Reply
Visitor
SamAnders
Posts: 5
Registered: ‎Wed 27-Jun-2012
0

High Risk Website Blocked d.tracksrv.com

[ Edited ]

Hi, 

 

This afternoon a number of endpoints have started displaying the following balloon notification from the system tray:

 

High risk website blocked

Access has been blocked to "d.tracksrv.com" as Mal/HTMLGen-A has been found at this website.

 


When end users are visiting websites they are seeing banner adverts being placed on the webpages such as bbc news,  which should not be there. I have run scans on the end users machines but nothing has come back so my question: 

 

Has anyone else had something along these lines and whats the best thing to do? something has hijacked the end users machines as its displaying banner adverts inline on websites that would not have banners

 

Here is a screenprint from one end user:

 

 

 

Frequent Advisor
dcshman
Posts: 51
Registered: ‎Wed 17-Feb-2010
0

Re: High Risk Website Blocked d.tracksrv.com

we had the same issue today when we surfed sophos.com from some endpoints ..

Occasional Visitor
jlsophos
Posts: 1
Registered: ‎Tue 02-Jul-2013
0

Re: High Risk Website Blocked d.tracksrv.com

We are seeing the same problem.  Every page accessed produces the message "High Risk Web Site Blocked.  Access has been blocked to d.tracksrv.com as Mal/HTMLGen-A has been found at this website.  It happens no matter what page is accessed.  A normal scan detected no problems.  ANy ideas?  Should I open a trouble ticket?

Visitor
SamAnders
Posts: 5
Registered: ‎Wed 27-Jun-2012
0

Re: High Risk Website Blocked d.tracksrv.com

thanks for the replys, i have created a support ticket and will update this topic once someone has been in contact

Occasional Visitor
wethd
Posts: 1
Registered: ‎Tue 31-May-2011
0

Re: High Risk Website Blocked d.tracksrv.com

Any chance this could be the same type of High Risk Website block popup for Mal/HTMLGen-A "www.spdbit.com/health_check.js

 

Keeps popping up for end users when using chrome browser.  If any google processes are running on a win7 box, this popup will randomly show up about every 2 to 3 minutes. If using a google service, it will continually popup keeping some endusers from working. 

 

when accessing the above url on an imac using safari, with no SAV installed, popup does not happen. What appears on imac.

 

"blacklist": [

    "stackoverflow.com",

    "html5rocks.com",

    "xda-developers.com",

    "netflix.com",

    "shutterfly.com",

    "techrepublic.com",

    "github.com",

    "android.com",

    "jquery.com",

    "samsung.com",

    "mashable.com"

  ],

  "whitelist": [

    "walmart.com",

    "tumblr.com",

    "slickdeals.net",

    "naver.com",

    "newegg.com",

    "igg.com",

    "mixcloud.com",

    "redfin.com",

    "adorama.com",

    "amazon.co.uk",

    "slrclub.com",

    "imdb.com",

    "wsj.com",

    "naver.com",

    "shutterstock.com",

    "weather.com",

    "microsoft.com",

    "wikihow.com",

    "yahoo.com",

    "baidu.com",

    "naver.com",

    "chosun.com",

    "donga.com",

    "seekingalpha.com",

    "etnews.com",

    "weibo.com",

    "naver.com",

    "wiley.com",

    "naver.com",

    "att.com",

    "renren.com",

    "naver.com",

    "baidu.com",

    "gyazo.com",

    "amazon.de",

    "centraldispatch.com",

    "hankyung.com",

    "yahoo.com",

    "inews24.com",

    "ikea.com"

Occasional Visitor
Ricco
Posts: 1
Registered: ‎Wed 03-Jul-2013
0

Re: High Risk Website Blocked d.tracksrv.com

Hi,

 

have you got any news?

 

It seems to be resolved, my users don't have this message anymore.

Occasional Visitor
Herribert
Posts: 1
Registered: ‎Sun 07-Jul-2013
0

Re: High Risk Website Blocked d.tracksrv.com

I have the same problem. Every time i want to visit a website my Firefox tries to open "d.tracksrv.com" in a new tab and Sophos blocks it because of 'Mal/HTMLGen-A'. Same with Chrome and IE. Sophos doesn't find any malware. For about a week the site changed from "d.tracksrv.com" to "unp.staticlib.net/sd/1060/8101.js" but everything else stays the same.

Frequent Advisor
dcshman
Posts: 51
Registered: ‎Wed 17-Feb-2010
0

Re: High Risk Website Blocked d.tracksrv.com

we still have the issue with some cliens and when they are using chrome browser ..

Advisor
ricdgr
Posts: 31
Registered: ‎Mon 03-Jun-2013
0

Re: High Risk Website Blocked d.tracksrv.com

[ Edited ]

You can try to run the Sophos Bootable Anti-Virus and the other SMaRT tools, and if they don't find anything you can try to run GMER, and malware bytes or hitman on top of the SOPHOS scan.