/MWGG/ MALWAREGATE GENERAL

>same fucking image posted in every thread
try harder

Are you the same idiot who have been making "this is randsomware that will lock both your PC and your phone" threads on Sup Forums? If anyone believes this, they deserve it

Could that have been how it determined which host to use?

So if you saw the ads but didn't click em you're all good right? I remember being confused as fuck when seeing them.

stop shilling mods

nigger that's MY fucking screen shot.

There's LITERALLY nothing wrong wit a website owner trying to get money back from leechers.

sorry user but fuck shills

Fuck yourself I created the first thread on this topic, i'm the OP.

you can do so by advertising without malicious bullshit

So wtf is amgload.net, piguiqproxy.com, and smcheck.org?

Just to prove it, here is the thread from the other morning.

Just look at file names.

...

ad companies

>more than 24 hours are pass
>no one knows what those domains are
>no a serious report of threat besides a bait-style black screen with cyrillic char
>several fearmorging user

>hiro still silent

fearmongering faggot looking for (you)s
even if the whole deal is malicious it's NOWHERE as near as competent as he claims

Hiro still pretends he doesn't know English

Who cares, he's a cute anime bunny girl!

I'm mildly concerned the new java sources aren't even appearing in noscript today.

I cannot get this site to display properly even after purging my uBlock Origin filters and updating or manually adding that line from that original thread to my filters.

Send help please.

Has anyone made a pasta for tech illiterates about how to stop the malicious code from running?

...

Too good. Ignore what I was trying to say though, follow this.

rbt.asia/g/thread/63902030

This doesn't work for me. Catalog has always worked but the view in threads is still fucked. I've checked the 'uBlock filters' list and that line is literally already in there.

Why is it still not displaying right FUCK

I just went onto another board and it's back despite all the fixes from yesterday. It's not working on this board but it did on Sup Forums. However the image captcha is showing dead images now, but not always.

I mean that the sketchy javascript is working on Sup Forums but not on here.

Sup Forums is a literal coin mining botnet powered by subhumans LMFAO

what does xhr mean?
i have umatrix but its still a little confusing to me

Clear beowser cache? Make sure the urls are not in your hostname file

Well even according to the most safe methods currently, I found out you have to enable XHR for that one thing.

Per Google, "XMLHttpRequest (XHR) is an API in the form of an object whose methods transfer data between a web browser and a web server. The object is provided by the browser's JavaScript environment."

In other words it's just the main way java scripts are loaded. In this example the randomly rotating scripts we don't fucking know what the fuck Hiro is doing even.

ah ok
thanks user

>being this desperate for e-fame
>on anonymous reddit 2.0

i'm still getting intermittent page breaking. ublock and matrix block everything like they're supposed to do and Sup Forums goes to plaintext display then i have to refresh to fix it.

Starting to notice after adding
"*.mgid.com" to "Sup Forums.org##script:inject(abort-current-inline-script.js, String.fromCharCode)"
in uBlock filters for the adware injection, that I'm getting the similar "Line 1 > Function 1" when this ordeal started. I think this is also causing Firefox's CPU usage to go up and down. I have the miner blocking list set up in uBlock, too. What is causing this?

Yep. Here by the way is the exact minimum combo I settled on. I think the media square is strictly optional for your Merry Christmases and whatnot. (if Sup Forums does gay music, etc.)

I don't think you need s.4cdn.org scripts.

>I'm getting the similar "Line 1 > Function 1" when this ordeal started

What is that you are referring to, and how can I check for it?

this is working great for me
images still dont open so i have to open them in a new window but thats ok
thanks user

You might be right. I wonder what those are even.

>images still dont open

That's weird. Try Sup Forums X because they seem to be working normally under it.

i do have Sup Forums x
some images open but most dont, same with webms
shits just really unstable at the moment

When this had all started (and before I found out on here on how to fix this all) when experiencing scrolling down would cause a crash, it would crash my browser. Catalog or sometimes a thread would then freeze up, unfreeze, then give me the unresponsive script dialogue window. It's the " Line 1 > Function 1 is runresponsive. Debug Script, Stop Script". While this had stopped for the past few days after fixing, I added "*mgid.com*" to the end of the filter recently and the page freezing didn't show up as often but I did experience the same dialog box twice just a few minutes ago.
Just now, I added
amgload.net/*
piguiqproxy.com/*
smcheck.org/*
to my filter list, and it seems to be working fine for now.

sage for double post
I'm not sure how to exactly check for it on purpose, as it only shows up should a page cause the browser to become unresponsive for a few seconds.

wait never mind i figured it out
i have ublock set to block large media elements
damn i so dumb

daily reminder that GOOKMOOT DID NOTHING WRONG

On a side note, you may still want to manually update to 1.13.15 if you haven't.

github.com/ccd0/Sup Forums-x/blob/master/CHANGELOG.md

How strange. This is my current line, not sure if it's good, bad or same. Sounds like you had this before.

boards.Sup Forums.org##script:inject(abort-current-inline-script.js,String.fromCharCode)*.mgid.com

Oh hey, you need s.4cdn.org scripts to use the Catalog sometimes.

Has anyone deobfuscated it yet or shall I?

Please do.

>How strange. This is my current line, not sure if it's good, bad or same. Sounds like you had this before.
Yeah, our script is identical, I just don't have boards at the start of the Sup Forums link.
I'm also using it in conjunction with this newer userscript found here.
rbt.asia/g/thread/63902030
It seems to be working a lot smoother now, I am bummed that the new script some guy made on /qa/ I believe that bruteforces captcha stopped working a few hours ago.

>block domains
>pages keep breaking
>change to Tomorrow theme
>pages stop breaking

Explain

>change to Tomorrow theme
So that's why nothing is breaking for me.

see

Coincidence. I always use tomorrow theme and yesterday I got a broken white page and after some reloading the page started loading properly again. But other threads were still getting the broken white page. If your uBlock still shows any of those 3 domains being blocked, then you are just on a lucky streak with the pages not breaking. If you don't see those 3 domains at all anymore in the ublock UI, then your filter lists got updated and the domains are prevented from loading at all.

Was there any progress from yesterday? I followed the speculation for a few hours but after that I just stayed away from Sup Forums. I'm using uBlock, uMatrix or noscript but I still don't really feel comfortable to browse Sup Forums as normal. If I disable my uBlock the page layout breaks and the malicious urls show up on uMatrix so it's kinda spooky.

Oh thank god, I was just coming to terms with just how sleazy this shit was.

pastebin.com/sFLqkQpE

Here's the beautified code for all my hackers. Let's see if we can make any sense out of this.

So was the cryllic ransomware image just a meme or was it for real.
Also, can someone explain to a retard what this argon.js thing is and how to tell if I've contracted the germ

Back to That guy is working on a commented page with it all.
It's a real pain in the ass to try and deobfuscate because everything is variables, variables in variables, mangled variables that go through functions to demangle and rearrange them.
Finding the end points is kinda difficult.

He just posted the gitlab.

Requesting a good anti miner addon for chromium shit

LMAO I'm telling all my discord friends rn oh my goodness LMFAO

>Phoneposting because living out of a hotel, Alan Partridge-style
>Even while charging, battery value goes down when lurking here.
>I thought it's because the battery was quite old, as Jew Lizards from Outer Space were stealing ions from it using nano-magnets with a UNIX shell
>Turns out an island Chinaman realised moot fucked him over with the sale of an unprofitable website and started mining BitDinars as a way to consolidate losses

Were two nukes enough?

noticed huge battery drainage recently this past month, now I know why

fuck this place then, back to reading boring ass books on my breaks

Yet another reason why this "honorary Aryan" shit needs to stop.

Disable javascript on your phone browser. The loss of functionality is minimal, and the gains in sanity are more than worth it.

>i'm okay with people using my hardware and gaining money from it without my consent or me gaining anything
w e w

This shite is ekans well over again.

I don't see the scripts blocked in my umatrix or ublock though. Why aren't they listed at all?

Use the clover app so the yellow chink cannot Jew us

>I don't see the scripts blocked in my umatrix or ublock though. Why aren't they listed at all?

the last version of easylist is blocking the inline script loading those third-party scripts

someone in another thread posted to add this to ublock origin "my filter" area

can you Sup Forums smart computer guys verify if it is really to protect, someone mentioned it was a virus

The image is legit advice if that's what you're asking, it's been shared around here for days now and was one of the first sources we even knew there was an issue to begin with.
Apply the filter in uBlock and you'll be safe.

Strange, but I don't have any CPU usage increase, even though the script does seem to load.

The image is gay and here's why:
>discord
>trolling normies into panic
>doesn't know what the code does because obfuscated
>knows what the code does
>filter copy pasted from gorhill update
>advising to add the filter manually instead of just updating ublock

tech illiterate here. have question:
would it be possible to edit the host file of my winblows so the name resolution gives localhost back? like malicious.ad.script.shitfromhiro.kawaii 127.0.0.1 ?
i mean, whether obfuscated or not, if le brõwser asks the os to resolve a name you can provide a false, right?

cont.
if the urls are obfuscated i can use the dev tools from the brõwser to see which connections the js tries to connect.

Yes you could use your windows host file to block the websites, but like using host files on any other OS, it's just too much of a hassle compared to using an adblocker. You're very limited from the use of a host file, if I recall you can only block specific IPs not entire domains or IP ranges like ublock origin can. Someone correct me if I'm wrong about host files.

If I'm understanding this correctly, code built into the web page will fuck that page up if the remote script fails to load (because the host resolves to 127.0.0.1)

>the domains disappeared from my uMatrix
I-I'm scared lads

I can't fucking believe this shit.

Easiest fix here. I'm just going to stop using Sup Forums.

Bye!

thx. how does ublock blocks the traffic? is it removing the js?

not necessaeily. i'll try it out later. i'm currently on my phone.

One of the uBlock filters stops the code that connects to them from executing.

The image source (Anuld) predates Gorhill, so understandably the reason it doesn't say anything abut updating uBlock was because that wasn't included yet.
Even if it's easier to protect yourself now the information in it is still accurate to the time, plus it's not as if most people keep on top of all the developments so it's a good notifier for people out of the loop to do something about it.

You block domains. That's it. You can't block URLs. You can block website.com, and that blocks every URL pointing to website.com. Adblock lets you specific URLs, like block website.com/nastyad.jpg, but let everything else from website.com through.

That's good to know, seems like some filter list got updated

>e-fame.

Nigger are you an idiot? The OP of this thread is being retarded and making up bullshit about it being a cryptominer or other non-sense to scare babies, and worse he's posting my screenshots as "proof".

So no, i'm not looking for e-fame you double nigger faggot, i'm calling out OP for being a lying sack of shit and trying to make people think this is somehow malware, or cryptominers, or ransomeware. It doesn't do a god damn thing like that, and using MY screen shots for his "proof" is just retardation when I can post the originals with the original file names since IM the one who created them.

MALWAREGATE

like for real now LOL