Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popup ads and random words hot linked on web pages


  • Please log in to reply
9 replies to this topic

#1 Mathetria

Mathetria

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 February 2014 - 12:37 PM

First, I know how I got this and I can't tell you how grateful I am that you are here to help.

 

I thought I was downloading a book reader and ended up with a complete mess.  Some kind of bundled package I believe.

 

1) I am currently getting pop up ads on my foxfire, internet explorer and google chrome browsers (they usually show up when I go to a new page).  They are not part of the page's design and don't appear when I go to these pages on other computers.

 

2) After a webpage loads, random words start being underlined and hotlinks attached which show an add when you mouseover.

 

3) Occasionally I am notified that google chrome is having high usage and I'm not even showing it as running on my task manager.

 

I've run a variety of anti-malware programs (MBAM, SuperantiSpyware, and Kapersky all included) but to no avail.

 

Can you please help?

 

Thanks!

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:53 AM

Posted 03 February 2014 - 12:51 PM

In-Text Ads Explained & How To Remove Them

After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, download and scan with Malwarebytes Anti-Malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Mathetria

Mathetria
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 February 2014 - 04:05 PM

I did NOT remove any of the things MBAM found since it was not listed in the instructions.

 

Here are the logs:

 

RKILL

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 02/03/2014 01:53:12 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * C:\Users\Deborah\AppData\Local\GCC\Controller.exe (PID: 2832) [UP-HEUR]

 * C:\Users\Deborah\AppData\Local\playnowradio\playnowradio\1.3.4.0\playnowradio.exe (PID: 4464) [UP-HEUR]

 * C:\Users\Deborah\AppData\Local\GCC\Controller.exe (PID: 5472) [UP-HEUR]

 

3 proccesses terminated!

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

 * Windows Firewall Disabled

 

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

   "EnableFirewall" = dword:00000000

 

Checking Windows Service Integrity:

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Manual

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * HOSTS file entries found:

 

  127.0.0.1       localhost

 

Program finished at: 02/03/2014 01:54:28 PM

Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)

 

_________________________________________________________________________________

Adware

 

# AdwCleaner v3.018 - Report created 03/02/2014 at 14:40:11

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Deborah - DEBORAH-PC

# Running from : C:\Users\Deborah\Documents\disinfect\AdwCleaner(2).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\l738op1e.default-1391321117076\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16750

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\l738op1e.default-1391321117076\prefs.js ]

 

 

-\\ Google Chrome v32.0.1700.102

 

[ File : C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [27752 octets] - [28/11/2013 22:46:03]

AdwCleaner[R1].txt - [7112 octets] - [02/02/2014 02:15:19]

AdwCleaner[R2].txt - [1479 octets] - [03/02/2014 14:27:32]

AdwCleaner[S0].txt - [20297 octets] - [28/11/2013 22:52:14]

AdwCleaner[S1].txt - [6662 octets] - [02/02/2014 02:16:18]

AdwCleaner[S2].txt - [1406 octets] - [03/02/2014 14:40:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1466 octets] ##########

__________________________________________________________

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x64

Ran by Deborah on Mon 02/03/2014 at 15:00:00.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Deborah\appdata\local\{5AD11B41-86AC-4E64-85AB-2913F64C6D8E}

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Deborah\AppData\Roaming\mozilla\firefox\profiles\l738op1e.default-1391321117076\minidumps [4 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/03/2014 at 15:19:21.02

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

___________________________________________________________________

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.03.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16750

Deborah :: DEBORAH-PC [administrator]

 

2/3/2014 3:26:58 PM

MBAM-log-2014-02-03 (15-45-11).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 253446

Time elapsed: 11 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:\Users\Deborah\Downloads\CodecPerformerSetup (1).exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Users\Deborah\Downloads\CodecPerformerSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Users\Deborah\Downloads\Setup.exe (PUP.Optional.OptimumInstaller.A) -> No action taken.

 

(end)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:53 AM

Posted 03 February 2014 - 04:10 PM

Rerun Malwarebytes and remove the items it detected.


Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.
  • -- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Mathetria

Mathetria
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 February 2014 - 05:42 PM

I tried running this program from both IE and Firefox.  I couldn't get it to work.

 

IE: I ran IE as an administrator and gave it permission to make changes.  I went to the web-page clicked on "Run ESET Online" which  brought up a new window with the "Terms of Use" acceptance box.  I checked the box and clicked "Start."  The window turns blue and has a small square in the upper left corner.

 

Firefox: I successfully downloaded the program.  I clicked on the file and told it to run.  It brings up the "Terms of Use" page which I clicked the box for and then clicked "Start."  I clicked "Yes" to allow changes to my computer.  I get a box saying the following:

Can not get update.  Is proxy configured?

ESET Online Scanner installation consists of three steps:

 1. Component download

 2. Component registration

 3. Start

 

It gives me the opportunity to "Use custom proxy settings" but I have no idea what to set here.

Any thoughts?

 

Thanks!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:53 AM

Posted 03 February 2014 - 05:57 PM

Try this instead....download, install and perform a scan with Panda Cloud Cleaner.
Be sure to print out and follow these instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Mathetria

Mathetria
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 February 2014 - 06:52 PM

OK, done with that . . . I think.  The final screen comes up and says "Removal Successful - Call Us To Complete Process" - is this a marketing thing or do I need to call them?

 

I have gone to some web pages I was having big problems with before and I believe the problem is gone!

 

Thank you so much!  You are so kind to help in this way.

 

Have a great week.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:53 AM

Posted 03 February 2014 - 06:56 PM

No need to call. How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Mathetria

Mathetria
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 February 2014 - 07:04 PM

Like a champ! 

 

So much for multi-tasking my help desk duties and trying to download a book at the same time.  I knew the minute I clicked I'd done something dumb, but it was tooooo late.

 

Thanks for helping me out!  I promise . . . no more downloading while doin' other tasks.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:53 AM

Posted 03 February 2014 - 07:14 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users