Ads infested my browsers and driving me insane!

[Nesh]

Ok!! Done everything as you suggested. I cant find any suspicious entries in the log file now.
I have opened by browsers and checked a few sites. No ads!!

I will let you know in case I find out later that ads appear
But so far it looks like it have worked great!!

Thanks guys!!!!!

 

[Grall]

Whee! Good for you!

 

[Blazkowicz]

No, it's the other way around. It hard codes IP addresses to host names to offset DNS.

Yes.
It can be used to block domains (some people do this for ad servers) by directing them to 127.0.0.1

It is also useful to give accessible names to your computers in a LAN, without relying on Windows workgroups
so if you have 192.168.0.36 mylinuxbox, you can now do "ping mylinuxbox", "ssh root@mylinuxbox", "ftp mylinuxbox" etc. instead of dealing with IP numbers. This spares you installing a local DNS for a handful of boxes.

 

[Mize]

Format and reinstall windows.

No offense, but this is like the stock "microsoft certified" IT-guy answer. I agree with XP there were times when this would be faster, but w7 is far easier to clean up with a small amount of work. I simply hate having to start my OS from scratch again...

 

[Blazkowicz]

In the 9x and XP days it was good to be able to do that quickly, have the drivers handy, codecs and software, it was reasonable if you were working on a computer that was very slow to scan and suffered cruft anyway.

Now I agree you can just clean up adware and continue using it, even back in the days you could do this most times, with Ad Aware SE.
Adware is typically not sosphiticated malware.. If you have a strong infection, it's where you can consider format/reinstall. You may have both a virus and the antivirus watching every I/O, making the computer very slow, scans take hours (I've seen this at least on XP)

With particularly high end malware such as ZBOT, you may have to format/reinstall and delete every single executable file on your hard drive (including .dlls)
The PC was mildly modern (Pentium M, 1GB ram) but dog slow (rather felt like some piece of crap celeron 466)
After the aforementioned very long scans (plus one done in safe mode) the ZBOT triggered a countermeasure that infected damn everything.
Of course, that's the worst case. But when dealing with computer security, if you don't know better you assume the worst case so I can see a rationale for a blanket advice "format it". To which I add, "delete fucking everything" : driver/software/codec installers, and all your games.

 

[Blazkowicz]

Install a good solid software firewall and block everything. Then start your browser and try to access something, see what triggers the firewall...

A firewall doesn't do anything in situations like this.
You get the adware or malware through the browser (unpatched vulnerability, or flash or adobe reader vulnerability, or tricking the user in installing an .exe file to view porn or play poker)
Then it makes your browser request some "content" to display it under your nose (and cookies, javascript).
So, not only everything happens on port 80, it's stuff that your browser "wants".

Your firewall would need a maintained blacklist to help you.
So there are the solutions where everything your browser requests is sent to your antivirus provider first ("link scanner")

 

[upnorthsox]

Yes.
It can be used to block domains (some people do this for ad servers) by directing them to 127.0.0.1

It is also useful to give accessible names to your computers in a LAN, without relying on Windows workgroups
so if you have 192.168.0.36 mylinuxbox, you can now do "ping mylinuxbox", "ssh root@mylinuxbox", "ftp mylinuxbox" etc. instead of dealing with IP numbers. This spares you installing a local DNS for a handful of boxes.

You're agreeing with me, correct?

 

[Malo]

I'd still run Combofix from bleepingcomputer.com just in case you still have something that did the hosts editing. Download it on another computer then copy it to yours and run it, disabling any and all security software you have before running it.

 

[Grall]

A firewall doesn't do anything in situations like this.

It should tell you what servers the browser is trying to make connections to, which could be helpful perhaps. Also, if there's some malware process hiding somewhere, trying to make connections to a command and control server you'd see that too - which would be very helpful.

 

[Davros]

A firewall certainly helped me with a malware infection
it popped up a message C:\Users\Davros\AppData\Local\Temp\randomcharacters.exe is trying to acess the internet allow or deny
1. It alerted my I had a rogue program on my pc
2. it prevented it going online and downloading more crap

 

[Blazkowicz]

so, I gave a very excessive judgement regarding firewall.
adware could need to access the net to download a new list of ad servers. (or it could be fire&forget, be ran only once and let the ad servers deprecate)

You're agreeing with me, correct?

yes.
I wanted to chatter about what you can do with the file (it's more proeminent on linux/unix systems, its path is /etc/hosts there)

 

[upnorthsox]

so, I gave a very excessive judgement regarding firewall.



yes.
I wanted to chatter about what you can do with the file (it's more proeminent on linux/unix systems, given itspath is /etc/hosts there)

Yes, my first encounter with the host file was in the mid 90's and we went to a mixed environment (tcpip/token ring). ethernet/active directory DNS didn't play well with things on the token ring (Novell servers, AS400). To get around it we'd hard code the AS400 etc.. into the host file.

Nowadays, I find that I'm going back to it more and more for cloud service hosts that aren't part of our base DNS discovery or things that are being effected by the net-nanny. I also use it for virtual addresses to things like web services and ftp sites.

 

[Mariner]

Did you try scanning with Malwarebytes as suggested by Silent_Buddha? It's very good at discovering whether or not you have any worms/trojans/rootkits/other nasties infecting your computer. Not so good at getting rid of them, but if you find something which can't be removed easily, Combofix (as recommended by Malo) can generally do the job.

The trojans and other infections are getting more and more clever these days as I've a PC infected in the past even when running up to date AV software and firewalls. Even the best AV software doesn't tend to catch every variant.

 

[Davros]

Another tip : do not have adobe acrobat set up to automatically open pdf files in your browser

 

[Grall]

Another tip : do not have adobe acrobat set up to automatically open pdf files in your browser

Another tip again: don't even have that adobe acrobat shit installed on your PC in the first place. Use Foxit reader or somesuch instead.

 

[Davros]

Better still!
Thats what i did after some malware tried to infect me via a shady pdf file embedded in a web page