Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Impossible To Remove Adware: Adssite Please Help!


  • Please log in to reply
1 reply to this topic

#1 raid517

raid517

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 24 December 2007 - 07:19 AM

Hi I think I have found a new kind of infection. This infection is an addserver called 'adssite'. It appears to be a very pervasive infection as literally none of the most widely known and respected spyware or malware removal tools appears able to remove it. Moreover this infection appears to be specific/restricted to the Firefox web browser only.

I will attempt to list the tools and utilities I have tried in order to remove this infection:

Adaware
Spybot SSD
Sunbelt Software Counterspy
SuperAntiSpyware
avenger.exe
ATF-Cleaner.exe
Avg Anti-Rootkit
Avg Anti Spyware
Hijackthis
CCcleaner.exe
Trend Micro Housecall.
Microsoft Windows Defender.

I have tried every known guide available on the Internet to try to get rid of this infection - but to no avail.

Then I had a bit of a breakthrough. I noticed that the ads were only being served by the Firefox browser - and only in a Firefox web page, when Firefox was running.

I checked all of the extensions and addon's in Firefox and this revealed nothing malicious or suspicious at all. (I of course removed all of the unwanted/unneeded software I could find from add/remove programs and disabled unneeded startup items in msconfig before even beginning this process).

The final and only conclusion I could come to therefore (and one that I am certain some people here will disagree with/dislike vehemently) is that it was the actual Firefox executable itself that had been hacked/replaced/infected.

In order to test this, after trying every possible other avenue I could think of, I opted finally to uninstall Firefox.

Now after 2 days of using IE (which I hate), there have been no more unwanted/unrequested pop-ups.

Call me crazy if you want, but my guess is that on this machine (which isn't mine BTW), it seems the owner agreed to install some malware, which in turn caused the original Open Source Firefox executable to be replaced with a hacked version - so that every time Firefox was started, the Malware reinstalled itself again.

There were no hidden memory processes, no other suspicious software installed - every anti-spyware grayware app I tried reported a clean system (at least until I restarted Firefox) and there were no indications of anything else wrong at all.

So tell me I'm crazy. Tell me it ain't so. But more than that, tell me how to reinstall Firefox without risking infection again?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:36 AM

Posted 24 December 2007 - 01:41 PM

Hello my only suggestion would be if you can upload those files to here in hopes of a solution for all.
Virustotal

Jotti's malware scan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users