Mac, or a WinPC loaded with brute-force commercial AV like Norton. Its helpful to have a spare cheap "disposable" PC or Mac dedicated solely to surfing such sites: keeps them totally isolated from your primary computer. Wiping or disinfecting a spare that has no other function beyond surfing risky sites is a lot less trouble than cleaning up my primary, esp in the middle of an important project.
    Some good ideas here. I'm wondering how resistant to this sort of crap Linux might be ? (Haven't gotten far enough in selecting and setting up the right distro to explore this yet, but it's coming.) When I've had sufficient reason to web-surf in "shark infested waters", my favored method has been to fire up a live diagnostic & rescue disk, which is Win PE + some DOS + some Linux items (the one in particular that I prefer for the last couple years being those ~ 3 or 4 per year ones released by Strelec), with no HDD connected. In that scenario, there is probably no malware in the world that can touch you . . . unless someone has some means of damaging computer hardware remotely, which if such a thing is even possible would be in the realm of the CIA or GRU. Everything that occurred in this online session ceases to exist once you turn the computer off. If you needed to save something from that session, an attached USB stick would do just fine. Just be careful where you connect the stick after that.

    But I do have spare rigs at my disposal, so orsetto's suggested option would be very much on the table.

    I think what I ran into has to be quite damaging to the reputation of Opensubtitles, if it is not at all an isolated incident.

    Say, orsetto -- have you ever taken an "only available in the wrong language" SRT file and tried to convert it to English with Google Translate, or some other tool ? There are a few cases where I might have to attempt that. Google Translate is often still not what I'd call good, but it has improved considerably over the years -- depending on what the 'From' and what the 'To' languages happen to be. (Japanese to English is still pretty hilarious, though not in a good way.) GT still forces you to work in small-ish blocks of text, so that would become fairly tedious. Preserving and lining up the timecodes will also involve a hassle. There was some software program I saw making the rounds recently that claimed to do such a job in one fell swoop, but it relied upon some cloud service with annoying registration requirements, and it sounded like it could be kinda flakey.
    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  
  12. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    Originally Posted by David Banner View Post

    I stay away from Open as much as possible too. I use Firefox and I don't know Opera. I have had that block and warning from other sites too. NAV always blocks it.

    When you say "nothing has been able to purge that malware's continued presence in this browser" do you see it all the time or how do you know it's there?
    See "Attachment 56147" in Post #5 of this thread. The fact that it (YFP) is still listed in that part of Settings I am taking as evidence of some continued presence. It may be hobbled from doing anything harmful (that I can detect), but it's still there. And there does not seem to be any way of getting rid of it completely, short of zapping the browser and reinstalling it from scratch.
    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  
  13. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Originally Posted by Seeker47 View Post
    Originally Posted by David Banner View Post

    I stay away from Open as much as possible too. I use Firefox and I don't know Opera. I have had that block and warning from other sites too. NAV always blocks it.

    When you say "nothing has been able to purge that malware's continued presence in this browser" do you see it all the time or how do you know it's there?
    See "Attachment 56147" in Post #5 of this thread. The fact that it (YFP) is still listed in that part of Settings I am taking as evidence of some continued presence. It may be hobbled from doing anything harmful (that I can detect), but it's still there. And there does not seem to be any way of getting rid of it completely, short of zapping the browser and reinstalling it from scratch.
    have you tried using the brave web browser with it's built in ad blocker ??
    Quote Quote  
  14. Disable javascript. No more problems with that site.
    Quote Quote  
  15. Member Seeker47's Avatar
    Join Date
    Jul 2005
    Location
    drifting, somewhere on the Sea of Cynicism
    Search Comp PM
    Originally Posted by october262 View Post

    have you tried using the brave web browser with it's built in ad blocker ??
    Not yet, but it's been on my 'Try' List. Opera has had a built in ad blocker, probably from well before Brave debuted. It failed to stop this YFP thing though. (Ad blocker is not really the same thing as a Javascript blocker.) The presence of any ad blocker solution -- even if temporarily disabled -- causes quite a few (legit) websites to withdraw the welcome mat, and refuse to serve you up their content. I think BusinessInsider might be such an example, but in any case I run into this regularly. The more polite or reasonable sites just ask you to Whitelist them. And a lot of basic site functionality is dependent upon Javascript working. I will again look into what extensions similar to NoScript might be available for Opera. I do typically have 4 browsers on hand, per computer, and am not averse to adding another.
    When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
    Quote Quote  



Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!