Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do you want to open or save load.js from load.exelator.com?


  • Please log in to reply
3 replies to this topic

#1 nikki605

nikki605

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa
  • Local time:07:18 AM

Posted 27 October 2015 - 06:31 PM

I've had a subscription to the online version of USA Today since 2012 and rarely had a problem viewing it.  A few days ago, I began having a problem.  I can login OK, but the newspaper won't display.  This happens on 2 PCs, one desktop, the other a laptop.  Both PCs run Win7 Pro SP1 x64.  The problem also happens using both IE and FF.

 

Normally, I run the MVPS hosts file on both PCs.  Because I had updated the hosts file a few days ago as well, I decided to put back the default MS (blank) hosts file to see if perhaps the new hosts file was blocking something USA Today needed.  With the default MS hosts file, I got a different result as shown in the screen shot below:

 

2gt0qj6.jpg

 

 

That prompt at the bottom took me by surprise so I Googled it.  I got many hits for "load.js from loadm.exelator.com" described as a Redirect Virus.  I'm assuming the one I'm receiving is related.  I clicked on cancel.  The USA Today newspaper still did not display.

 

Any idea where this file is coming from?

 

Any ideas why I can no longer view the USA Today online?

 

I run Norton Security on both PCs.  I've received no Norton warnings about any virus.  I also ran full scans with Malwarebytes and SUPERAntiSpyware on both PCs and they were clean.



BC AdBot (Login to Remove)

 


#2 nikki605

nikki605
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa
  • Local time:07:18 AM

Posted 28 October 2015 - 10:56 AM

This problem is screwy.  From about 7am-11am this morning, I was getting the same result shown in my opening post.  Then, sometime after 11am, it started working, mostly.

 

With the MVPS hosts file loaded, the newspaper displayed normally:

 

wjzwna.jpg

 

 

With the default MS hosts file loaded, the newspaper displays, but again with the load.js asking to be opened or saved.

 

2yv1ksg.jpg

 

I clicked on cancel.

 

Wonder how long it will continue to load properly. :scratchhead:

 

Sure would like to know where that load.js is coming from and if it is malicious or not.  Just for chuckles, I downloaded the 1k file and opened it with Notepad.  Here is what was in the file:

document.write('<img src="https://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');

Edited by nikki605, 28 October 2015 - 11:14 AM.


#3 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:07:18 AM

Posted 28 October 2015 - 08:43 PM



 

This problem is screwy.  From about 7am-11am this morning, I was getting the same result shown in my opening post.  Then, sometime after 11am, it started working, mostly.

 

With the MVPS hosts file loaded, the newspaper displayed normally:

 

wjzwna.jpg

 

 

With the default MS hosts file loaded, the newspaper displays, but again with the load.js asking to be opened or saved.

 

2yv1ksg.jpg

 

I clicked on cancel.

 

Wonder how long it will continue to load properly. :scratchhead:

 

Sure would like to know where that load.js is coming from and if it is malicious or not.  Just for chuckles, I downloaded the 1k file and opened it with Notepad.  Here is what was in the file:

document.write('<img src="https://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');

 

Just looks like a tracking method of some sort.  Maybe a method of gathering IP addresses for geolocation to fine-tune ad-serving engines.  Haven't really looked into it, but doesn't look malicious; perhaps benign, if that.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#4 nikki605

nikki605
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa
  • Local time:07:18 AM

Posted 29 October 2015 - 08:07 AM

Thanks for the reply.  The contents didn't look malicious to me either.  In fact, it may not have anything to do with my primary problem of the newspaper not displaying sometimes (it's displaying this morning).  It may be something that was happening all along that I just wasn't seeing because of running the MVPS hosts file.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users