Malware warning of unsafe WP site
-
In visiting WP sites this morning, one presented a red screen claiming to be from gogo . thepowerrangers . com. It claimed that the WP site I wanted to visit was unsafe. I took a print screen and will upload that to my media file. I feel that the “warning” is malware as it wanted one to click on a link.
Also, lately, when I sign in to WP, instead of taking me to my Reader page it takes me to my list of posts in wp-admin. Is something going wrong with my site?
Thank you for looking into this and caring. We really appreciate it.
The blog I need help with is: (visible only to logged in users)
-
Hi –
Is it thepowerrangers.com which you need help on? Please share a bit more info so we can provide assistance.
-
Hi Liz,
Please go to my print screen in my media folder so see the actual warning and its full website address. In my forum entry above, I did not want to make the address into a link of any sort, so I put a space before and after the periods in the actual address. I also made the address in a bold font so that the actual address could be more easily seen.
What is seen in the print screen is what came up when I went to a WP blog site. One can see from their address bar that it seems to be a spoof using thepowerrangers.com web site.
Also, I think I have figured out that WP has changed their way of presenting things when a blogger signs in. So, I’m now thinking that that is okay — unless you say differently. : )
-
Hi again,
After leaving the above forum reply, I went back to surfing WP sites again. I went to the same site that had a warning yesterday… At first it came up fine, but in a second a different website went on top of it, just like yesterday… This website claimed I need to renew my McAfee software — but, I don’t use McAfee…
I made a print screen of this and am going to upload it to my media folder for you to check over… So, how is it that this sort of thing has happened two days in a row on the same WP blog site?… The problematic website is noted in my print screen… Thank you for your assistance…
-
Hi again,
I just surfed to a different blog site and got the same McAfee software renewal take over… It seems to be taking forever to get through my usual WP surfing… I will be uploading yet another print screen of a take over and adding it to my media folder… Thank you for your efforts to keep all WP bloggers safe on the internet… Have a great day…
-
We have absolutely no relationship with McAfee, so we need more details.
Exactly what was the URL of the site you visited before you were redirected to that?
-
Hi Macmanx,
Please look at the print screens I uploaded to my media folder… On each print screen I drew a box around the WP site I was trying to visit… That appears on the left side of the screen…
I know WP has no relationship with McAfee… Neither do I… On the print screens I highlighted the address bar the take-over notice was really from… I don’t think McAfee has anything to do with them either… That is why I feel that all the print screens I uploaded are some sort of malware… Nothing looks legitimate.
Thank you for checking into this and keeping the WP bloggers safe.
-
Hi there,
The screen shots only indicate the name of the site you’re trying to visit. We need to know the URL of the site, the actual link you type into your browser. We have no way to find the correct sites based on a site name like “Watts up with that”, as site names are not unique and searchable in our system.
What is the actual site URL that takes you to the warning mentioning gogo.thepowerrangers.com when you click it?
As for McAfee, searching for the “windowsappcenter” that appears in the URL, I found this:
Which indicates those notices are a scam, so you should just ignore them.
If you got taken to that notice when trying to visit a WordPress.com site, again we’ll need the complete URL of the WordPress.com site to check this. But it’s very unlikely that this is anything on WordPress.com doing this, as we constantly run malware scans on all sites hosted with us.
It wouldn’t be a bad idea to run a virus and malware scan on your computer itself – Windows 10 has an excellent anti-virus built in, and I recommend Malwarebytes as a second option to catch any malware that a regular anti-virus might miss.
-
Hi kokkieh,
Thank you for your reply… The website addresses are:
https://poetrybydeboraann.wordpress.com
http://wattsupwiththat.comIt was Deborah Ann’s site that brought up the gogo.thepowerrangers.com page on top of it.
All of the WP websites that I go to are listed in My Favorites in the Windows browsers… So I do not type a link into a browser… I just click a WP link in My Favorites… There is a flash of the WP site I wanted to go to, and then the other scam site takes over…
I did not list the web addresses before because I did not want to splash that information over the internet, in case it would cause a problem for them… How my dashboard got messed up after uploading a print screen to WP boggles my mind… After each event that took place I do a disk cleanup and run a quick Windows Security scan.
I also have Windows Security do a full scan once a week or so.
I have returned later on to the WP sites that had a problem, and they did not present a problem then… Does anyone know what might have messed up my Dashboard?.. I closed out of that and when I returned, it was okay.
Thank you for checking things out and keeping us safe on the internet… Have a great day!
-
https://poetrybydeboraann.wordpress.com/ doesn’t exist, and I’m definitely not seeing any problem at https://wattsupwiththat.com/ nor do I see any other reports on that site.
Try disabling all of your browser’s add-ons or extensions. If the problem goes away, switch them back on one-by-one until you find the one causing the problem.
-
Hi macmanx,
My error… Had a typo… The address should be:
https://poetrybydeborahann.wordpress.com
I did not have a problem when returning to these sites later on, so it looks like a hit and run thing… But, I do have the print screens, which show what was slapped on top of these WP sites… These scams are evidently doing things very randomly, hoping to get someone to click on their links.
By the way, I do not use add-ons or extensions.
Thank you for keeping tabs on these sorts of activities… It is greatly appreciated by everyone.
-
My error… Had a typo… The address should be:
I definitely also don’t see any problems on that site.
These scams are evidently doing things very randomly, hoping to get someone to click on their links.
That’s how they work, yes. Typically if even only one per cent of people who see the notice click on it and provide their personal/payment information, it’s worth it for the scammers.
By the way, I do not use add-ons or extensions.
Do you ever install free software you download from the web on your computer? Those often install hidden browser toolbars that can cause redirects like this. Internet Explorer used to be particularly susceptible to these, but they can target any browser on your machine. But as you’re using Edge, judging by your screen shots, and the links specifically pretend to be from “windowsappcenter” I’d say this one is targeting Microsoft’s browsers specifically.
I also have Windows Security do a full scan once a week or so.
I would definitely recommend you install Malwarebytes and run a scan with that as well, as these browser toolbars aren’t always picked up by regular antivirus programs.
Beyond that your best option here is to contact Microsoft support directly, as they’re best able to advise you how to remove something that might have been installed in the browser or on Windows without your knowledge, and which automated scans cannot remove for you.
-
Hi kokkieh,
I try hard not to be a part of that one percent… : ) …I don’t download free software either… I checked the browser I was using at the time of the incidents… I was using Internet Explorer, because a number of my Favorites are there only and not on Edge… So, I go back and forth between them.
Not surprisingly, I haven’t had any such take-overs since I reported them to this forum… Because of its good reputation, I used Malwarebytes once a couple years ago, and it found nothing at that time… And, I do think it is very good.
Thank you for everything… I hope this hit-and-run kind of activity isn’t bugging anyone else… Have a great day!
-
Just one more quickie……. Is it okay for me to delete all those print screens, since they are not needed any more?
-
Hello @96isaiah, I hope you’ve been well since we last chatted.
Do you mind hanging onto them just a bit longer? I want to look into that last screenshot a bit more.
I noticed thepowerrangers site you mentioned is no longer up, so it’s possible that was an attack site. Can you confirm whether you were intentionally visiting that site, or whether it popped up on you somehow?
The “message from webpage” popups should not be coming from us at all; I’d dismiss those. Can you confirm whether you’re seeing those when visiting our site, or whether you’re getting redirected?
-
Hi supernovia,… Just getting older….. : )
Yes, I’ll hold onto them… If you mean the red one as the last screenshot, that’s the gogo . thepowerrangers . com…. Note how I again put spaces around the periods… That’s because I don’t want it to become a link for someone to click on.
I’m confused as to what you mean when you mention “thepowerrangers” site, because it has nothing to do with a real, regular site called “thepowerrangers”…. [ I’m too old to be interested in that sort of stuff….. : ) ] This has the preface of “gogo”, so it’s a spoof of some sort…. Check the address bar carefully.
I had clicked on https://poetrybydeborahann.wordpress.com, which flashed by in a split second, and “gogo . thepowerrangers . com” popped up… It obviously wants people to click on it, which would not be wise.
Regarding the “message from webpage” print screen, I believe those also are spoofs wanting people to click on them…. Not wise…. One popped up when I went to poetrybydeborahann. wordpress — and the other popped up when I went to https:// wattsupwiththat.com/ …. So, somebody is just rodding through blog sites, slapping these on blog sites being opened up, in hopes of getting someone to click on them…. Anything for a buck….
My notes on the print screens were meant to be helpful and I hope they didn’t confuse anyone….
Have a great day, and thanks!
- The topic ‘Malware warning of unsafe WP site’ is closed to new replies.
WordPress.com Forums 