core.insightexpressai.com

While I was working on the web site Lyric Wikia, I hit an edit button, a normal oft-used procedure for this site on which you add information about singers, albums, and so on. As I hit the edit button, I think a new window popped up. I must have closed it quickly, I don't know. It all happened so fast, like my browser got redirected. I was able to cut and paste the url in Google, which lead me to information about malware associated with insightexpressai.

I don't know what this means. I'm going to dig around my computer to see if anything looks odd. If anyone has any suggestions I'd appreciate it. I haven't seen anything like this before.

I have more info, but I would like to talk to an experienced person privately. Thanks.

Firefox 39.0.3

Edited to add:
lyrics.wikia.com

Firefox addons:
Ad Block Plus
HTTPS Everywhere
1 Password
Amazon add-on button
YouTube High Definitoin

The Web site at core.insightexpressai.com has been used in the past by advertising malware aimed at Windows computers. It has never, to my knowledge, had a Mac version. It attempts a drive-by download of advertising malware if you're browsing from Windows, but as you're on a Mac, you should be okay.

OK, thanks.

Edit: Would you or someone else be willing to PM me?

I found some pages that do refer to Macs.

https://discussions.apple.com/thread/5032075
http://www.mac-forums.com/os-x-operating-system/288908-core-insightexpressai-com-trojan.html
http://blog.qisupport.com/core-insightexpressai-com-popup-remove-popup-ad-windows-mac-os-x/

PMing is turned off at FTM...has been since day one.

That includes the moderators

The last link contains these instructions for removing the malware from OS X:



There seems some confusion here, as Mac OS X doesn't have a C\Windows directory or a System32 directory.

Generally, it seems like this site does two things:

1. On Windows, attempts to download software that causes its ads to pop up.

2. On Macs, attempts to pop up windows that are hard to remove--force quitting and then restarting the browser seems to resolve the issue.

I haven't seen any evidence that it actually downloads malware to Macs, though.

If PM is turned off, then someone should delete that choice from the preferences under My Stuff.

Indeed. Unfortunately, the software doesn't offer a graceful way to do this; it can only be done by hand-editing the PHP code. And those changes disappear every time a new update is installed.

Today I was at YouTube when I was given a pop-up message that my version of Flash was outdated and that I should dowload the latest version.

Problem is, I didn't have Flash installed. I uninstalled it a long time ago. I still have the uninstaller. After this recent coreinsight hijack, I did a lot of housecleaning, including installing a new version of Firefox, deleting cookies and caches and so on, running Onyx.

Moroever, the Flash update started downloading on its own, and the file name didn't look like the usual Flash update filenames. I've downloaded many of them over the years, as you might expect. For one thing, the file name didn't include a version number and the file itself was dowloading quickly, suggesting a smaller file than usual.

I'd also like to say that, despite using AdBlock Plus and having pop-ups blocked in Firefox, I install encounter a lot of pop-ups. I'm on Firefox 39.0.3 because the new versions conflict with my version of 1Password.

I don't know if any of this means anything.

The latest version of Flash Player is 19.0.0.245, which was released a couple days ago. Go directly to adobe.com to acquire same.

When you install it, just before finishing it asks how you would like to access updates. I always check the box which states never to update automatically. I always go to Adobe independently.

I'm running Adblock Plus (2.6.11) on Firefox 41.0.2 with popups blocked as well and don't encounter popups at all.

That particular part is actually normal. Adobe's been pushing a downloader for quite awhile now. You download this little thing, and it checks your computer to figure out what version you have and what updater works best for you, and then it downloads that instead, and runs it. It doesn't even have the common courtesy to download a normal installer, or even to somewhere you can SEE. It downloads to a hidden folder and launches the actual installer automatically.

Makes it a pain to deploy to many computers.

You can also check for updates and initiate the download process through the Flash Preference in System Preferences.

Seems to be some confusion here.

I didn't have Flash installed because I don't use it anymore. I deleted it a long time ago along with any traces of it, e.g. prefs. I don't want Flash Player and I don't want to download it. I see no point in that.

Nothing should be downloading itself to my computer without my permission or any action from me. I've never been an "automatic update" guy.

One other dubious add-on, which I had enabled, is Clip Converter. Google revealed some people complaining that it downloaded malware.

Edit: Correction. I never deleted every trace of Flash. EasyFind tells me there are all kinds of Flash and Adobe files on my computer, most of which I know nothing about and therefore leave alone.

Maybe I will download a version of Flash and then uninstall it.

I dunno if there's such a thing as a maliciously crafted video, but that quoted segment stinks on ice.