Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help getting rid of nym1.ib.adnxs


  • Please log in to reply
9 replies to this topic

#1 kdk

kdk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 06 December 2013 - 09:08 AM

Hello,

 

I keep getting popup ads on a specific website that I visit quite often. When I inspected the elements, I saw the following:

 

<script type='text/javascript'>document.write('<a href="http://nym1.ib.adnxs.com/click?Qnxgx3-B3D9CfGDHf4HcP9V46SYxCOg_Qnxgx3-B3D9CfGDHf4HcPw_vqU7wYoxrVcxiWaoYCiLs2KFSAAAAANB8FQAdAgAAHQIAAAIAAACtH3sA_IUCAAAAAQBVU0QAVVNEACwB-gDujQAAsKgAAQQCAQIAAIYASih13gAAAAA./cnd=%21bgbzOgjq1G8Qrb_sAxj8iwogBA../referrer=http%3A%2F%2Fwww.askdandrew.com%2Fposts%2Fintroduction-to-module-four--2/clickenc=http%3A%2F%2Flp.sharelive.net%2F%3Flpid%3D2471%26sysid%3D406%26appid%3D286%26subid%3Dnym1CNWYi8ullYaFIhACGI_ep_WE3pjGayINMTczLjY2LjIyMy4xNigB" target="_blank"><img width="300" height="250" style="border-style: none" src="http://cdn.adnxs.com/p/a5/5c/5a/53/a55c5a53246bca90a09d09e563f40867.gif"/></a>');

document.writeln('<script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "6035951", c3: "137890" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https:\/\/sb" : "http:\/\/b") + ".scorecardresearch.com\/beacon.js"; el.parentNode.insertBefore(s, el); })(); <\/script> <noscript> <img src="http:\/\/b.scorecardresearch.com\/p?c1=8&c2=&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" \/> <\/noscript>');</script><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035951&c3=137890&c4=&c5=&c6=&c15=&cv=2.0&cj=20" style="display:none" width="1" height="1"/><script type="text/javascript">document.write('<scr' + 'ipt src="http://cdn.adnxs.com/ANX_async_usersync.js"></scr'+'ipt>');</script>

 

It also says it's a BFASlidin. This ad seems to pop up only on certain pages. I have no idea how to take it off. I've tried Malwarebytes, but it doesn't seem to detect anything. Please help.

 



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:41 AM

Posted 06 December 2013 - 09:55 AM


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 kdk

kdk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 06 December 2013 - 12:43 PM

Here they are.

 

# AdwCleaner v3.014 - Report created 06/12/2013 at 12:18:59
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lakeisha King - LAKEISHAKING-PC
# Running from : C:\Users\Lakeisha King\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Lakeisha King\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1724 octets] - [03/12/2013 01:43:43]
AdwCleaner[R1].txt - [901 octets] - [03/12/2013 02:25:09]
AdwCleaner[R2].txt - [899 octets] - [03/12/2013 03:06:36]
AdwCleaner[R3].txt - [1150 octets] - [03/12/2013 03:45:39]
AdwCleaner[R4].txt - [1270 octets] - [03/12/2013 15:19:45]
AdwCleaner[R5].txt - [1330 octets] - [03/12/2013 20:56:37]
AdwCleaner[R6].txt - [1451 octets] - [05/12/2013 12:15:32]
AdwCleaner[R7].txt - [1575 octets] - [06/12/2013 12:17:48]
AdwCleaner[S0].txt - [1805 octets] - [03/12/2013 01:45:27]
AdwCleaner[S1].txt - [961 octets] - [03/12/2013 02:26:59]
AdwCleaner[S2].txt - [959 octets] - [03/12/2013 03:07:52]
AdwCleaner[S3].txt - [1212 octets] - [03/12/2013 03:46:53]
AdwCleaner[S4].txt - [1392 octets] - [03/12/2013 20:58:31]
AdwCleaner[S5].txt - [1512 octets] - [05/12/2013 12:22:15]
AdwCleaner[S6].txt - [1496 octets] - [06/12/2013 12:18:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1556 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lakeisha King on Fri 12/06/2013 at 12:26:43.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/06/2013 at 12:35:08.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Farbar Service Scanner Version: 05-12-2013
Ran by Lakeisha King (administrator) on 06-12-2013 at 12:39:04
Running from "C:\Users\Lakeisha King\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:41 AM

Posted 06 December 2013 - 07:01 PM

Can you post the log from Malwarebytes?

#5 kdk

kdk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 06 December 2013 - 08:51 PM

I just ran it again, today. Here is the log. I uninstalled my older version of Malwarebytes. Again, the pop ups/slider ads seem to appear only on one site whether it's opened with Chrome or IE.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.06.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Lakeisha King :: LAKEISHAKING-PC [administrator]
 
12/6/2013 7:12:39 PM
mbam-log-2013-12-06 (19-12-39).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393669
Time elapsed: 1 hour(s), 34 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 kdk

kdk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 07 December 2013 - 09:50 AM

Just noticed cdn.adnxs on Adobe Flash Players website storage settings. I deleted it. Hoping for the best since the above downloads didn't find anything.



#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:41 AM

Posted 07 December 2013 - 10:39 AM

Can you private message me the link so I can see the site?

#8 kdk

kdk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 07 December 2013 - 11:05 AM

I can post a screen shot if that would be helpful.



#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:41 AM

Posted 07 December 2013 - 11:05 AM

Yes please post a screenshot

#10 kdk

kdk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 07 December 2013 - 11:45 AM

oops. I instant messaged you instead by accident..lol. Hopefully, you saw the screen shot.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users