Ads infested my browsers and driving me insane!

N

Nesh

Double Agent
Legend
My Labtop is probably infected by some spyware or something that cannot be detected by Microsoft Security Essentials, Spy Bot or by ESET Antivirus!

Almost any page I enter I get ads either on the bottom left or on the bottom right of the screen. Its God damn annoying.

I get this in every Internet Browser I use. Firefox? Chrome? IE? All of them. I could get rid of the problem with AdBlock add on in firefox. But it doesnt really remove the infestation. It just blocks it and I still get them in my other browsers.

Does anyone know how to get rid of this?
 
Have you tried Malwarebytes Anti-Malware? I haven't really been keeping up on the anti-malware scene but that used to be a really good tool to use.

Regards,
SB
 
Install a good solid software firewall and block everything. Then start your browser and try to access something, see what triggers the firewall...
 
Oh and one more thing. It's adviseable to run the anti-malware programs from safe mode if you aren't getting any hits. There's less chance of malware doing something dodgy to prevent detection then. There's been quite a few pieces of malware that initially could only be detected by doing that.

Regards,
SB
 
Chances are reinstalling windows will save you a lot of time and frustration compared to trying to get rid of whatever it is that infected your system. Besides, this way you can be sure you got rid of it and not have something left in the background that might still be spying on you.
 
Or try a rescue CD (Kaspersky, BitDefender, etc). They boot from the CD / USB stick that you load their ISO onto, so they sidestep Windows entirely. Dunno whether they'll detect your particular malware or even fix it, but they're worth a shot.
 
Grall said:
Install a good solid software firewall and block everything. Then start your browser and try to access something, see what triggers the firewall...
Click to expand...
Is there a good one you recommend?
:smile:

Silent_Buddha said:
Oh and one more thing. It's adviseable to run the anti-malware programs from safe mode if you aren't getting any hits. There's less chance of malware doing something dodgy to prevent detection then. There's been quite a few pieces of malware that initially could only be detected by doing that.

Regards,
SB
Click to expand...
Did it in safe mode. Detected two files. Deleted. Still hasnt solved the issue :(

Davros said:
also try hijack this post your logfile here
http://www.trendmicro.co.uk/products/free-tools-and-services/index.html
Click to expand...
I am a little confused as to what I have to do :p

Pete said:
Or try a rescue CD (Kaspersky, BitDefender, etc). They boot from the CD / USB stick that you load their ISO onto, so they sidestep Windows entirely. Dunno whether they'll detect your particular malware or even fix it, but they're worth a shot.
Click to expand...
I dont know why but I get a Boot Error with both Kaspersky and BitDefender. :???:

AlStrong said:
You might try this: http://live.vipreantivirus.com/
Click to expand...

Going to try that too in a few minutes. Hope that works
 
Nesh said:
Is there a good one you recommend?
:smile:
Click to expand...
Very sorry; that's beyond my area of expertise I'm afraid. I only use the standard windows firewall which most likely is not as capable as most stand-alone stuff I'd think.

Anyway, the issues you're having trying to find whatever's bugging you, sure your time wouldn't be better spent just nuking everything from orbit? After all, it's the only way to be sure. :p
 
Nesh said:
I dont know why but I get a Boot Error with both Kaspersky and BitDefender. :???:
Click to expand...
I'm guessing you put the ISO on a flash drive, but did you use Unetbootln (or whatever that program is called) to get it on there in a bootable fashion? Or is your BIOS the culprit?

BTW, dunno the state of wifi (read: WPA2) implementations on those rescue CDs, but if you're near an ethernet cable, they can update themselves to the latest definitions.

Does Opera exhibit the same behavior? Just curious how comprehensive this malware is.
 
Viberrescue detected 4 more files which supposedly removed and/or quarantined
Still I get the ads

Pete said:
I'm guessing you put the ISO on a flash drive, but did you use Unetbootln (or whatever that program is called) to get it on there in a bootable fashion? Or is your BIOS the culprit?

BTW, dunno the state of wifi (read: WPA2) implementations on those rescue CDs, but if you're near an ethernet cable, they can update themselves to the latest definitions.

Does Opera exhibit the same behavior? Just curious how comprehensive this malware is.
Click to expand...
I used the Kapersky Rescue2USB to get it into a USB just as suggested from the Kapersky site.
I dont know what is the fault. I went to the Bios and I have set the priority to the USB when trying to boot instead of CD or HDD.

IE, Firefox and Chrome exhibit the issue but I havent installed Opera yet to try it but I am sure it will have the problem
Davros said:
run hijackthis
better link
http://sourceforge.net/projects/hjt/files/latest/download

click scan
click save logfile
post contents here
Click to expand...
Ok.

I have run it and I get a warning which you can see in the image attached. I believe there is something wrong with the host
Untitled.png

Here is the log
View attachment hijackthis.zip
I suspect the following findings from the log file
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.

Now how do I get rid of them I have no idea and I am not 100% sure its them. ANyways I do as what I am suggested by the warning window,I delete them from the notepad but it saves the log in some location, perhaps other than the one it should have because everytime I run "notepad c:\windows\system32\drivers\etc\hosts" they are still in there (paradoxically it tells me the hosts.txt file was save in that same path so it shouldnt have had these entries after I deleted them)

edit: That thing is crazy. I even deleted the Host.txt file altogether from the directory c:\windows\system32\drivers\etc\hosts and when I still type this path from "start->Run" it opens a hosts.txt file with those contents and I have no idea how on earth does it do that when the file is in the recycle bin

Am I doing something wrong?
 
hosts.txt is a harmless windows system file. From what I've been told, it's basically a way to completely block certain sites from being accessed. If a site is listed there, you shouldn't be able to communicate with it via IP protocol at all, at least if you're using windows' own IP stack. I've never had to use it myself, thankfully.
 
Grall said:
hosts.txt is a harmless windows system file. From what I've been told, it's basically a way to completely block certain sites from being accessed. If a site is listed there, you shouldn't be able to communicate with it via IP protocol at all, at least if you're using windows' own IP stack. I've never had to use it myself, thankfully.
Click to expand...

No, it's the other way around. It hard codes IP addresses to host names to offset DNS.

It is however an irrelevant file and not needed. You can rename it if something is maliciously writing to it. But it's more important to find what is writing to it because that's not normal. Nothing non-malicious programatically writes to that file.
 
edit your hosts file delete the following lines
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.

go here : do steps 3/4 6 and 7
http://forums.anvisoft.com/viewtopic-45-1183-0.html

ps: how to edit hosts file
http://support.microsoft.com/kb/923947
 
Those entries in your hosts file are wrong, period. They shouldn't be there (but there may be other issues).

In any case, first go to Start->Control Panel->Folder Options
Make sure 'Show hidden files, folders and drives' is selected.
Deselect 'Hide extensions for known file types' and 'Hide protected operating system files (Recommended)'.
Ignore the warning. Now Explorer will actually show your filesystem the way it is.

Follow Davros' link above to get write access to 'hosts' file.

Now go to \Windows\System32\drivers\etc and edit 'hosts' with notepad. Delete those entries (basically, all lines in the file should start with a #, which means they are a harmless comment).

Save the emptied out hosts file. It will create a file called 'hosts.txt' because that is what notepad does. Delete the file called 'hosts' and rename 'hosts.txt' to 'hosts'. That should fix this.

Rerun Hijack This and make sure all the automatically starting programs and browser helper objects are legit.
 
also delete any files in C:\Users\Davros\AppData\Local\Temp
(replace Davros with your username)
its hidden by default
 
You must log in or register to reply here.

Similar threads

orangpelupa
LG OLED as PC Monitor: The bad and the good
2 3 4
Replies
65
Views
27K
orangpelupa
orangpelupa
Rys
Subscriptions and Donations
3 4 5
Replies
96
Views
32K
entity279
E
G
Disable all addons/plugins for IE entirely, forever for all eternity - how?
Replies
6
Views
2K
zed
Z
digitalwanderer
My Mom's laptop is driving me nuts, help please!
2
Replies
20
Views
5K
digitalwanderer
digitalwanderer
S
My XP install is semi-dead...
Replies
9
Views
1K
Sobek
S
Back
Top