Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant pop up web intrusion


  • Please log in to reply
3 replies to this topic

#1 Yepytzme

Yepytzme

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 17 September 2014 - 11:27 PM

Hello folks, need serious help immediately.  I keep getting websites popping up whenever I open a new location or even sometimes while on on a web site another unknown website pops in on top of the one I'm watching.  It is automatically blocked from redirecting by Firefox but it still covers the whole screen and is very annoying.  I close the window but almost every time it or a similar one pops up with the same (blocked from redirecting) info from Firefox.
 
I copied the web sites and these are just two examples of whence from they cometh:
 
hxxp://www.frngd.com/sc?p=YTE5ODY3NjAzMjhf%2BJxEUipiMSknGpTwZbb38qMwlx4LLfzzejL21PShOv2OSqFC9qmcKY50fKFUUpx2E8wtUwOId%2BsSHT0gZPglRmdtWTdtxZcE8ep%2Fjv9HUi%2B54kU0nUMh7rU9W6GGQdD%2FvWZZTGB1XYD1Yg2spVecJCjYODFvrhQ8yFeaPIpJmin%2Bm1LU%2FP0nReC1SVDqKi3TosE5LzOWNVCx12Jlil2SnByTDdI0vSh9nKufgREhXlnRPMTU6TqWzORKhUJy3RWV3vh2G3%2BWTFkXaHcuEbbEGzyIleV4OMaM06MFy9Hnf03JXXIzNoF7E%3D&ia=0&t=1
 
hxxp://www.cvkgpq.com/sc?p=YTM5Njk1NDU5MjcG8Dryrnnt2qHApGiYpiMSknGpTwZbb38qMwlx4LLfzzejL21PShOv2OSqFC9qmcKY50fKFUUpx2E8wtUwOId%2BsSHT0gZPglRmdtWTdtxZcE8ep%2Fjv9HUi%2B54kU0nUMh7rU9W6GGQdD%2FvWZZTGB1XYD1Yg2spVecJCjYODFvrhQ8yFeaPIpJmin%2Bm1LU%2FP0nReC1SVDqKi3TosE5LzOWNVCx12Jlil2SnByTDdI0vSh9nKufgREhXlnRPMTU6TqWzORKhUJy3RWV3vh2G3%2BWTFkXaHcuEbbEGzyIleV4OMaM06MFy9Hnf03JXXIzNoF7E%3D&ia=0&t=1
 
As you can see they are in all likely hood a scam of some sort of I've been infected with adware.  I've gone to tools and page info and blocked EVERYTHING to do with these sites like media, permissions and security but they still keep popping up.
 
I have pop up blocker initiated in Firefox but I also get a small pop up window which frequently appears at the bottom right hand side of the screen (agout 3" X 3") that is an advertising video for either vehicles or other products.  I cannot close it, it does not have any minimize, maximize or X to close it.  It says this video will start in ... 5-4-3-2-1 seconds, then the video starts and runs for about 60 seconds then it just sits there and I can't get rid of it unless I change screens to another site.
 
I ran MalwareBytes and Microsoft Security Essentials and they did not detect any issues.
 
I am sending an attachment of a screenshot of the video ad.
 
Please, anyone, if you have any info that will terminate these issues I would forever be grateful.
 
Thanks,
 
Yepytzme

Attached Files


Edited by Orange Blossom, 17 September 2014 - 11:45 PM.
Deactivated links and moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 18 September 2014 - 12:26 PM

Hello, 
 
Run the following, and let me know how you get on. 
 
STEP 1
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Internet Flush

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.​@echo off
    echo 
    Flushing Internet. Please wait... >"%userprofile%\desktop\flushresults.txt"
    ipconfig /release >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    echo.
    echo Deleting temp files/folders...
    del %TEMP%\*.* /F /S /Q
    rd /S /Q %TEMP%
    echo.
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\flushresults.txt" 2>&1
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file flush.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate flush.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. If not, please manually reboot. 
  • After the reboot, a log (flushresults.txt) will be on your DesktopCopy the contents of the log and paste in your next reply. 
     

======================================================

STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • flushresults.txt

Posted Image

#3 Yepytzme

Yepytzme
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 19 September 2014 - 01:00 PM

Hello LiquidTension,

Sorry but I have serious concerns about scams and spams and viruses, etc., so although this is nothing personal I still have serious doubts about your instructions.  First let it be known that last year I had several problems and was advised to download this/that and the other thing, the result of which was that my systems was viciously hacked.  The hacker was able to get my passwords, my account information and then proceded to transfer over 600 of my files to the trash bin.  I tried to reinstall from the trash bin but then I noticed that not only did this hacker transfer the files, he also deleted their contents.  I had to notify/cancel and change all my banking, passwords and credit cards.  I then had to trash my computer and buy a new system.

The following is specifically why I have concerns about your instruction, viz;

When I went to "Downloads.com" I got this message "No results for "AdwCleaner 3.3.1.0", I then went to "Tucows" and got this message: "0 results for AdwCleaner + 3.3.1.0", (If downloads or tucows has never heard of AdwCleaner then how come Bleeping computer has this knowledge?),  I then tried to download it from your site and all I got was an ad. for a game, another tried to download registry reviver setup, others were for other website programs.  Nothing would get me to your AdwCleaneer.  Therefore I would need specific guarantees before I would attempt any such downloads.

As I said earlier, nothing personal but I am justifiably having serious misgivings.



#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 19 September 2014 - 01:54 PM

Hello,
 

First let it be known that last year I had several problems and was advised to download this/that and the other thing, the result of which was that my systems was viciously hacked.  The hacker was able to get my passwords, my account information and then proceded to transfer over 600 of my files to the trash bin.  I tried to reinstall from the trash bin but then I noticed that not only did this hacker transfer the files, he also deleted their contents.

This sounds like a tech support scam. Here are some articles with information.

When I went to "Downloads.com" I got this message "No results for "AdwCleaner 3.3.1.0", I then went to "Tucows" and got this message: "0 results for AdwCleaner + 3.3.1.0", (If downloads or tucows has never heard of AdwCleaner then how come Bleeping computer has this knowledge?)

"Downloads.com" and "Tucows" have nothing to do with AdwCleaner. 
 
AdwCleaner was created by Xplode, a Security Colleague here at BleepingComputer. Have a look at the download statistics for the programme. The programme is updated daily, which is why the "Added on" date shows September 18th. 
 
dnjHvbV.png
 
 

I then tried to download it from your site and all I got was an ad. for a game, another tried to download registry reviver setup, others were for other website programs. Nothing would get me to your AdwCleaneer.

Perhaps you're clicking an ad or the wrong button.
Here's a direct download link for the programme. 
 
 

Therefore I would need specific guarantees before I would attempt any such downloads.
As I said earlier, nothing personal but I am justifiably having serious misgivings.

You need only spend a matter of minutes in this forum to realise that the instructions in my original post are provided hundreds of times to hundreds of users every day.
 
From your description of issues, I deducted that the main issue at hand is more than likely related to adware/Potentially Unwanted Programmes (PUPs). AdwCleaner, along with Junkware Removal Tool, are two of the best adware removal tools currently available. If you are still unprepared to run the programmes, perhaps you would like to scan the URLs using an online scanning service such as VirusTotal.


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users