Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified malware causes constant popups in bottom corners of the screen


  • Please log in to reply
8 replies to this topic

#1 NeuroScientist

NeuroScientist

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 27 February 2013 - 11:40 PM

For the last few weeks I've had an extremely annoying popup problem and I can't figure out what is causing it and how to get rid of it. I use internet explorer and almost every website I go to has these popup windows show up on bottom corners of the screen - sometimes right corner, sometimes left corner and often both. I read that those posting for help should describe the issue in as much detail as possible so I will do my best to do so.
 
The right bottom corner popups are predominantly two kinds:
1) One of the right corner popups is rectangular in shape and fairly large in size. On the top right corner of this popup window it always says "Chitka" (not "Chitika") but that's pretty much the only thing that is consistent from one to the other. The rest of the time this window says "Searching for...?" and it always fills in the blank with whatever I was typing. It I type "computer malware chitka" it says "Searching for computer malware chitka?" There is a "click here" botton in this popup window and if you click on it you are taken to this website that looks like a search engine (very much like google search page) that says "find Gala" instead of "Google" and a search bar. I have avoided typing anything in the search bar. It might be important to mention that you CAN NOT click out of this popup window and it stays on your webpage until you either close the page or click to go somewhere else (there is no "x" or any type of way to click out of this popup). I have attached a picture of this popup (rectangular in shape) as well as the website it takes you to if you click on it (find Gala).
2) The other right corner popup is a smaller square window that has a very similar theme to facebook (colors, text font, etc.) and it also seems to duplicate whatever I type or whatever website I am on. Even if I don't type anything but just to go a sports website and click on tennis section for example, this popup will say something about tennis racquets or apparel. This popup has a little "x" that allows you to click out of it. I have attached two pictures of this popup (square in shape and has facebook color theme).
 
The left bottom corner popups are always square in shape but there are many different types that pop up all the time. I have attached a few pictures titled just to give you examples. These also have the "x" that allows you to click out of them but they appear again.
 
I have Microsoft Security Essentials that I update often and run but it does NOT detect any malware! Furthermore, I also have MalwareBytes Anti-Malware and it also does NOT detect any malware to remove!
 
Please help me figure out what is causing these popup windows and how to get rid of them.
 
Thanks for your time!

Attached Files


Edited by Blade, 28 February 2013 - 01:03 AM.
Moved from Windows Vista to AII - Blade


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 28 February 2013 - 01:13 AM

Hello,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • List Installed Programs
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

~Blade

In your next reply, please include the following:
Result.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 NeuroScientist

NeuroScientist
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 28 February 2013 - 10:46 AM

Hi Blade,

I downloaded MiniToolBox, checkmarked both checkboxes as you had requested and ran it. Below are the results:

 

MiniToolBox by Farbar  Version:10-01-2013
Ran by XXXX (administrator) on 28-02-2013 at 10:42:05
Running from "C:\Users\XXXX\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

=========================== Installed Programs ============================

Adobe Acrobat 9 Pro (Version: 9.5.2)
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AoA DVD Ripper
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
CyberLink YouCam (Version: 3.5.1.3908)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 1.6.16)
EndNote X6 (Version: 16.0.1.6599)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FinePrint (Version: 6.25)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.5.1)
HP Connection Manager (Version: 4.0.45.1)
HP On Screen Display (Version: 1.1.2)
HP Quick Launch (Version: 2.3.6)
HP Software Framework (Version: 4.0.110.1)
HP Support Assistant (Version: 6.0.5.4)
IDT Audio (Version: 1.0.6329.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
iTunes (Version: 10.5.2.11)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Lexmark 2500 Series
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Ralink Motorola BC8 Bluetooth 3.0+HS Adapter (Version: 3.0.42.298)
Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.01.16.1)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
Recovery Manager (Version: 2.0.0)
ResearchSoft Direct Export Helper
Skype™ 6.0 (Version: 6.0.126)
Synaptics TouchPad Driver (Version: 15.3.29.0)
U3Launcher (Version: 1.0.0)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Xvid 1.2.2 final uninstall (Version: 1.2)
Yahoo! Messenger

**** End of log ****



#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 02 March 2013 - 03:22 PM

Hello,

This is probably caused by a malicious browser extension. To do this, we need to reset IE back to default settings.

Please follow the steps in this guide: http://windows.microsoft.com/en-US/windows7/Reset-Internet-Explorer-settings

Afterwards, let me know if you continue to experience the issue.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 NeuroScientist

NeuroScientist
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 03 March 2013 - 02:29 PM

Yesterday evening I followed the directions in the guide you had provided the link for and reset Internet Explorer back to default settings. At first it seemed that the problem with all the popups had been solved as I browsed the web a little just to see if they would appear but they did not. I did not use my computer much after that.

 

However, the same popups appeared again today and I am not sure why. I don't seem to understand whether the problem was solved and the computer got infected again (is it possible there is some type of malware that is "hiding" somewhere without being detected and keeps infecting the computer over even after I presumably solved the problem?) or if it was simply never solved.

 

I would like to emphasize that since reseting the IE last night, I have not used my laptop much and have only visited several reputable news and sports websites (CNN, ESPN, NFL,etc.) and checked my e-mail...i have not downloaded anything, i have not visited any websites that would be considered non-secure and could potentially infect the computer.

 

I just ran a full scan with Malwarebytes Anti-Malware and the resuults are below:

 

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2013.03.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXXX :: XXXX [administrator]

3/3/2013 1:22:51 PM
mbam-log-2013-03-03 (13-22-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413746
Time elapsed: 42 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Please advise what I should do next.

 

Thanks.



#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:10 AM

Posted 04 March 2013 - 06:44 PM

At this point it's probably a good idea to take a closer look.

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (1-3 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 spotman2013

spotman2013

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 09 March 2013 - 12:33 PM

I am having similar problems with my home desktop, laptop, Android tablet and wife's iPad and have been searching for a solutions off and on for almost three weeks - almost ready to give up and declare acceptance.

 

I'm using Windows 7 with IE9 and the pop-up blocker is on.

 

The popup advertisements (long retangular boxes) on our machines float in from the bottom of the screen, sets there for 5-6 seconds then floats away/disolves.

 

I get a prompt along with them that "Internet Explorer has blocked (i.e.) ad-emea.doubleclick.net."

 

I've used the malware removal tool (Malwarebytes) but it doesn't find anything.

 

I've went into the hosts file (C:\Windows\System32\drivers\etc) and added the address (ad.doubleclick.net) to it and it appears that when that sites hits my browser the page content is blocked but the box still appears with an error - page couldn't load etc.

 

Important (seems to be)...when I'm on our school network, I don't seem to get the ad popups - it's only on my home network.  I've reset both the modem and the router - doesn't fix.

 

The only software that I've added as of late is tax preparation software but my grandson does have his gaming box connected to the network and does his social networking on our desktop machine.

 

Any help would be greatly appreciated!  As i mentioned above, I'm almost ready to give up on this issue.



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:10 AM

Posted 09 March 2013 - 12:53 PM

spotman2013

 

Create a new topic

 

Thanks



#9 spotman2013

spotman2013

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 10 March 2013 - 12:54 PM

BC Advisor, sorry if I posted to the wrong group/topic - new to forum.

 

Thanks for suggesting/directing to create a new topic - much appreciated.

 

Spotman2013






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users