I dont know anymore Sup Forums, Im too scared to think straight and I want only to hide somewhere deep and cry.
If I wouldnt visit Sup Forums, I wouldnt notice a thing - everything was working normally, no ads were showing and everything. But I did, two days ago and since then I have trouble sleeping, my blood pressure is constantly elevated, I lost apetite and my pulse stays around 90-110.
I did few scans, didnt notice anything suspicious in cpu/gpu activity, no signs of files modification that people reported were made, the only unwanted blocked script, according to ublock is related to adglare.net but Im still scared and litteraly can sit in front of monitor and watch processes running, still afraid that there might be something. One people say that its just anti-adblocker, others that it runs ads without clicking them, others that it download ransomware and trojans, others that nobody yet knows because the only person who work on it didnt found anything yet. But Im still scared.
You have to understand, my PC is like extension of myself, like part of my own body. Whenever it gets sick, I get sick with it - at least getting fever, sometimes worse. My very private place. And Sup Forums is the only social contact I have. Im sitting on several boards, talking and discussing - I desperately dont want to lose it.
Why with every year, with every day, more and more people are against me? Why I have to constantly defend myself? Why I cant go back to having 14 years old and laughing at memes, actually using internet instead of being afraid to open news site?
Run a nntpchan node and join us. Unless you're some weeb shitposter, you should be able to figure it out.
Angel Campbell
ur fine if u have no ads and can post normal
Gavin Clark
Whatever happens user, I love you.
Camden Bailey
I dont know whats "nntpchan node". Could you provide some links or something?
>Melodramatic fuck
But its real for me. Thats how I feel. And I dont even know whats shitposting, whats true, whats fearmonglering and whats damage control anymore.
I guess I should. There are other reasons as well, including inability to talk to people out of fear of judgment and that I will ruin everything by simple mistakes.
But why are you typing it in chinese?
Isaiah Bennett
Thank you. It actually means a lot for me.
I dont have any ads and even captcha is working normally, both legacy and new one.
Nathaniel Perry
Sadly, turns out to be Linux only...
Jose Cox
I´ve no idea what´s going on.
I left for like one week because of work and shit hits the fan when i come back.
>I did few scans, didnt notice anything suspicious in cpu/gpu activity, no signs of files modification that people reported were made You fell for the fearmongering. It's just ads that try really hard to bypass adblockers. It won't (and can't) infect your computer. Stop scanning your pc and spam Hiro's twitter instead.
Jeremiah Roberts
This is confirmed bullshit though.
Luke Flores
How so?
Isaac Watson
Thanks for the post, very interesting, please keep me updated
Aaron Peterson
>verifiable fact is bullshit gaijin! >my code is folded over a thousand times! >I am happy that there are no stupid Sup Forums users, you're not a stupid Sup Forums user are you user?
Hunter Martinez
>japanese code, folden thousand times, cut through adblockers like steel through butter, filthy gaijin go homu
For the first time today, I actually laughed. Thank you.
Connor Reyes
Its not funny.
Would that work, however? Is there a chance that this guy will respond before Christmas?
Carter Davis
Because otherwise it would mean Hiro had exclusive access to the most dangerous day zero browser vulnearability in the last 10 or so years. A script that could bypass adblockers, affected every single browser equally and was able to download and execute a file without the user ever having to click anything or noticing anything. Something tells me that is not the case.
Grayson Powell
Hiro likes to feign ignorance whenever accused of wrongdoing
Nolan Hall
go to therapy your life sounds unmanageable
Jordan Price
Doesn't change the fact that it's ridiculous to assume Hiro alone has had access to an unheard of browser vulnearability that would be dangerous enough to make worldwide news and make Microsoft, Google and Mozilla shit their pants and work 24/7 for immediate security updates.
Levi Harris
...
Zachary Hughes
Im in the process if looking for therapist but they all cost too much for my income...
Nathan Ramirez
I looked into this for like 2 mins and I don't wanna use tor or whatever the hell i2p was meant to be just for what must be a pretty fucking shady image board. So there.
Aaron Martin
OP there is no great threat your Chan's are safe but I worry that you feel that's all you have go read a book or see some live music
Cameron Roberts
Maybe complete break off Sup Forums will be good idea after all...
So cute.
Lincoln Sanchez
>Sadly Meant to say: Fortunately
Brayden Watson
this guy knows. the biggest and best zero day vulnerability in javascript would not be employed on one of the most popular websites by the owner. what you see here is Sup Forums fear mongering. There isn't any proof it did anything malicious
Dominic Murphy
But why Sup Forums?
Samuel Richardson
>what you see here is Sup Forums fear mongering. The scripts used were written by an Antifa member, to collect data on Sup Forums raycis. Sup Forums is being hunted and the reward goes to Mook. I seen the evidence on rebbit.
Andrew Hernandez
Hello OP. I know how you feel, I feel the same. Some rough stuff in life has been making me paranoid about stuff, including this. I also google every single process that shows up and almost shit my pants if my pc wakes from sleep. Its paranoia, and its not healthy. Try practicing playing an instrument, going for a run or just talking to whoever if you can. It gets better Cheers.
Carson Wright
the first thread from Sup Forums was cross posted straight onto Sup Forums and you know how retarded everyone has gotten ever there. with their ecelebs and Q user bullshit they're basically /x/ 2.0 and they bought in on this entire 'hiroshimoot is trying to sell your personal data' shit
Colton Carter
I actually started to practice photography and a little of bit of drawing as part of self inflicted therapy.
So it everything was just spiraled panic made by people who didnt really knew what they talk about?
John Allen
Was that panic really for nothing? Except pushing more annoying ads than before?
Brody Reyes
People accept the botnet/malware like they usual do. Yesterday 10 threads, today 2 tomorrow none.
Jason Ortiz
>seen
Charles Gutierrez
>So it everything was just spiraled panic made by people who didnt really knew what they talk about? Wouldn't be there first time. Ever watch a mainstream news channel? Humans are comically predictable sheep.
Cooper Murphy
If such evidence exists, then post it here user
Kayden Martin
So is there malware? Because I've been on Sup Forums for ten fucking years and I've never gotten a virus from it. Hello I haven't had malware on my PC in several years. I'm going to be extremely pissed if I suddenly have to worry about Sup Forums infecting my PC, because although I might be able to fucking handle it, my friends and family that use the site sure as hell can't and I'll be damned if I'm going to go around fixing everyone's shit because of this website.
Chase Rogers
I think he was joking.
Jayden Thompson
Fuck me is there malware or not
Connor Evans
There was literally 2 huge threads about it this week. Check the Archive.
Carson Diaz
So it everything was just spiraled panic made by people who didnt really knew what they talk about?
>omg sopa guise, it's over >nothing happens
>omg net nutrality guise, it's over >nothing happens
>omg guise gookt virus >nothing happens
>omg guise amd is dead >nothing happens
You tell me.
Mason Edwards
Install Gentoo.
Ethan Bell
The malware thing is legit though. Whether or not it's intentional on hiros part is up for debate, but whatever shit he's got that's bypassing adblockers is infecting computers with shit
Matthew Hernandez
By design. Every time windows comes up here it's facebook frog posters telling everyone about how much work they have to do and linux interferes with it, while posting on Sup Forums on a weekday at 2 PM EST.
Jack Long
Browse using a BSD VM. Not hard.
Jordan Brown
Or just use a phone. Phone poster Master race
Noah Wood
I'm not gonna make a whole story of this but seriously dude just get a second computer
You don't need fuck all on a pc to browse the web, and you don't need to subject your files to whichever risk you perceive yourself to be exposing them to when visiting random (or familiar) websites
And it helps in all sorts of ways, like helping avoid yourself from slacking off when you're supposed to be doing something important. Just make it so your main pc blocks any designated shitposting spaces.. Hell you can set up a whitelist if you're really serious about it
Honestly, it'll help you get your shit straight
Noah Martin
look what you're doing to this poor anime girl (male) hiro.. have a heart.
Josiah Gomez
if you use ublock like a sane person, then head on over to the dashboard and do this
Gorhill fixed these types of malicious ads put out by Hiroshimoot a few days back, and don't worry about having any malware/ransomware of any sort, it's like any other malicious ad: as long as you have common sense not to click on it then you won't get pc aids
I've actually felt the same way about my laptop, too, you're not the only one OP
Henry Cooper
>not to click on it there was nothing to click on that shit ran in the background.
Angel Scott
>fucking up the stylesheet from using ad blockers is not malicious >obfuscating code from sketchy sources is not malicious >loading bottom of the barrel ukrainian ads in the background and hiding them on page load is not malicious
Jacob Bailey
1. use uMatrix (if you're not already, why are you even on this board) 2. disable scripts for Sup Forums.org and 4cdn.org 3. allow script and frame from google.com
Austin Nelson
then install Sup Forums-x
Brandon Barnes
prove its malicious
Eli Hill
download F-Droid and get Clover from it, if you have an android phone of course
Sebastian Ortiz
GNU/Linux
Asher Butler
Updated the latest payload dump with better deobfuscation. I've also automated the process, in case they change anything, and also cleaned up some files.
Probably going to be the final update on that particular file since I've gone through it all now and my prior suspicion of it trying to disable adblock was incorrect, it just detects adblock's CSS rules. Found a couple more triggers but they're mostly just variations of HTTP timeouts and JS injection tests. Still working on making it debuggable.
Loader deobfuscation still needs to be automated, have some work done on that front, but it's been thoroughly analyzed and debugged in a sandbox, so nothing new to be gleaned.
And with that, I need fucking sleep.
Mason Robinson
What sort of autist doesnt use appchanx
Daniel Brown
It obviously is malicious by doing what you just said it does. But to pretend it is some kind of self-downloading and executing virus that can bypass EVERY browser sandbox, thus the greatest browser vulnearability we've ever seen, like the retarded argon spammer is doing is just muddying the water
Elijah Jackson
But I didnt got infected. Neither lot of other people. I saw only one screenshoot of some guy claiming to get infected and noting else - the guy from gitlab thing didnt found anything yet.
Andrew Taylor
So its just messing with site? Nothing infecting? At worst fingerprinting stuff?
Bentley Carter
It's only one file, so we don't know.
Mason Jenkins
>js bypasses adblockers >HOLY SHITE THERE IS CIA TIER ZERO DAY ARBITRARY ELEVATED CODE EXECUTION RASOMWARE MEME MINER MALWARE ON MY ANDROMEDAN HYGGE KITTEN FUR SWEATER KNITTING BOARD >FULL FUCKING PANIC >provides zero proof >days later: I"LL JUST PUT THIS FILTER PLACEBO IN MY JS BLOCKER NOW I AM SAFE NO WORRIES >has already been exposed and executed the code days ago, multiple times >I HAD UNPROTECTED SEX WITH LOADS OF AIDS INFECTED BRAZILIAN HOOKERS >NEXT WEEK I"LL PUT A CONDOM ON NOW I"M SAFE It's sheer panic from retards and trolls stoking the panic. It's probably fucking nothing. But if there is alien tech tier zero day exploit aids that's undetectable and can't be proved to exist, don't worry, there's fuck all anyone here can do about it and every last person here is absolutely crawling and infested with it forever and for all time. I'm just going to assume this invisible super aids can JUMP AIRGAPS USING YOUR SPEAKERS and every other bullshit supervirus fiction meme that people make up and post memes about.
Leo Taylor
But the whole premise makes no sense. Modern browsers don't just allow random files to be downloaded via javascript in the background just by connecting to a site. That would be a critical security vulnearability that at the very least Google and Mozilla would have adressed and fixed by now. No one else but that one person has detected this argon.js file either.
Ethan Hernandez
The site keeps going back and forth between completely unusable if you block the 3 domains and not showing up at all on ublock origin. Why the fuck isn't hiro saying anything at all, this absolute silence is getting infuriating
Colton Long
what's the most up to date fix for this on firefox/ublock/4chin-x? i still get blank pages when loading short threads on new tabs, and i have the 3 malware domains blocked on ublock
Brody Howard
I really need such replies. Im slowly getting better, but still have panic episodes. Week break from Sup Forums would be good thing. And Im writing this from windows phone, where everything runs in sandbox anyway.
Leo Watson
I will miss you.
William Lee
1. stop being a little bitch, the world is out to get you, and it will get you, one day or another. the sooner you learn to accept this, the better. worrying about the inevitable is pointless, worry about what you can do to live a good life despite its limitations
2. install gnu/linux, preferably debian. Do not do anything with this, it's a hypervisor (it'd be great if you could make it a Xen one, but let's not skip ahead here)
3. install Virtualbox (or an Open Source equivalent), install whatever the hell you want on it (windows if you want gaymen, otherwise just another linux)
4. do all your internet-activity from within the VM, have a shared folder back to the host OS if you need to store files across sessions
5. always reset your VM once you're done browsing, start fresh every time
There you go, you're now 99.99% untouchable
Poor Man's solution: use a livedisk on a USB stick with a physical write-lock, and another USB stick to store your stuff on.
Aiden Anderson
How do I fix this?
Bentley Flores
Fuck this, I'm moving to eightchan.
Luke Lee
As someone who has had to deal with severe contamination type ocd I suggest you not try to rationalize your fear of contamination. Do not look for affirmation, or someone to tell you that it's okay. Do not try to reason why things are okay. Confront your fear and try to go as long as you can without engaging in any rituals if you have any. Your fear and anxiety has nothing to do with real computer security. I suggest you try to get on your pc and post some qt traps or animus from your folders. If you find yourself losing hours of your day to your phobias and rituals, seek professional help, but do try NOT to feed into the obsession. Do what you can not to validate it or run from it. t. struggling with debilitating OCD for a few years, finally starting to get better.
Jace Wright
You are kind one.
I wonder how Hiro actually would feel if he would see this thread. If that would make him at least say anything.
Jeremiah Wilson
Thank you. I will think it over what you said.
Daniel Williams
enable javascript
Oliver Rogers
No.
Carter Martinez
god you are a massive faggot
Michael Hughes
Honestly, the best way to get rid of paranoia is to logically think it through. How much do you really have to loose if you are infected? My general rule of thumb is that if I were to reformat my hard drive right now and I would experience anything other than mild annoyance at having to reinstall everything then I have to much to loose and I need to do something about it. If you have something that if compromised or removed would literily destroy your life then it should be secure enough that you don't have to really worry about it.
Jordan Evans
I don't get any adds and my reCaptcha is working and my Addblocker says that he blocks adds, am I safe?
Oliver Evans
This is why you update your uBlock filters everyday.
Ethan Gonzalez
Install uBlock Origin, it blocks the loader now. If you have it and it's not working, purge and update your rules.
John Martin
ive accidentally click on ads before is my computer going to die
Ian Wright
>purge and update your rules I did that and it's still broken. Should I unblock the malware scripts via noscript?
Do people really believe Hiroshimoot obtained an exploit that bypassed browser sandboxes to automatically download and execute a malicious payload? If that existed, it'd be a pretty fucking big deal.
Alexander Roberts
That fixes the css, but I get connection errors when I try to post when I block Sup Forums. Also, the icons next to the post numbers are broken.
Levi Gray
I think the big hootenanny over it was a combination of 8 chins trying exploit an opportunity, and the actual malicious anti-adblocker bullshit stoking those fears. It also doesn't help that Hiro didn't get out in front of this to tell us exactly what was going on, and neither did the anti-adblocking shit, as it doesn't tell you *why* it's fucking with your CSS and images.
Zachary Wood
If Hiro would at least comment, it wouldnt turn out like that. Why sitting silent and thus fueling the fire?
Andrew Roberts
Look user, people said similar shit about screaming Japanese donut man and that turned out to be real. Better safe than sorry.
Hudson Martinez
Who is this donut man?
Andrew Adams
Way back in the day I recall there being an image of a Japanese man eating a donut that had an embedded file that would play a screamer. Everyone insisted there was no way it was real, until it propagated to the point where changes to the website had to be made so that does couldn't be embedded into images anymore.
