Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trouble with rvxr-a.akamaihd.net & ad.directrev


  • Please log in to reply
20 replies to this topic

#1 maya217

maya217

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 09:07 PM

I'm using windows 7, and mostly google chrome.

suddenly i get these popups from the sites mentioned in the topic title.
the content is sometimes blocked by my plugins, and i don't have any other issues,
but the windows are still opening up every half an hour or so, especially on login pages,
so now its going from annoying to worrying ...

I tried to get it solved by investigating with a google search.
usually i can manage to get rid of these things after following guides online,
(seeing as i have a partner who always have "bad luck" with computers, this isn't the first time)

but now after a few hours im starting to give up. i've tried multiple guides online, it seems to be ok, but then they start coming back.. those damn popups ..  so i surrender and i hope someone more professional can help with this.

so far i've tried malwarebytes, cloud system booster, anvi smart defender, adwcleaner, JRT, ccleaner ... (losing count here).
i really thought i'd get through this without using safe mode and all that, but now im not too sure anymore..


Edited by maya217, 16 January 2014 - 09:08 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:59 AM

Posted 16 January 2014 - 09:22 PM

Please read and follow the instructions in this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 09:40 PM

okay, thanks! should i post my results in this topic or in the other topic?


Edited by maya217, 16 January 2014 - 09:41 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:59 AM

Posted 16 January 2014 - 09:42 PM

This topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 09:49 PM

Alright,

well first of all, it seems like some kind of damage is already done. Not sure what is causing it.
Suddenly I cannot open the mail.yahoo.com page, it says it's not safe.
I noticed this after I tried clicking on the link "How to Create a new browser user profile in Google Chrome" which is also not available to me at this point.

Same with facebook login page. it's not loading properly. Did I remove something I shouldn't have?
Also, when I try to open ccleaner, now it says it's not connected to a program..
I'm going to try reboot and hopefully I'll be back. 



#6 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 09:59 PM

I cant even enter Windows in safe mode. The login screen is just blinking and showing weird signs. I'm typing this from my phone

Edited by maya217, 16 January 2014 - 10:00 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:59 AM

Posted 16 January 2014 - 10:06 PM

You can try using System Restore to return to previous state.

* How to restore to a previous state with System Restore in Windows 7
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:59 AM

Posted 16 January 2014 - 10:20 PM

Cloud System Booster is an optimizing tool with registry cleaning capability. It purports to clean junk data, Windows registry, and unneeded Windows files.

Anvi Smart Defender also purports to fix the registry.

While using these programs I suspect they messed up something in your registry and/or deleted files it should not have deleted.

Why you should not use Registry Cleaners and Optimization Tools
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 10:24 PM

Thank goodness I had a restore point since yesterday, phew!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:59 AM

Posted 16 January 2014 - 10:27 PM

Now uninstall those junk registry cleaning tools and try following the instructions I provided.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 10:31 PM

yes sir :)

 

btw, about chrome plugins, i disabled and uninstalled two, called Fwd downloader and Video player. those are the only ones i can suspect out of my installed ones. the rest are adblock plus and DoNotTrackMe, weheartit and xmarks (which i also disabled temporary for now). 


Edited by maya217, 16 January 2014 - 10:32 PM.


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:59 PM

Posted 16 January 2014 - 10:45 PM

weheartit and xmarks <= Disable these, either fully or till you fix this

 

Both are just add on extra and not required -



#13 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 10:59 PM

ok so this is the result of adwcleaner,
I run it earlier today as well, but i guess that doesnt matter, because the popups appeard afterwards anyways, 

 

 

 

# AdwCleaner v3.017 - Report created 16/01/2014 at 19:37:23
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Martin Nyberg - MORTEL
# Running from : C:\Users\Martin Nyberg\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Martin Nyberg\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Martin Nyberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
File Deleted : C:\Users\Martin Nyberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\FLEXnet
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (sv-SE)
 
[ File : C:\Users\Martin Nyberg\AppData\Roaming\Mozilla\Firefox\Profiles\gvhnyuxp.default\prefs.js ]
 
Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386626249834,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("smartbar.machineId", "B7EOTNX1JF3MEPXMVPYT0QCGK7IIBNQOPG6P7MY9IR0Q5STWVUBKLBP21QDIXQDJK+3QES9LJKWY3YNL9C2PEA");
 
-\\ Google Chrome v
 
[ File : C:\Users\Martin Nyberg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [22459 octets] - [21/11/2013 12:02:52]
AdwCleaner[R1].txt - [2905 octets] - [16/01/2014 19:36:36]
AdwCleaner[S0].txt - [20353 octets] - [22/11/2013 02:42:57]
AdwCleaner[S1].txt - [2824 octets] - [16/01/2014 19:37:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2884 octets] ##########
# AdwCleaner v3.017 - Report created 17/01/2014 at 04:49:22
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Martin Nyberg - MORTEL
# Running from : C:\Users\Martin Nyberg\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\Martin Nyberg\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\Martin Nyberg\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Martin Nyberg\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Martin Nyberg\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Martin Nyberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\Martin Nyberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\FLEXnet
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (sv-SE)
 
[ File : C:\Users\Martin Nyberg\AppData\Roaming\Mozilla\Firefox\Profiles\gvhnyuxp.default\prefs.js ]
 
Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386626249834,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("smartbar.machineId", "B7EOTNX1JF3MEPXMVPYT0QCGK7IIBNQOPG6P7MY9IR0Q5STWVUBKLBP21QDIXQDJK+3QES9LJKWY3YNL9C2PEA");
 
-\\ Google Chrome v
 
[ File : C:\Users\Martin Nyberg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [22459 octets] - [21/11/2013 12:02:52]
AdwCleaner[R1].txt - [6576 octets] - [16/01/2014 19:36:36]
AdwCleaner[S0].txt - [20353 octets] - [22/11/2013 02:42:57]
AdwCleaner[S1].txt - [6499 octets] - [16/01/2014 19:37:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6559 octets] ##########


#14 maya217

maya217
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 January 2014 - 11:05 PM

i should add, i did found an installed program also called video player which i uninstalled,
this was after i did the system restore an hour ago. it was still there after i deleted the chrome extension.
funny how i didnt notice this earlier... IF that's part of the problem.

 

its hard for me to check if the problem is gone .. my pop ups dont show up very often..



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:59 AM

Posted 17 January 2014 - 06:31 AM

i should add, i did found an installed program also called video player which i uninstalled,

Ad.directrev.com ads are caused by an ad-supported cross web browser plugin for Internet Explorer, Firefox and Chrome. The browser extensions is typically bundled with and added when you download and install other free software such as video, recording, streaming, download managers, PDF creators.

BrowseToSave, SuperLyrics, PassShow, LyricsGet, TidyNetwork.com and WebCake are commonly installed adware programs responsible for this.

Make sure you check all your browsers even if you seldom use them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users