Cartoon Brew Site Problems

Many readers have noticed a malware warning when they’ve come to the site over the last couple days. We’ve traced the issue to our OpenX ad server. The issues affected many sites which run the OpenX server. There is more information about the issue at LegitReviews.com which also experienced the same hack:

A group registered in Russia and constantly moving around Scandavavia on a daily basis using the domain newtickepicker.com has hacked into many of the OpenX Ad servers including ours to insert a plug in. It then places itself into a one pixel unit on a graphic position for an advertisement. The plugin is called “mergedDeliveryFunctions.php.

Our tech guy informs us that no malware was ever added to the site, however, as a precaution, Google flagged all sites using these OpenX invocation codes. We are currently working with Google to get our site relisted as safe. Everything should be back to normal by the end of today. Thank you to everybody who has helped out and sent over screenshots and info about what they’re seeing on their computers.


  • Fr002

    Fiou !
    I thought i really had a virus ;)

  • http://kazrocks.blogspot.com kazzer

    how convenient….a hacker from russia, huh? he must have been planning this for some time, it must have really been an ambition of his. I wonder if his Dream Works or not. he must be quite a megamind.

  • Chuck

    A friend of mine instantly had his computer fucked by this, make no mistake going to cartoon brew disabled his entire computer and required from safe mode a full system restore.

  • Rene

    My computer got taken over by a malware virus today. Luckily, I was able to clean it all out. What a hassle!! I hope the problem is taken care of. I visit this site on a daily basis.

  • amid

    Rene – Can you tell me what time specifically the problems started? Also, did you visit Cartoon Brew anytime on Saturday or Sunday? When our tech guy checked the site on Sunday evening, he said he found no malware on the site. He reinstalled our ad server software this morning to prevent any further compromises to the system. We do apologize for any problems this may have caused. We’ve been on the case all weekend trying to figure out what’s going on before we were able to pinpoint the problem with the ad server.

  • stone

    my computer was infected instantly. an antivirus imposter popped up on my screen and began to scan so I did a hard reboot and restarted in safe mode and ran malwarebytes which seemed to initially fix the problem, however my browser was restricted from accessing the internet. I had another browser program installed that worked. However, when I shut down my computer and turned it back on the next day none of my browsers were able to access the internet despite my modem receiving a full signal. also, none of my anti-spyware programs are able to update in order to correct the problem. I fear I may need to reformat.

  • http://mymedicatedlife.blogspot.com/ Bitter Animator

    I had heard the Brew had been labelled an attack site. I thought it was just referring to Amid’s posts on Dreamworks. Or Imagi. Or anything else.

  • amid

    Stone – Can you let us know when exactly this happened? Any details you can provide would be helpful. Really sorry you’re having to go through all this.

  • http://tooveyland.blogspot.com Tooves

    The site is back for me now, cheers.

    While you are in the mood for technical issues, I am finding whenever I want to navigate to “Page 2″ on the bottom of the frontpage, I get sent to a page which only shows posts which are “Tagged for 3d”. The “Page 3″ button etc all seem to work fine though….

    Using Firefox.

  • amid

    Tooves – Tonight we implemented a solution to the 3-D page popping up when it shouldn’t. Please let us know if the problem persists in the future.

  • Adam

    I sent a request for a report to stopbadware.org and they sent me this back this morning:

    We have processed your request for review of your website, http://cartoonbrew.com/. At this time, none of our data partners are reporting badware activity related to the site. Any warnings displayed by our partners about your site have either already been removed or should be removed shortly. In addition, the report(s) about this site in StopBadware’s Clearinghouse have been moved from “active” to “archived.”

    As you said, it’s all done now, but their people aren’t picking anything up either.

  • Bill Cross

    I was redirected to the 3-D page this morning. I think my computer may be infected with the malware as I did visit this site when it was infected.

    Does anyone know how to remove this malware from a PC? I tried using a couple of scanning tools, but neither one could detect any malware, yet I have been redirected to an antivirus imposter.

  • Anthony

    I had the same issue Stone did. It happened to me on Friday 3/19 at about noon– fake virus checker kept installing and reinstalling on my PC, wouldn’t let me open any browsers without warning me that I needed to pay $49.95 to purchase the only virus cleaner that could save me. Whatever was doing this wasn’t being picked up by the regular anti-virus software at work and my IT guy tried to convince me that I needed my hard drive erased. All fixed now but a hassle, and Cartoon Brew was one of a very few sites I visited that morning.

  • Smudge

    Yeah, your techguy was wrong. I got infected by malware on Sunday around 3pm (antivirus soft) by visiting your site and ignoring the google warning. Fortunately, it was only a fifteen minute fix after booting up in safe mode and reenabling my Internet options.

  • s.w.a.c.

    I’m also having a problem with getting the 3-D tagged posts only when I try to go to cartoonbrew.com. Either from my bookmarks or from using Google. Instead I’ve been clicking on archive and looking at all of March’s posts and so on. Weird, maybe I should just cleanse my cookies?

  • s.w.a.c.

    Oh yeah, I also get the 3-D tagged posts when I click on the Cartoon Brew logo at the top of the page. But the displayed url just has the http://www.cartoonbrew.com address. Weird.

  • Doug Edwards

    Folks:

    Since you’ve been asking others for details as to when they became infected, here’s what happened to me. Shortly after 3PM CDT on Sunday, I tried to access Cartoon Brew via Firefox, and was given the warning that the site had been blocked as an attack site. Foolishly trusting that my anti-virus software would protect me from possible harm, I switched over to Netscape to get my daily fix of the Brew. Within just a minute or two, I began getting warnings from a spoof anti-virus program, the arrival of which continued to accelerate and multiply until the system tray was full of nothing but fake security alert icons. It took me 24 hours, but I have managed to clean up the problem — it took Microsoft Security Essentials until early Monday morning to issue an update that removed the trojan horse, which they identified as “fake SpyPro” from my system. Hope this helps!

  • Doug Edwards

    Me again: just remembered another detail that is probably *quite* relevant — the malware didn’t show up until I followed a link to one of the Camay advertisements — #2, if memory serves. The problem may not have been originating from you at all, but from the host site for those animations.

  • http://animationonbluray.com Tommy

    Thank god for Macs!

  • Rob T.

    Yay, you’re back! I kept getting the “attack site” warning through last night. This is the first time I’ve been able to access Cartoon Brew for several days.

  • Bob

    The problem seems to be fixed with Google Chrome but when you try to go to subsequent pages I’m getting the oh snap message. I don’t know if this problem is unique to me but wanted to share my experience.

  • http://www.kohrtoons.com Robert Kohr

    @Bob et al – There may still be some pages that your browsers will classify as infected. This should go away in a day or so. Try clearing your cache. Currently google has the entire site marked as okay so any issues with pages being blocked are either caching on your local machine or caching that you ISP has retained.

  • http://www.frankpanucci.com FP

    When the page was tagged as evil, I saw the Google warning. I clicked IGNORE IT. I got the Brew pages, except with no CSS formatting. They were readable, though – text on grey with no border. Pictures were included inline, but not placed nicely. I was never infected with anything. I use Firefox with AdBlocker. Firewall is ZoneAlarm.

  • Allesandro

    BS no malware was ever uploaded, my computer came fully under attack from this site, I had to disconnect the net and do a full sweep to shut it down.

  • Steve Gattuso

    Things are A OK now. I knew it was an ad site’s problems the moment I ran into it.

  • s.w.a.c.

    The “3-D posts only” problem seems to be fixed on my browser at work (IE, unfortunately), I’ll check to see if it’s the same on my home computer when I get back there.

  • http://www.zteamproductions.com John Hudgens

    The “3-D tags page” when clicking to “page 2″ issue is still going on for me this afternoon – I’m using the latest version of Firefox on a Mac…

  • stone

    after checking the log files from the scan I ran with Malwarebytes, the infection was a rogue program called Antivirus Pro. It shows up as avpro in the log.

    It started running as soon as I chose “proceed anyway” through my google chrome browser.

    However, before this incident I was at a friend’s house using google chrome to surf CB and bypassed the warning and nothing happened, no infection. So it would seem a majority of people have been able to surf CB with no problems while others got hit.

    Malwarebytes was able to kill the rogue program itself, however it has left my computer disabled, where my current antiviral programs cannot update and my browsers are blocked from the internet. I am looking through the malwarebytes forum for a procedure to fix this problem.

    They have removal instructions on their forums for Antivirus Pro and other rogue programs, I will try it out and if it’s successful I will let you guys know:
    http://forums.malwarebytes.org/index.php?showtopic=39312

  • Bugsmer

    I was not infected. However, I’m still getting the 3-D tags page whenever I try to access page 2. I’m using the latest version of Firefox. I’m glad to see CB back online.

  • Dock Miles

    What “Anthony” describes is exactly what happened to me about two months ago. A Fake Alarm monster *destroyed* my hard drive function and access to the internet and I had to install a completely new drive. Thanks, guys. Demons that come with your home are your responsibility. I’m cutting way down on visits for the foreseeable future.

  • stone

    the procedure in the link I posted above worked.

  • http://www.baileymacdonald.com Brad

    I checked the site on Sunday using Firefox, checked the first Camay link, got the warning, left the site, and Antivirus Pro got past my virus protection and began to rip into everything. I shout down the computer, then used my laptop to transfer Spybot and AVG Pro. Opened in safe mode, opened both spyware programs, ran them in that order, and that seems to have cleaned the drive, but it took hours.

  • http://www.baileymacdonald.com Brad

    Should have been “shut down the computer” in my post, not “shout down the computer,” though I’ll admit I did a bit of shouting….

  • http://jodmovie.com Jodie Hudson

    Just wondering if anybody got a virus called Antivirus Soft in the last few days. I noticed it on Tuesday. It wouldn’t let me open any programs, kept claiming they were infected and to download their software to fix the issue. Thankfully I finally got it off with System Restore. I guess the whole ordeal was a good think because I finally bought an external hard drive and backed up all my stuff that I was “eventually” going to get around to doing. I was just wondering if it originated from here. I’ll admit I diregarded the warning Internet Explorer gave me when I came to this website, figuring it was just some bug and there was nothing wrong with Cartoon Brew.

  • http://jodmovie.com Jodie Hudson

    I should probably read “all” of the comments instead of “most” of the comments before I asked a question like that. You guys don’t have to approve my last comment (or this comment). I see Smudge brought up Antivirus Soft earlier in the comments. Sorry.