none
Ad banner opens browser tab without user input! RRS feed

  • Question

  • 

    I got two reports from my app users stating the Microsoft ad banner in my app opens a browser tab without any user interaction with the ad banner! On top of that, the browser tab that opens is cleary a malicious website - see screenshot below.I am one step away from completely removing the ad banner from all my apps - this is not acceptable!

    Both users are located in Germany, in case that helps finding the cause of the issue.

    


    • Edited by T. Partl Wednesday, April 17, 2019 9:58 AM
    Wednesday, April 17, 2019 9:51 AM

All replies

  • My german app users reported exactly the same behavior. This is completely unacceptable! 
    Wednesday, April 17, 2019 4:45 PM
  • Hi T.Partl,

    Is this for a small number of users or a large number of users? If it is for individual users, this does not rule out the possibility of personal device poisoning. If it is for most users, we need more detailed info(Don't provide private info) to track the ads.You could provide the detailed information in support ticket to ask the team which could track your ads for help directly.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, April 18, 2019 7:00 AM
    Moderator
  • It affected 3 users so far (within 1 week) and I havent heard before about this issue for more than 2 years. So it's pretty safe to say it is not device poisoning.

    What more detailed info can I give you to solve the problem?

    This needs to be solved quickly. I cannot accept ads like this in one of my apps - it is massively damaging my apps' reputation

    Thursday, April 18, 2019 8:06 AM
  • I just got another report from another German user - makes it a total 4 (so far).

    It seems like for German users this is a problem that occurs multiple times a day - not just randomly!

    These are 2 links that are being opened in the browser (x-ed out the ip address in the link urls). Based on the URLs, the ads come from AdNexus: 

    https://bewinnertoday.club/DE493/Unitymedia/samsung.html?ip=xx.xxx.x.xxx&brand=Desktop&cep=0fd8OrSVF-_KblmG4YBmwRajGFfuYI-rmEpFyznvqquBaPn8uQ9CXgvoThoDwCIJzqYsXrLZ17Oh5PqPcoVRVJAJv3AUyrI34JX3lWYvo1ZvPxMxrP0H0rpM8BTa9MVOezh58CNakBd4KXYAqHvQ5XHamdFh1l-bzYAhj_FCm4uOVl5nKGmvNkkJKaYfBrGXalWS0TexFGPOMQT6asIpBKswLfhQpTAqQNFrWTZzgHE&dom=microsoft.com&ub=adnexus

    https://lottery-free.info/DE123/index-DE.html?isp=Unitymedia%20NRW%20GmbH&city=Karlsruhe&ip=xx.xxx.x.xxx&model=Desktop&brand=Desktop&cep=_fLVnVsxbZaUQ--NDD4auVF4sNcY4xnziEpOwnKykVsLUc96e1ivqBa2pb7WaDeyHh_FXBnM5ZPQJ0RT2SJ7grS0en9XrESlMOFBAnm5IqK_x1yo2LttSfyvdIl2f19Z00K4oo26k1bNHxlDi_FguPr50i6IRO_dgcm5ZM2pdWYvQwyHhsW6RSS94l2SDafDrl0H8-KC27KqdR1mqNG0Yv13Q7s4vr43iYnio7_U-QA&dom=microsoft.com&ub=adnexus#b



    • Edited by T. Partl Thursday, April 18, 2019 10:09 AM
    Thursday, April 18, 2019 10:09 AM
  • Hello,

    my app is also affected in Germany. URLs are opened in the browser without user actions, e.g.

    https://activity-free.pw/DE258/Vodafone/samsung.html?ip=...
    https://lottery-free.info/DE123/index-DE.html?isp=Vodafone%20Germany&city=H%C3%BCrth&ip=...

    The URLs contain my IP address and other information about the device.

    My app uses 2 types of AdControl dimensions. So far it concerns the AdControl with size 728 x 90. The AdControl itself remains empty. It occurs every second time when I open the app or refresh the content. In the Partner Center, I set Microsoft to decide which ads to display.

    Best Regards
    Heiko

    Thursday, April 18, 2019 12:57 PM
  • Hi, 

    I have the same problem and i am able reproduce this issue. something is "Adnexus" in the url and it redirects  website called "up.trkgenius.com" which is known as adware. you can go the path

    C:\Users\user\AppData\Local\Packages\myApp\AC\INetCache\ folder

    Under this folder there is secret folder (it is not even hidden), you can only reach this folder by entering the name. this folder caches images like below and among those images there javascript file trk.js like shown below. this js is responsible of doing it i believe. Just find your app folder and search for".js" and you will see it. 

    Please fix this problem urgently. it looks like someof your provider is responsible for that. It looks like "AdNexus" in the url but in th developer console. i dont see this provider. there is only "appnexus"

    


    "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it."

    Thursday, April 18, 2019 5:40 PM
  • it has nothing to do with the users or whatever. it has something to do one of your provider. they provide adware banner and those banners download a javascript as my other reply. this Js is executed everytime a user redirects to the page with this adware. it is all users basically

    "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it."

    Thursday, April 18, 2019 5:43 PM
  • Hi all,

    Thanks for providing these information for our to analyze. I will immediately report this problem to AD team.I will update here if I get the response from the team.Sorry for any inconvenience.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, April 19, 2019 2:19 AM
    Moderator
  • I have removed all the possible ad networks as shown below but problem still persists. only remained are 2 

    - Community Ads

    Oath and AppNexus

    I am not able to remove Oath and AppNexus. it is readonly seems like that most probably it is the one responsible for this error. because Community ads cant be as we cant insert js files.


    "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it."

    Friday, April 19, 2019 11:50 AM
  • Hello,

    I proceeded slightly differently, facing the same issue of the ad opening up a browser .I got this interference with my mail box after turning the dhcp automatic connect option on my home live box .Clearly the ip that is assigned is 93.133.126.137 .

    Now, just below, I am reproducing the url adress of what we called "browser" .I am just taking care of erasing the first two characters in the adress to avoid interferences after pasting:

     tps://free-surprise.live/FR328/Orange/samsung.html?ip=92.133.126.137&brand=Desktop&cep= (...)&dom=webmail.orane.fr&ub=adnexus

    The (...) brackets are substituted by me .It is in the place of a long series of letters and numbers .

    As you can see, the adress is slightly disguised, because all parts before the "html?" mark brings no return on the web .

    Besides, I am coping the adress of my webmail page where the interference occurs with the surging banner so that you can see the parallel structures used in both free surprise and my web provider.As before, I have taken the first two characters off:

    tps://webmail22.webmail/fr FR/read.html?IDMSG=466&FOLDER=SF INBOX&ORIGIN=&SORTBY=1&PAGE RETURN=1orange.fr/

    As you will notice it, = and & signs part between elements in exactly the same order for an equal number of elements so that a technician whom I am not may compare them .

    I pushed further after noticing that the actual "live portion" of the banner's adress starts from "html?" .

    Using either my Orange dhcp connection or turning it off to connect with "open dns", the only result I can retrieve from the web, using "bing", after entering html?ip=92.133.126.137, is as follows below .

    maguro.2ch.sc

    Well, using the search engine from two very remote and different servers leads to just one result in the list of results .This gives it some certainty .

    Now, if clicking on the link for Maduro, I can reach an url with this adress in the browser, again without the two first letters:

    tp://maguro.2ch.sc/test/read.cgi/sposaloon/1337142937/29n-

    It would be somewhat hard to operate the ns look up function here, up until you would see that the pages are empowered by w.IME.ST .

    Checking up this ip gives this: IP owner Netim /165 Ave de Bretagne 59000 Lille France / w.netim.net / ph (33)972307470 .

    It has no "abuse at ..." adress .

    To finish, if you click on any of the paragraphs on the MADURO site, you see they are grouped by dates, up until 18 th of April and if you link up tp://2ch.sc/2ch.html, you have groups up 19th .

    All groups have lines with each of them indexed information using ID symbols and each paragraph has associated dns adresses next to it; for example, here are those dns adresses for the 19 th april, starting as 126 (there are more but in limited numbers) :

    126.163.179.41/   .194.128.151/    .182.79.108/    208.241.177/

    Here it is .To me, it looks like ip adresses are stuck to be read at certain times during users' operations and the system is disbalanced when changing dns server so that such an event can happen visibly .In other words, the occurance is on the computer for a part of it, and on the server for the other part .

    I am not a tech, just a user, hoping this has been useful .

    Bests .

                                                                 pierre

     

    Friday, April 19, 2019 1:34 PM
  • Hi all,

    Thanks for providing these information for our to analyze. I will immediately report this problem to AD team.I will update here if I get the response from the team.Sorry for any inconvenience.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Are you really serious that a company like Microsoft is unable to fix such a catastrophic problem in hours, if not days at least? This is illegal shit! Stop it!
    Saturday, April 20, 2019 11:44 AM
  • lottery-free.icu/DE205/…
    activity-free.icu/DE498/…
    free-lucky.asia/DE222/...
    free-lucky.world/DE132/...
    Saturday, April 20, 2019 11:52 AM
  • Hello,

    If the PC is slow, you can see that this URL is loaded first:

    https://chanelets-aurning.com/478f0183-3448-4c1e-b89a-8a7f2c52f324?dom=microsoft.com&ub=adnexus

    The content of this site is:

    <html><head><link rel="icon" type="image/gif" href="data:image/gif;base64,R0lGODlhAQABAPAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=="/><meta http-equiv="refresh" content="0;URL='http://track.nuxues.com/?utm_medium=7261755a0e1fb7e9b58250a6b8553edd37222a37&utm_campaign=Globale%20remanent%20traffic&cid=wFJ3P0SO2UK777UL18D4OP9S'" /></head><body><script>window.setTimeout(function(){window.location.replace('http://track.nuxues.com/?utm_medium=7261755a0e1fb7e9b58250a6b8553edd37222a37&utm_campaign=Globale%20remanent%20traffic&cid=wFJ3P0SO2UK777UL18D4OP9S');}, 0);</script></body></html>

    Then one of the sites already mentioned here will be opened.

    Best Regards,
    Heiko

    Sunday, April 21, 2019 3:18 PM
  • Meanwhile the 1 star reviews continue to pile up.  Ridiculous.  This is the type of issue where people should be called in to work on the weekends.
    Sunday, April 21, 2019 8:09 PM
  • Hi all,

    The relevant team of Ad has informed me today that they are dealing with this problem today, we are deeply sorry for the inconvenience caused.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, April 22, 2019 7:52 AM
    Moderator
  • Hi all,

    The relevant team of Ad has informed me today that they are dealing with this problem today, we are deeply sorry for the inconvenience caused.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Can I tell the 127 app users who complained about the illegal popups that the problem has been solved and will not reappear?
    Tuesday, April 23, 2019 10:30 PM
  • Are you still working on a solution or did you just accept it?  What do you think about answering?
    Friday, April 26, 2019 9:02 PM
  • I have the same 20 minutes ago:
    1) https://track.nuxues.com/?utm_term=6684326201999229393&clickverify=1&utm_content=fdc2c69a9cafac9c949390a19e9194a589bbcdb9cbbfbc8c848380b1818f8db5a7babab98ebd8c8db3838081eae6eae1e9f8f9e9fbb2eceffbfef1e3ef97a595ad84878e828acca48c80cee1d4d3e4d7cefbf8f98a8d8998f2f3c1f1c7c1c4c5caf2f8f9cecfcc92

    2
    ) http://www.microsoft.com-maintain-pc.live/tonic2/?ip=37.201.228.170&city=Essen&os=Windows%2010&model=Desktop&td=tracking.marketing&zn=2006&sc=a8a456ba-edc9-4326-80f5-1759b60ceed2&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F73.0.3683.103%20Safari%2F537.36&browser=Chrome&browserversion=Chrome%2073&language=de&connection=BROADBAND&isp=Unitymedia%20NRW%20GmbH&carrier=&campid=a5ebe458-6edc-4e83-b189-0b52ce6167e0&cep=jKrTPxst1pz9tJgnSFbb-5RLAKsq51kwLZNCBmMYSrrRpx7DTlLcEbcFdmVcSTUUzjH0M-O9V3Y2D5ictkW4aso779tpy4YFhYDyPKlYXbGAo6yjReKmyijZUtwgJxVKSeCUUcKPMMY66mQ5aOivuRvPM-XuhozWDpZfNoRtYSJ-TWfKP6beyUw_20U40M6oVbKNoBz7VQuUdOFJ0o63tDSYIMIx-jn_94uBK0at9eVAYJ4sXtrSaEaFmeXjVfyQ&partner_id=2006&pid=2006-2744ec5z&payout=%5B%5Bamount%5D%5D&clickid=6684326201999229393

    Friday, April 26, 2019 10:24 PM
  • The Apex ads that are being spammed also take control of the Xbox One cursor and either move the cursor to the middle of the screen or pull the cursor into the ad.
    Saturday, April 27, 2019 12:25 PM
  • The Apex ads that are being spammed also take control of the Xbox One cursor and either move the cursor to the middle of the screen or pull the cursor into the ad.
    oh my good. this is awful. i have most of my users on xbox. i was wondering why my purchases are going down. MICROSOFT please fix this. 

    &quot;Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.&quot;

    Saturday, April 27, 2019 12:46 PM
  • I also have still the same issue.
    Saturday, April 27, 2019 2:27 PM
  • Popup ads are back.  They are waiting for the weekend because they know that Microsoft and other companies don't monitor over the weekend.  This is the second weekend in a row with popup ads.
    Saturday, April 27, 2019 11:18 PM
  • This is killing the user experience for any app which uses Microsoft's Advertising SDK.  How do you expect users to trust using any app on the Microsoft Store when they keep having a browser popped open with an obvious scam site?  Why aren't people being brought in to work this until it is fixed?
    Sunday, April 28, 2019 4:22 AM
  • Thank god I found this post after a while. 

    In the begining I thought of users going nuts or some evial rival.

    After more and more negativ Reviews coming in, I did some updates, used different Computers, reviewed the Code and so on (it took me Hours, sorry days)…

    And finally I found this post an went crazy... 

    @Microsoft: please, please, please fix this - this is actualy destroying my business.

    Sunday, April 28, 2019 2:33 PM
  • Micrsoft support is blaming it on the apps when users contact them.  Support tells the users it is an app issue when they know this is not true, but this is a common issue with Microsoft Support as they will always try and push the blame on apps.
    Sunday, April 28, 2019 2:42 PM
  • This is becoming very serious. we are suffering with users negative reviews. can you please help here? how hard is for you to solve this urgently?  

    &quot;Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.&quot;

    Monday, April 29, 2019 9:17 AM
  • Apex ads that are being used are also taking control of the Xbox One cursor and moving it.  Another bad user experience.
    Monday, April 29, 2019 1:20 PM
  • Hi all,

    The relevant team of Ad has informed me today that they are dealing with this problem today, we are deeply sorry for the inconvenience caused.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Daisy, can we get an update?  Is there anything being done to prevent the ads from popping up scam sites in the future?  Will this require a SDK update?  Unless something is done to prevent the script causing popups, I have a feeling the advertiser will continue to do this on the weekends when Microsoft is unavailable.

    Tuesday, April 30, 2019 10:24 PM
  • Are there any offical news on this? At least customer complains are decreasing…

    By the way, "Microsoft News" App ist also suffering this issue (have a look at latest 1* ratings).

    Friday, May 3, 2019 12:46 PM
  • Are there any offical news on this? At least customer complains are decreasing…

    By the way, "Microsoft News" App ist also suffering this issue (have a look at latest 1* ratings).

    Customer complaints are only decreasing because the ads typically run Friday evening through Monday morning.  The hours Microsoft is unavailable.  Unless they have put measures in place to prevent advertisers from popping up a browser without user interaction, this will continue every weekend.
    Friday, May 3, 2019 3:19 PM
  • Just as I said that the popup ads would continue on the weekend, users are reporting they are back.  No word from Microsoft on this after two weeks.
    Sunday, May 5, 2019 12:12 PM
  • What is the status here? is that problem already fixed?  is there website or ticket system to open an official ticket?
     

    &quot;Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.&quot;


    • Edited by emil_tr Tuesday, May 7, 2019 3:43 PM
    Tuesday, May 7, 2019 3:42 PM
  • What is the status here? is that problem already fixed?  is there website or ticket system to open an official ticket?
     

    &quot;Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.&quot;


    1) Status = still exists.

    2) Microsoft will be working extremely hard to find the problem (but not actually get anywhere)

    3) There is exactly zero point in any official ticket, weve all done that and all that happens is that in 3 months time the ticket will get closed and you revert to step 1 above.

    Tuesday, May 7, 2019 4:45 PM
  • My dad is having the same issue. He gets one of theese popups when playing Microsoft Mahjong.

    Urls look like this:

    https://chanelets-aurning.com/478f0183-3448-4c1e-b89a-8a7f2c52f324?dom=microsoftcasualgames.com&ub=adnexus



    Saturday, June 1, 2019 9:04 AM
  • Yes, this is sadly still going on. I noticed it myself today.

    When just scolling trough the (UK branded) Windows News App, each new page load - and with that loading of payd Advertisement, opens up scam/pishing sites.

    First it opens 

    https://chanelets-aurning.com

    which then forwards in a fraction of a second to advertiser

    https://track.nuxues.com

    which then forwards to the final scam website

    https://31c6e60138e4f991c8bb-d29c350405afd5134a844ec8cbb88f53.ssl.cf6.rackcdn.com/index.html?ip=46.91.xxxxx …(IP from Germany)

    As annoying and dangerous as it is from Microsoft, I ALWAYS believe that good apps (from Microsoft and independend app providers) should always be Ad-free. As one can clearly see, its dangerous for the user and will backfire one or the other way. Providing inapp subscriptions or a fair price is alwas better than the free, financed by ads approach.

    Saturday, June 1, 2019 11:56 AM
  • It's still happening. It's just started happening to me using Google Chrome - track dot nuxues dot com (had to put the spaces in because I might be trying to direct you all to a dodgy site, oh the irony) then redirected to spam sites. It's good to see Microsoft, having achieved a monopoly (basically), is still screwing it's customers. It's the only engineering where customers do the product development and are expected to pay for the privilege. By the time the operating system is actually okay they stop supporting it. Would ANYONE buy a car with these problems? 

    Bring back Windows 7 or NT - the last stable and reasonably reliable Microsoft operating systems.

    Saturday, June 1, 2019 4:49 PM
  • Windows 10 is stable.  The advertising SDK is NOT.  The vast majority of the crashes in my apps were from the advertising SDK until I figured ways around it.  Last I heard from the SDK team a few weeks ago, they have no plans to update the SDK, so don't expect the popup ads to stop any time soon.  They are basically playing wack a mole trying to stop the bad advertisers.
    Saturday, June 1, 2019 5:51 PM
  • Exactly the same here, reproduceable:

    Whenever I open an article from MSN - News or when I start a game from Ms Collections Edge is opened an the advertises come up. Obviously dangerous when follow the suggestions there.

    It does not happen, when I browse (with Edge) "normally"
    • Edited by didierhh Saturday, June 1, 2019 6:11 PM
    Saturday, June 1, 2019 6:09 PM
  • Well they don't seem to have done anything. Its happening in Microsoft Minesweeper today.  I blocked track.nuxues.com in my hosts file....


    Dave G4UGM

    Saturday, June 1, 2019 9:14 PM
  • I changed my hosts file by adding this:

    127.0.0.1 chanelets-aurning.com
    127.0.0.1 track.nuxues.com

    but it's still annoying because that doesn't prevent the system from popups. Any idea for that?

    I can't believe that this is happening in the year 2019.

    Stefan

    • Proposed as answer by pa3ddg Sunday, June 2, 2019 7:23 AM
    Saturday, June 1, 2019 9:55 PM
  • Hi Stefan,

    I got this idiot pop-up today (Sunday, June 2, 2019) as long as I was in the Microsoft games.

    CLosing every time edge with <ALT F4> did only close the pop-up shortly, leaving the Microsoft Games stopped the pop-ups, therefore I believe that the pop-ups are originating from MS games.

    So I modified my hosts file to 'block' these bogus sites.

    Microsoft, please fix your ads !

    Update: after modification of my hosts file. I started MS games and I got the pop-up again, but now at least I got the site not reachable as the hosts file is redirecting the URL to 127.0.0.1

    The hosts file is C:\Windows\System32\drivers\etc

    Copy thsi file to the desktop, use notepad to edit is, save it as hosts (thus not as hosts.txt) on your desktop and than copu it back to the original location at C:\Windows\System32\drivers\etc.

    You should get a message that the file already exists and if you want to overwrite it. Your response should be YES.

    If you do not get the message, than the file is not hosts, but hosts.txt.

    Your milage may vary

    Cheers,

    pa3ddg


    • Edited by pa3ddg Sunday, June 2, 2019 7:40 AM added that the annoying item comes from the MS advertising
    Sunday, June 2, 2019 7:27 AM
  • Same here and with a most annoying beeping:  http://www.microsoft.com-windows-booster.live/tonic2/?ip=176.249.141.40&campid=869e71a0-ff7c-45be-bbcd-2fbc40f86bc7&zn=2006&sc=a8a456ba-edc9-4326-80f5-1759b60ceed2&browser=Firefox&browserversion=Firefox%2067&city=Hounslow&os=Windows&osv=Windows%2010&model=Desktop&td=tracking.marketing&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A67.0%29%20Gecko%2F20100101%20Firefox%2F67.0&language=en&connection=XDSL&isp=British%20Sky%20Broadcasting%20Limited&carrier=&country=GB&cep=M9VsO_kWSJV3L2TatdLsGoK6R2e34X5VEC8hooj1L38H8C8cSD_pov1A8HZLHvR84T6S9V9ijvNTU97JeGvM3KcvcJm_TjERt1sxw8hFkauOfJLTT6hL-duEFaLQew0Z_7P4fd_jgAWeAXAyTLi2W1nKaLv3Hza8ouX4Nl23ZmbqhjgRxFSRgsEGVVyqhJV4rPPmQVAvyM05MpgPGLIfaCYs2tgE2blhQ-z7JCFg-KXEdpXWBpJ9GqX227yBDO7-&partner_id=2006&pid=2006-e937f67z&payout=%5B%5Bamount%5D%5D&clickid=6697834445375799700

    Definitely from you have run Malwarebytes, HitmanPro and Zemana  they have found no issues on my PC

    Sunday, June 2, 2019 7:39 AM
  • Wie kann es sein, dass Ms dieses Problem in mehr als zwei Wochen nicht in den Griff bekommt? Es liegt doch offensichtlich an der Werbung, die eingeblendet werden sollte.

    Wenn man den dunklen Modus einschaltet, sieht man ja, dass statt der Werbung eine weiße Fläche kommt und Edge mit dem Tracker und Virenwarnung kommt.

    Zwischenzeitlich könnte Ms (oder der Werbungs-Provider) ja mal die Werbung ausschalten, bis der Fehler gefunden ist.

    Sunday, June 2, 2019 2:49 PM
  • Hi,

    exactly the same here, when I opened an article in Microsoft News App (Windows 10 Pro).
    Firefox is opening with https://track.nuxues.com.


    • Edited by NGC1981 Sunday, June 2, 2019 4:47 PM
    Sunday, June 2, 2019 4:46 PM
  • Hi,

    I've been playing Solitaire a couple of times today and noticed the same pattern. When the game is open a new tab opens up. First the chanelets url, then the nuxues url followed by www.microsoft.com-shields-devices.live and the "3 virus warning" page comes up. New tabs open up only minutes apart from each other as well.

    The issue goes away when I close the game but re-appears hours later when I start the game again. I've run both Windows Defender and Malwarebytes without anything coming up.

    Sunday, June 2, 2019 5:31 PM
  • I had this today (2nd June 2019) in the UK - obviously the pop-up was in English and claimed I had 3 viruses and it then began attempting to download a package.  I was able to shut it down.

    My browser was closed - but I was on Microsoft Jigsaw at the time.

    I restarted my jigsaw and it happened again.

    I then ran Defender, which found nothing.  Malwarebytes did, however, identify a "track.nuxues" issue, with the file path ending \artur.dubovoy@gmail.com.xpi"  which had been placed in my flash video downloader folder - this was removed.

    So this infection is still out there, and appears to be active on the X-Box Live games.

    Sunday, June 2, 2019 5:54 PM
  • Same here in the Netherlands. 
    Started today when loading the news items in Microsoft News App. Upon opening every article (RTL news, nu.nl, nos.nl, etc) Chrome (the default browser) gets opened. 
    I blocked the sites in the hosts file, but now it opens the error page. 

    Sunday, June 2, 2019 6:59 PM
  • This started with me whilst using MS Minesweeper and Sudoku Apps this AM in Dorset UK.

    Occasional instances also when using Edge browser.

    Persisted after updating OS to 1903.

    track.nuxues.com

    Intercepted by Sophos AV, but very annoying.

    Nothing detected by Windows Defender quick scan.

    Will run Sophos full scan overnight

    Sunday, June 2, 2019 9:27 PM
  • A customer of mine had the problem as well this morning: opening folders in Outlook.com led to a script block by ESET Internet Security, making access to email impossible. I ended op blocking web access to https://chanelets-aurning.com and https://track.nexues.com in Eset and cleaning cookies, cache and history for MS Edge before starting Edge again and accessing Outlook.com. That seems to solve the problem for now, email and folders are accessible again… Fingers crossed
    Monday, June 3, 2019 10:09 AM
  • Exactly the same every time Outlook .com is opened 'track nexues' is blocked by ESET.

    Threat: JS/Adware.Agent.AF application

    MS should remove all adverts from Outlook .com till they are sure they are harmless.


    • Edited by mceman Monday, June 3, 2019 2:28 PM
    Monday, June 3, 2019 11:12 AM
  • Hi all,

    The relevant team of Ad has informed me today that they are dealing with this problem today, we are deeply sorry for the inconvenience caused.

    Best regards

    Daisy  Tian



    So more than 1 month on and what a surprise nothing been fixed as far as developers can tell.

    Even the technical press have picked up on the inability to perform basic tasks like 'vet the inventory'

    Tech press article on this issue

    Being "deeply sorry" is all well and good, how about actually fixing the issue, or at least attempting to fix it + communicate whats happening...

    Tuesday, June 4, 2019 7:15 AM