Honda CR-V Owners Club Forums banner
  • Hey everyone! Enter your ride HERE to be a part of December's Ride of the Month Challenge!
1 - 7 of 7 Posts

·
Super Moderator
2017 CRV Touring - Pearl White w Black Interior
Joined
·
7,554 Posts
Discussion Starter · #1 ·
... to automatically download files to my PC.

File had only the file name "f" and I blocked it each time.

Probably one of the ads trying to do something nefarious.

Windows 8.1 & Chrome Version 75.0.3770.142 (Official Build) (64-bit)
 

·
Registered
2014 CRV EX-L FWD
Joined
·
405 Posts
Win 8.1? It's way past time to upgrade (likely both hardware AND software),
and my preference is Mozilla Firefox.
 

·
Registered
2016 CRV Touring AWD
Joined
·
4,071 Posts
I'm not hearing any similar comments from anyone else which makes me suspect your computer's up to no good as a result of something it's picked up elsewhere.

With Win 8.1 support from Microsoft having ended over a year ago, I wonder what if any anti virus software and anti malware software you are running and whether they are up to date.
 

·
Super Moderator
2017 CRV Touring - Pearl White w Black Interior
Joined
·
7,554 Posts
Discussion Starter · #6 ·
I'm not hearing any similar comments from anyone else which makes me suspect your computer's up to no good as a result of something it's picked up elsewhere.

With Win 8.1 support from Microsoft having ended over a year ago, I wonder what if any anti virus software and anti malware software you are running and whether they are up to date.
Nope... my computer is fine. 8.1 is not out of support.. it continues to have monthly support updates for several years yet.. they just are not doing any feature adds anymore. I have 3 computers in the home, two on win10 and one on win8.1. Each is kept current on antivirus and malwarebytes-premium and none have suffered any penetrations by malware or virus attempts.

I even reran complete antivirus and Malwarebytes scans after the attempted download just to be absolutely sure.

I have not seen it again, and it did not succeed in multiple attempts to download a file from the forum website as Chrome was set to block it without permission and malwarebytes also interdicts anything suspicious. Chrome specifically alerted me that crvownersclub.com was attempting to download a file multiple times to my computer. I think it was some particular ad that was trying to do something... and since they rotate constantly... it's probably long gone.
 

·
Super Moderator
2017 CRV Touring - Pearl White w Black Interior
Joined
·
7,554 Posts
Discussion Starter · #7 ·
Because I see mysteries as a challenge to over come........just a follow-up for the Admins....before putting this to bed.

It appears that this is an old problem related to adware where google and some other sites (like youtube, et al) were up against a Flash exploit a number of years back, and Adobe was slow to fix the issue. So these websites inserted a harmless intervention to protect their users as follows:

One component of the ad-hoc mitigation implemented by these website owners was to force the HTTP Header Content-Disposition: attachment; filename=f.txt on the returns from JSONP endpoints
Complete details about the artifact that I ran across yesterday... multiple attempts to download a file named f.txt.. can be found here: https://stackoverflow.com/questions/28535603/google-chrome-forcing-download-of-f-txt-file

In summary, from the linked page:
  • In conclusion, the websites you were visiting when this file spontaneously downloaded are not bad or malicious, but some domain serving content on their pages (usually ads) had content with this exploit inside it. Note that this issue will be random and intermittent in nature because even visiting the same pages consecutively will often produce different ad content. For example, the advertisement domain ad.doubleclick.net probably serves out hundreds of thousands of different ads and only a small percentage likely contain malicious content. This is why various users online are confused thinking they fixed the issue or somehow affected it by uninstalling this program or running that scan, when in fact it is all unrelated. The f.txt download just means you were protected from a recent potential attack with this exploit and you should have no reason to believe you were compromised in any way.
So.. yeah.. it was indeed triggered by some ad trying to push malware through the site... and the attempt to download f.txt was simply a way to protect the user from actual malware. Kind of a kludge approach .. but effective I guess. In any event.. I have Chrome set to never allow a download of anything without my consent.. which is why I observed it.. the browser was asking me to consent.. and I refused.. and it asked again.. and I refused.. rinse and repeat several times.. and I bet the actual offending ad failed to load on my browser page as a result. Anyone who does not require their browser to give permission to download, may have never actually seen the protection event happen.

I leave it to the admins at this point with regard to any site functions or code that may be related to this. :)
 
1 - 7 of 7 Posts
Top