Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups in every browser, new tabs with "Update Firefox"


  • Please log in to reply
3 replies to this topic

#1 BC12398

BC12398

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 04 July 2014 - 05:51 AM

I am getting pop-ups and new tabs in every browser, Chrome, Firefox, IE.  I am running the free version of Avast and it is stopping some outgoing browser connection but not the pop-ups.  Full scans with the latest versions of Malwarebytes, Avast, Adwcleaner, Avira boot CD, Kapersky boot CD.  Nothing is found except tracking cookies which I expected to happen.  I am running Windows 8.1 with Media Center.  Here are a few screenshots of what I am seeing.

Capture_zpsc054adb6.jpg

Loadyyz_zps5ce533c1.jpg

Malicouswebsiteblocked_zpsec357adc.jpg

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:39 PM

Posted 04 July 2014 - 11:05 AM

I think Debsoft is the culprit. It is mentioned in the EULA screenshot you posted. I found this site

that may just have the info you need to get rid of the ads. It looks good to me and worth trying its solutions as

you have used most of the programs we recommend here.

Remove Debsoft.com pop-up ads (Virus Removal Guide)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 BC12398

BC12398
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 05 July 2014 - 06:15 AM

I followed all directions from the above link.  None of the scans found anything.  My roommate was telling me that her iPhone was getting redirected as well.  I checked the DNS settings for the iPhone and this is what I found.

162.243.207.106, 146.185.186.138, 209.165.131.12

The last ip is legitimate from my ISP in Alaska.  The thing is that none of those DNS servers servers should even be listed at all.  I have a Windows 2012 server on my network that is giving out DNS and DHCP and the DNS should be the address of the Server.  I have on occasion found these DNS servers on my computer but I called my ISP and they were doing maintainece at the time so I ignored it.

 

C:\Windows\system32>nslookup 162.243.207.106
Server:  UnKnown
Address:  192.168.0.4

Name:    felioniti.com
Address:  162.243.207.106

 

The second ip does not resolve at all so felioniti.com must be the bad seed of the DNS.  I have a Linksys router which is suseptable to the Moon router code so I reset it back to factory defaults and updated the firmware and made sure that remote Admin was turned off as per the instructions at the Linksys website. >

 

http://kb.linksys.com/Linksys/ukp.aspx?pid=80&app=vw&vw=1&login=1&json=1&docid=56b6de2449fd497bb8d1354860f50b76_How_to_prevent_getting_The_Moon_malware.xml

 

Another interesting article about the Moon Malware.  It specifically states that is uses Phony DNS

 

http://heavy.com/tech/2014/02/linksys-the-moon-router-malware/

 

All devices in the  house now show the proper DNS settings and I am hoping that I won't be getting any more pop ups. I will repost if this comes back but for now I have my fingers crossed.

 

Thanks for your time and effort in assisting me.

 

I really do hope that this helps others as I struggled with it for a week before posting here.  I work in IT and am a fair hand at removing viruses.  This totally eluded me and the help provided by BC Advisor set me on the right path.  Bleeping Computer is bar none the best site for Virus/Malware help and I am sure that it is much appreciated by everyone in the IT community.

 

Kudo to all.


Edited by BC12398, 05 July 2014 - 09:14 AM.


#4 buddy215

buddy215

  • BC Advisor
  • 12,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:39 PM

Posted 05 July 2014 - 06:54 AM

Interesting....glad you found the problem. Thanks for reporting the solution...it will help others.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users