Slickdeals redirects to other sites when I come here

If it's only happening in Firefox, that sounds suspicious - it's possible for malware to install addons that are hidden from Firefox's list.

I understand that, but it is ONLY Slickdeals. I browse hundreds of sites a day without an issue, only SD redirects.

Right, but it could be a malware targeting specific sites - we're still looking into it on our end, but we still have no other reports but you, and it's only happening for you in a single browser, so that points towards some sort of malware

Well tell me if there's anything I can do or should be doing to help out with this.

Quote from cgrady : Right, but it could be a malware targeting specific sites - we're still looking into it on our end, but we still have no other reports but you, and it's only happening for you in a single browser, so that points towards some sort of malware

I've had this happen to me (same sites like adfly and the other sites OP listed) the past week or so. Since firefox stopped it, I just closed the slickdeals tab (again, only on windows opened to slick deals).

Today was different - a more serious threat that Norton Anti Virus caught and squashed. My NAV history log is not easy to post (screen capture difficulties) but my clipboard version is readable with some patience. This came from the slickdeals window in FF.....

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-10-05 10:21:07,High,An intrusion attempt by localhost was blocked.,Blocked,No Action Required,Web Attack: FakeAV Download 2,No Action Required,No Action Required,"localhost (xxx.0.0.1, 8254)"
,dqrdrezet.ftp1.biz/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBdyf5LKZPwyvIgCwX04PyFyoM=,"localhost (xxx.0.0.1, xxxx)",xxx.0.0.1 (xxx.0.0.1),"TCP, Port 8254"
Network traffic from <b>dqrdrezet.ftp1.biz/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBdyf5LKZPwyvIgCwX04PyFyoM=</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

x'd out my IP addrs -- HTH

Yeah I don't get those notifications all the time from Avast; only the ones where it tries to redirect to a site that is a known malware site. At least I see someone else has the same issue.

Quote from alwenz : I've had this happen to me (same sites like adfly and the other sites OP listed) the past week or so. Since firefox stopped it, I just closed the slickdeals tab (again, only on windows opened to slick deals).

Please report anything like this in the future instead of just ignoring it - we can't fix it if people don't let us know it's happening

Quote from cgrady : Please report anything like this in the future instead of just ignoring it - we can't fix it if people don't let us know it's happening

I just think that in most instances when this happens, who would really think that it would be limited to just one site, you know? Let me know if there's any other information I can furnish you guys to help you out.

Quote from cgrady : Please report anything like this in the future instead of just ignoring it - we can't fix it if people don't let us know it's happening

Well, lets have another one (just like the other one) ...

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-10-06 22:47:41,High,An intrusion attempt by localhost was blocked.,Blocked,No Action Required,Web Attack: FakeAV Download 2,No Action Required,No Action Required,"localhost (xxx.0.0.1, 8254)",pbfmjkcza.ftp1.biz/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBdyf4YKpSizaJzWwSg5fuFyoM=,"localhost (xxx.0.0.1, 2300)",xxx.0.0.1 (xxx.0.0.1),"TCP, Port 8254"
Network traffic from <b>pbfmjkcza.ftp1.biz/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBdyf4YKpSizaJzWwSg5fuFyoM=</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

Although I appreciate the smiley, I worked I/T support for >30 years and yeah, some issues were at the user point (minimal) and some of the information provided was so minimal it was hopeless.

But for me to tell YOU what YOUR problems are costs me a post with no REPS ever - that is why I rarely venture an incident .. in the past, not much concern was apparent and I feel well protected so ...

Quote from josephkata : I just think that in most instances when this happens, who would really think that it would be limited to just one site, you know? Let me know if there's any other information I can furnish you guys to help you out.

I agree with cgrady that if it's only FF doing it, it's likely an issue with FF.

Download RevoUninstaller, and uninstall FF using advanced mode, and make sure to check/delete all registry entries and folders. All, when going through the first step of the uninstall process, make sure not to save any browser customization, history, etc. If you do have a lot of bookmarks etc that you need to keep, open Chrome or IE and import them...then you can import them back into FF once you reinstall it.

Quote from alwenz : Although I appreciate the smiley, I worked I/T support for >30 years and yeah, some issues were at the user point (minimal) and some of the information provided was so minimal it was hopeless. But for me to tell YOU what YOUR problems are costs me a post with no REPS ever - that is why I rarely venture an incident .. in the past, not much concern was apparent and I feel well protected so ...

There no contest to see who has the best post count to rep ratio....so not sure why that's so important to you. And being in IT for so long, you of all people should understand how valuable it is to pass information along as opposed to withholding it, as not to mess up your post to rep ratio. Even if it's not a problem on SD's end, someone here can probably help you get it figured out.

I haven't had an issue in the last few days, so I figured something was done on SD's end after it came forward that I wasn't the only one that had the issue. If I have the problem again, I'll be sure to do the last step you requested. Thank you.

This has been happening to me the past few weeks as well.
I have SD bookmarked,click it and I go to the home page but am almost immediately redirected.
It doesn't happen every time,but it does only happen when I come here.
I've run antivirus,etc. Everything comes out okay.
These are the ones from tonight.
http://favozek.info/in.php?q=G/CD...p9UkfZww==
http://testables.net/d/juicyru.com
http://testables.net/go/2296_1822...2C89&c=130

This also popped up from Norton.

Category: Intrusion Prevention
2012-10-28 2:05:30,High,An intrusion attempt by blog.onlineshopschemes.com was blocked.,Blocked,No Action Required,Web Attack: Facebook Fake Survey 6

I use Firefox and haven't tested to see if it happens with another browser.

I am using firefox and have gotten the same redirects as Txhippiechick I have them blocked by Blocksite but new ones keep coming up