Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups in browser


  • This topic is locked This topic is locked
27 replies to this topic

#1 quatin

quatin

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 16 April 2012 - 09:04 PM

I'm having pop-up ads in my browser window, regardless of what website I'm on.

I have run the following programs:
Spybot - nothing
Adaware - BSOD, recovered
AVG 2012 - Trojan in temp internet files, cleaned
Malware Bytes - nothing

The problem still persists. I ran Hi-Jack This and found some host entries IE googleanalytics, ad-emea.doubeclick.net. The hosts file does contain these entries and I am not having success deleting them out of the host file. Around the same time of the appearance of the pop-ups, my e-mail account was hacked as well.

Any help on the issue?

BC AdBot (Login to Remove)

 


#2 SirNOMNOM

SirNOMNOM

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:57 AM

Posted 16 April 2012 - 09:11 PM

It is probably the case that you are the victim of a keylogger if youre email was hacked and maybe you have some stubborn adware. Maybe you should try A diff Browser if thats the case,as for youre email I cant help try changing the password EDIT:I cant be sure on the keylogger part but who knows?

Edited by SirNOMNOM, 16 April 2012 - 09:14 PM.


#3 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 16 April 2012 - 09:26 PM

The key-logger makes sense. I was browsing a website that later had an announcement about a trojan being propagated through their ads. If the key-logger is still on me, wouldn't they just catch me changing the password? :wink:

Anyways, I don't care about the e-mail account too much, but getting this malware off my primary computer is a priority. After investigating, I noticed my windows firewall was "off", which is suspicious since I turned it on when I got the computer.

*Update
I've managed to edit out the host file in safe mode and put it in read-only. The pop-ups have disappeared for now, but I suspect the program is still active. Hijack-this still shows the google-analytics and doubleclick as O1 and unfixable. I'm guessing I have a multi-functional malware and pop-ups was just one symptom.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 17 April 2012 - 09:27 AM

To reset the HOSTS file automatically, you can use Posted Image
  • Click the Fix it button above or read How to reset the hosts file back to the default
  • Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop.
  • Double-click on it to run and follow the promots in the Fix it wizard.
if you want to manually fix the HOSTS file, then follow these instructions: How to manually reset the HOSTS file



Please download and scan with the Kaspersky Virus Removal Tool from one of the following links and save it to your desktop.
Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe), select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box to accept the license agreement and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan. Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2011.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 18 April 2012 - 08:48 AM

I had some trouble with the AVS. 30 minutes into the scan, it found a few infected files, but the program froze up and I had to kill it. I started a new scan successfully, but I don't know if the log files were saved anywhere. The estimated completion time was 16 hrs, so I left it running overnight and should get something this evening.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 18 April 2012 - 12:33 PM

I understand.

Just so you know, the speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk size and used capacity (number of files that have to be scanned).
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Whether it stalls, hangs or freezes.
  • Interference from malware.
  • Interference from the user (whether or not you use the computer during the scan).

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 18 April 2012 - 07:37 PM

Status: Disinfected (events: 4)
4/17/2012 8:49:57 PM Disinfected Trojan program Exploit.Java.CVE-2010-0094.ap C:\Documents and Settings\Jimmy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-5feb7850 High
4/17/2012 8:49:57 PM Disinfected Trojan program Exploit.Java.CVE-2010-0094.ao C:\Documents and Settings\Jimmy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7432f84b-227ea251 High
4/17/2012 8:49:57 PM Disinfected Trojan program Exploit.Java.CVE-2010-0094.ao C:\Documents and Settings\Jimmy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7432f84b-227ea251/main.class High
4/17/2012 8:49:57 PM Disinfected Trojan program Exploit.Java.CVE-2010-0094.ap C:\Documents and Settings\Jimmy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-5feb7850/main.class High

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 18 April 2012 - 07:48 PM

Your scan results indicate a threat(s) was found in the Java cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:If you want to perform a more thorough browser clean up, please refer to:
Also be aware that older versions of Java have vulnerabilities that malicious sites can use to exploit and infect your system.That's why it is important to always use the most current Java Version and remove outdated Java components.
You can verify (test) your JAVA Software Installation & Version here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 18 April 2012 - 07:59 PM

Well, I was just turning on the computer to do just that, but now the display won't come up. I popped the box open just to make sure the graphics card didn't somehow come loose, but everything looks fine. I do notice that both case fans will come on for 2-3 seconds during power up and then shut down.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 19 April 2012 - 06:08 AM

By display not coming up, do you mean your Desktop is not loading or do you mean your monitor screen is blank?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 19 April 2012 - 08:44 AM

My monitor screen is blank. I called Dell Support since I'm under warranty and the conclusion is the motherboard is dead. I'm getting a new one shipped on Friday. Any thoughts on what happened here? Is it a lucky coincidence or was there something related?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 19 April 2012 - 09:23 AM

I suspected as much. From what you describe, this is a hardware issue which could be caused by any number of factors. The MB usually lasts longer than the warranty but if you keep a computer for a long time...they eventually go bad. I have already replaced two on my machine. Good thing yours is still under warranty.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 19 April 2012 - 09:35 AM

Assuming the motherboard is the fix, anything I should watch out for before continuing this malware removal?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:57 AM

Posted 19 April 2012 - 09:58 AM

Once the new MB is installed, we will need to know how your machine is running and if you are still having an issue with pop-ups.

But don't forget to clean out all your browser cache folders first.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 quatin

quatin
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 24 April 2012 - 09:16 PM

Took two MBs, but the machine is finally working. The pop-ups still persist. They seem to return at random intervals almost as if I'm getting re-infected after any AVs remove it.

*I did clean the caches.

Also, the Kapersky software is no longer on my machine. I didn't uninstall, but perhaps the technician did a system restore? Any way to check?

Edited by quatin, 24 April 2012 - 09:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users