Have you been seeing strange and scary popups on your farm lately about upgrading your version of flash or Microsoft finding malware? These are in fact SCAM VIRUS popups and it is important to never click any of them. We have some tips for you on staying safe and a way to avoid seeing some of them at all. Check out the details below and please do share with friends if you find our post helpful.
Last updated 31st December, 2016
Exactly what are these popups? Well most are a form of Ransomware. They trick people by saying their programs are out of date or they have a virus, and when clicked they install a virus. Then they run fake scans, find fake problems ask for money for a program to remove the problems they themselves caused. These are difficult and time consuming to remove if one infects your system and if you are not super-techy or do not have someone close to you who is, it can be a very expensive process.
Url to Block
Reported by & Thanks to
Please note - these are the urls that have been reported by Ask the Dirt Farmer members on 12/31/16. Blocking those urls with Chrome Nanny should solve the problem. If you are still getting redirects, you can also block all of the below related urls with .*. before them.
For more information on related urls click here and then click "expand" next to "owner"
For URLS like Bounceme that have many different domains, if you do not use any legitimate sites on that domain you can set up a block that looks like this .*.bounceme.net and it will block all urls that match that domain.
If you are having difficulty with myvnc urls coming through despite being blocked Dirt Farmer Dennis has discovered that placing that in a separate line or better yet a separate block set is more effective. These urls are not read properly by the extensions when placed in the same line, but a separate blockset is an effective fix.
Read more from Trendmicro on the first one here. The second one has only people asking for removal help on various product forums, appears to be new. We will update as soon as an antivirus company publishes some details, but better to be safe than sorry.
It is important to never click anywhere on any of them. With some even the X out button will install the virus. To close one, hold down the CTRL, ALT and DELETE buttons on your keyboard at the same time. Choose “Start Task Manager” on the ensuing screen and use the “End Task” function in Task Manager to close the entire browser. If you opt for this method, it is important to click “NO” when you reopen the browser and it asks if you would like your tabs restored.
If you are not comfortable using the CRTL, ALT, DELETE method, you can alternately simply restart your computer.
Note: It is always important to have a good antivirus program installed at all times as well. There are many dangers on the internet, and while it is wise to know some manual methods to combat them, it is also key to have sound overall protection.
Preventing access with Browser Extensions
We have been testing some free browser extensions that have worked out very well for us in blocking many of these dangerous popups. Below we will go through how to obtain, install and utilize these extensions on Chrome or Firefox based browsers. IF YOU OPT TO USE THESE EXTENSIONS MAKE SURE TO READ THE FULL POST AND FOLLOW THE STEPS IN ORDER FOR YOUR CHOSEN BROWSER. THEY WILL NOT BLOCK THE URLS IF YOU DO NOT INPUT ALL REQUIRED SETTINGS.
DISCLAIMER : Using these extensions does not guarantee that you will never see another malware popup on your farm. It is entirely possible that the scammers will add additional urls. It does however mean that you can only see each once. If you get another popup in the future, simply make note of the url before closing and add it to your block set.
NOTE: These extensions use an average of 10MB of memory at all times. If you find that your browser or farm is slowing down after installing and using, you will have to make a personal choice between the additional speed and the extra layer of protection they provide.
For CHROME based browsers
The Extension is Nanny For Google Chrome formerly known as Chrome Nanny, you can install it here. This extension has been tested on and is working on Google Chrome, Comodo Dragon, SRWare Iron and Chrome Canary. It does not appear to be compatible with Opera Next at this time Thank you to Farmer Lindsey V. for letting us know it also works on Torch.
Simply Click the link above and then click “Add To Chrome”
Then click “Add” in the ensuing screen
You will get a popup indicating that Nanny for Google Chrome has been added to Chrome
To access it for setup if you are using Google Chrome, Chrome Canary or SRWare Iron click the 3 lines at upper right of browser then tools then extensions.
To access it for setup if you are using Comodo Dragon click the dragon eye in upper left of browser then tools, then extensions.
On the ensuing page, locate Nanny for Google Chrome, make sure the box next to “enabled” is checked and then click on “Options”
When the settings menu pops up, you have the option to set a name for the block set. I have chosen Malware.
The second step is to enter the urls you wish to block. The malware popups that I have seen on my farm and in screenshots in our groups and from friends so far come from related8.info, plenty8.info and variations of servehttp.com so I have opted to block those.
The third step is to set the block time. It is set in military time and setting it from 0000-2359 will cover 24 hours per day. (Thanks to Farmer Robbin for helping me make sense of military time).
Step 4 is to set the max block time here you would enter 60 minutes per hour to ensure they are ALWAYS blocked.
Step 5 Select the days, check the boxes next to every day.
Step 6 is to click “save url”
You should then see a block set list beneath the option to input new ones.
To make sure your block sets are active at any time click on the Nanny For Google Chrome clock icon in the upper right corner of your browser and check for “URLs blocked now”.
As an example of what to expect, when a malware popup attempts to come through my farm, instead of the fake antivirus that is hard to close and risky, I now simply see this
For Mozilla Firefox based browser users
The extension for Mozilla source code based browsers is Leechblock you can download it here. This extension has been tested and is working on Firefox, Waterfox, Comodo Ice Dragon and Pale Moon.
First click the green “Add to Firefox” button
Then click “Install Now”
Some browsers will require restart before use. If yours does you will see the following in the upper left corner of your browser. Simply click “Restart Now”.
Once you have restarted to access it for set up click on the browser name in the upper left, then click on “add ons”.
In the ensuing screen click on “extensions”.
Then locate Leechblock and click on options.
Choose a name for the block set if you wish.
Enter the urls you wish to block. The malware popups that I have seen on my farm and in screenshots in our groups and from friends so far come from related8.info, plenty8.info and variations of servehttp.com so I have opted to block those. Note that with this program you must list only one url per line.
Then click “Next”
Next you must set the time to block in military time. Entering 0000-2359 here will block for the entire day.
Set your time limit to block after 0 minutes in every hour.
Set when to block as “within time periods or after time limit”.
Check the boxes next to every day for when to block.
Then click next
Leechblock will show it’s default screen to let you know a url has been blocked.
Make sure to check the box for “Actively block pages for these sites after time period entered or time limit exceeded. You do not want them to load after a delay, you want them blocked from your system.
Then Click ok and you are done.
We hope you will find these safety tips helpful. Happy and safe farming!