I was presented with this:
Additionally, an alert was displayed stating:
…absolutely horrifying and unacceptable. This ad partner should be dropped immediately.****Dont Restart Your Computer ****
The Following information was found on this error:
Code:
00xO4C08
Discription
An unsupported or invalid partition type was detected.
The Infections detected, indicate some recent downloads on the computer which in turn has created problems on the computer.Call technical support +1 888-748-8676 and share this code B2957E to the Agent to Fix This.
The JavaScript which inserts this has been obfuscated: (code fetched via curl for transparency purposes)
Code: Select all
$ curl -sLv https://linux.palemoon.org/download/installer/ | grep -C1 s\'\+\'cript
* Trying 104.20.61.158...
* Connected to linux.palemoon.org (104.20.61.158) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 704 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.palemoon.org (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.palemoon.org
* start date: Mon, 07 Nov 2016 00:00:00 GMT
* expire date: Tue, 07 Nov 2017 23:59:59 GMT
* issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure Server CA
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /download/installer/ HTTP/1.1
> Host: linux.palemoon.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 25 Jan 2017 20:03:52 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d02632c04707637d28e58975cf20c752f1485374631; expires=Thu, 25-Jan-18 20:03:51 GMT; path=/; domain=.palemoon.org; HttpOnly
< X-Powered-By: PHP/5.6.30
< Set-Cookie: CMSSESSID1d7a7734=qaqbdprraccf0qqo6o0qskg142; path=/
< Expires: Mon, 26 Jul 1997 05:00:00 GMT
< Last-Modified: Wed, 25 Jan 2017 20:03:52 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Cache-Control: post-check=0, pre-check=0
< Pragma: no-cache
< Server: cloudflare-nginx
< CF-RAY: 326e54b9ed18380a-ATL
<
{ [732 bytes data]
* Connection #0 to host linux.palemoon.org left intact
<script type="text/javascript"><!--
document.write('<s'+'cript type="text/javascript" src="//adgiant.io/show.php?z=26&pl=2417&j=1&code='+new Date().getTime()+'"></s'+'cript>');
// --></script>
$
The only add-ons I have are Encrypted Web, Greasemonkey, and Adblock Latitude.
The only plugins I have are IcedTea's Java and Google's Flash, both of which are not enabled by default.