Yesterday, I was going to jonnyguru to check some power supply reviews and accidentally typed johnnyguru.com and was greeted with malware ads.
I quickly exited Chrome and then tried the Avast Safezone browser with the same results.
All seemed fine, but today Chrome won’t open at all. I then tun Avast with no reports of anything bad. I decided to download Malwarebytes Anti-Malware and it found over 300 PUPs. I then wondered about Avast not finding them and quickly found it wasn’t enabled in setting. After enabling and reboot and rescan it found no issues.
So, I’m reporting johnnyguru.com is a bad site and seems to install malware automatically… I’m not sure what you guys can do about it. But I thought I’d bring up my experience.
I couldn’t find anything malicious…
If the ads are installing anything without user’s content, I will be happy to block them
Do you have scanning for PUPs enabled in Avast?
The iFrame in the code has been blocked as hxxp://quickdomainfwd.com/?dn=johnnyguru.com&pid=9PO755G95
an ad- and tracking service that we like to block with any adblocker: hxtp://quickdomainfwd.com
script
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: missing ) in parenthetical: *
error: line:3: t?(n=g,o=g.documentElement,e=g.defaultView,e&&e!==e.top&&(e.addEventListener?e.addEventListener("unload",ea,!1):e.attachEvent&&e.attachEvent("onunload",ea)),p=!f(g),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.ge
error: line:3: ...........................................................^
Output of the server is invalid, caused by a typo in string concatenation, often this is a missing + (info credits StackOverflow’s przemo_li).
May reveal innerHTML …localhost:/js, or the odd one out: localhost/js will kick up errors.