Author Topic: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js  (Read 32180 times)

0 Members and 1 Guest are viewing this topic.

Offline Jonny788

  • Newbie
  • *
  • Posts: 3
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #15 on: January 03, 2013, 11:08:37 PM »
My screenshot and the one from Borgis refers to the same exact file.


EDIT: Forgot to mention that prior to Firefox, I had Waterfox installed (64bit Firefox variant) and that's where I got the message first, my screenshot shows firefox portable cause I uninstalled waterfox thinking the exe got infected and so I switched on to the portable firefox I use for work.
« Last Edit: January 03, 2013, 11:19:30 PM by Jonny788 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #16 on: January 03, 2013, 11:12:54 PM »
i see both screenshot show Firefox as process.....does it only happend with Firefox ?

Offline Gangplank

  • Newbie
  • *
  • Posts: 7
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #17 on: January 03, 2013, 11:13:30 PM »
Ya exact same warning as everyone else, getting really worried about what is going on  :( , was fine browsing until today with these pop ups....

PS: No, not only firefox, I am using Opera myself, still getting the same warning.
« Last Edit: January 03, 2013, 11:16:23 PM by Gangplank »

Offline poppie1234

  • Newbie
  • *
  • Posts: 12
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #18 on: January 03, 2013, 11:15:24 PM »
Just updated avast and still getting the pop ups. What on earth is going on and why are only some people affected and not others.

Come on Avast we need to know.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #19 on: January 03, 2013, 11:21:07 PM »
AVG flags it now on urlvoid: http://www.avgthreatlabs.com/sitereports/domain/d1ros97qkrwjf5.cloudfront.net/
Also blocked according to adblock lists: http://forums.fanboy.co.nz/forums/viewtopic.php?f=6&t=6857 Fanboy's Adblock Forum...

polonus
« Last Edit: January 03, 2013, 11:29:42 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Gangplank

  • Newbie
  • *
  • Posts: 7
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #20 on: January 03, 2013, 11:38:34 PM »
Alright , I have tested with IE and Chrome one more time, still getting same warning with both browsers, kinda odd.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #21 on: January 03, 2013, 11:48:02 PM »
Hi Gangplank,

What for users that have ABP in Fx or Chrome with fanboy's list installed. Are they not being affected?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Jonny788

  • Newbie
  • *
  • Posts: 3
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #22 on: January 03, 2013, 11:51:31 PM »
Ok I've kinda found a "solution" for now, Went ahead and installed the DoNotTrackMe addon and the popup stopped.

Addon Website: http://www.abine.com/dntdetail.php

Unfortunately there's no opera version but at least it's avoidable.

I've tried disabling the addon and visited ausgamers.com and the avast popup appeared, enabled the addon and no popup. I've tested this only on firefox.

If this helps let me know please, at least I'll know if the addon is making effect or not.

Cheers!

« Last Edit: January 03, 2013, 11:53:29 PM by Jonny788 »

Offline Gangplank

  • Newbie
  • *
  • Posts: 7
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #23 on: January 03, 2013, 11:53:59 PM »
Hi polonus,
I've just installed adblock plus for opera and updated the block list from fanboyz, not getting the same warning anymore for now, will do a test with chrome right now with the same setup and i will give you an update on the result asap.

cheers.

Offline Gangplank

  • Newbie
  • *
  • Posts: 7
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #24 on: January 04, 2013, 12:03:56 AM »
Okay, I've just done testing with chrome, with adblock and updated block list, Twitch TV is fine for now, but when visiting Gawker.com and AusGamers.com I was still getting the "RUM" warnings, I think adblock does not affect it, at least on my end.

Cheers.

Offline dreamspinner3

  • Newbie
  • *
  • Posts: 10
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #25 on: January 04, 2013, 12:06:50 AM »
I'm having the same issue when visiting http://www.captureminnesota.com/ with both Firefox & Chrome beginning today.  Is this a false positive & how can I stop it from popping up all the time?

Thanks.

Kim

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #26 on: January 04, 2013, 12:08:47 AM »
@Gangplank,

Good suggestion for those that want to be without that kind of ad-monitoring to have it blocked for now and also as it later seems to come unblocked by av-solutions..
Fanboy's adblocking list does not flag it for no reason, I guess..

@micahwedemeyer

Wepawet gives the code as benign. And according to me it does not fall into the realm of suspicious or unwanted malicious code. The injecting nature of the benign code could have been an issue here to flag it. So wait for what the avast team analysts will decide.
On second thought I know that there are users that would like to block that code via an anti-tracking add-on, or via enhanced adblocking or via NoScript or RequestPolicy add-ons in firefox or sinilar extensions for GoogleChrome. Adblocking and the evasion thereof by ad-launchers is an ongoing chess-game...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Gangplank

  • Newbie
  • *
  • Posts: 7
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #27 on: January 04, 2013, 12:16:33 AM »
UPDATE
Installed DoNotTrackMe on Chrome as Jonny788 suggested, the warning somehow stopped for particular reason. Tested multiple times and it seems to be the perfect solution for now.

For anyone having the pop up issue, here is the link to the addon.

hxxp://www.abine.com/dntdetail.php replace(x) with (t).

Offline whetzelmomma

  • Newbie
  • *
  • Posts: 5
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #28 on: January 04, 2013, 12:17:57 AM »
I get the alert with IE, and I have removed all code that I can find with the Cloud attached to it. Still getting the alert.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
« Reply #29 on: January 04, 2013, 12:23:57 AM »
This is on the differing variant:

In the code that comes up with Internet Explorer, block "beacon-.newrelic.com" without the "" and see if that is sufficient to block the alerts?
On what the code does: https://newrelic.com/docs/features/how-does-real-user-monitoring-work  -> link info from: Jonah Kowall and Will Cappelli

polonus
« Last Edit: January 04, 2013, 12:29:25 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!