everythingunderthemoon.net

Dose anyone know about:

everythingunderthemoon.net

Yesterday It began appearing in Forum I am a member of asking for a name and password.

http://i38.photobucket.com/albums/e106/DunEideann/warn.jpg

ANYONE?

It is a witchcraft site for spells and potions

Google told me that as well, the problem comes in that I was never a member of the site.

Also:

An Avast scan did not pick it up
Search and destroy didn’t
Neither did Ad-Aware

Yet it appears on every forum.

I found no new files installing it or where it was installed.

You are seeing that on every forum, even here. Or is it just selected forums ?

Thank you for responding.

Great question

It appeared on invisionfree forums, mainly. I finally got rid of it by a File search and removed files with everythingunderthemoon.net in it. These were all Temp files. I also cleaned my register and used IE7 Internet Options to remove files.

The last was to block the address in the Firewall.

Now other members of the forum are saying they are getting the same thing. Chances are they have not visited the same places I did. Or have the same software so it is coming from somewhere.

I was hoping that Avast would have some ideas on what this is and how it just suddenly appeared.

I am certain others are experiencing the same thing. You know maybe an Ounce of prevention.

Sounds like it has snuck into those forums as a Java script or embeded in the pages as a popup

Well the site checks out in siteadvisor http://www.siteadvisor.com/sites/everythingunderthemoon.net though why it would be being linked to in this underhand way.

DavidR - Thank you that link was very interesting! I see that googlesyndication.com is part of their web ring. The InvisionFree forum I have (the one with the problem) uses GoogleAds, which I believe is interconnected. I have sent an inquiry, to them to ask them if others had the same problem. I hope I do not grow too Old before I receive their reply. I actually expect little from them.

My next step is to contact InvisionFree, they are iffy at times.

essexboy - Yes java scripting is the method used to select and present the AD’s that are presented into the forum due to contractual agreements. I agree that Scripting had a part to play in this problem. That would explain why it does not show up as malware and disappears once the caches are cleared.

Once again thank you so much for your assistance. When and if I find the cause and/or cure, I shall post it here.