Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange, recurring pop-ups flying under the radar


  • Please log in to reply
9 replies to this topic

#1 brinkofinsanity

brinkofinsanity

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 October 2014 - 01:25 AM

So I have been seeing these pop-ups for some time now. They only occur on certain websites and not on others. Google, MSN do not show these pop-ups. These pop-ups are not content provided by the site as they do not appear on other machines and are placed in a manner which obstructs the website (that has its own adverting) that would be a poor execution if actually done by a web designer.
These pop-ups occur the same in Firefox, and are not affected by the most rabid pop-up blocker settings. They are sometimes .GIFs and sometimes Flash. The content in the ad varies and is sometimes adult content advertising a dating site.
To date I have run multiple scans by various software including Malwarebytes, Adwcleaner, Microsoft's own Malicious Software removal tool and McAfee Stinger (recommended removals and quarantines were for registry entries and some items in my recycle bin which did not seem like threats but I got rid of them). I use Security Essentials on windows 7, no threats found (including safemode). I have scanned using TrendMicro's housecall also nothing. I have used Microsoft's defender offline (a live boot scanner) it did not complete but crashed.
I have used Kaspersky's live boot virus scanner also no threats. I have scanned from Ubuntu using Comodo antivirus, no problem.
I am going insane. One last thing, there is an occasional hijack in the browser and I cannot at this moment recall the destination, but will make a note the next time. I can get URLs that the pop-ups attempt to direct me to. I would like to know if anyone has seen a pop-up in this format before and what on earth is responsible for it. I have been unable to find information on a pop-ups like mine while searching online for the last few months. If anyone has a clue, please help.
Thanks you very much for taking the time to check this out.
 
I have attached a screencapture of ie presenting the symptoms. The content is different, but the same box appears with the little red box to close it on the top.

Attached Files


Edited by Budapest, 17 October 2014 - 01:29 AM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 shamuh2014

shamuh2014

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gaithersburg MD
  • Local time:11:37 AM

Posted 17 October 2014 - 01:48 AM

Hope you need to review your installed Program Features if you are using Win 7. Sometimes most adware will be installed forcefully when you download Freeware Antivirus Software or Weather Report software. Many people report this pop-ups to Microsoft, assuming this is because of ie11 vulnerability. But, this is not because of internet explorer; this is because of adware running in the background. So please uninstall all the unwanted software installed on your computer will certainly resolve this issue. And use www.Qualys.com/secure its completely free to scan your computer for patch management for windows, internet explorer, Google chrome, Mozilla Firefox and other plugins as well. Good Luck!
 



#3 brinkofinsanity

brinkofinsanity
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 October 2014 - 01:55 AM

Awesome, I'm on it. Thanks for the quick reply. I will report back with results.



#4 brinkofinsanity

brinkofinsanity
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 October 2014 - 04:42 AM

Okay, so the browser scan from Qualsys suggested I update my flash player, which I could not do via Adobe's site (Suspicious, yet I have never updated flash from anywhere else) so I uninstalled it completely, including shockwave, adobe air and reader just for good measure. I have no extraneous plugins in my browser and don't use any security or maintenance or optimizing software that isn't Microsoft or Norton when I had Norton before(way before the pop-ups). The Malwarebytes, ADWcleaner and so on were only installed in the last few weeks. I don't use any weather reporting software or other notification services or search bars or "download accelerators" or any of the like.

I have checked my installed programs and nothing unknown that wasn't there before this problem started, unless it is camouflaged as something else.

In any case, no cigar... pop-ups are alive and well. Thanks still.


Edited by brinkofinsanity, 17 October 2014 - 04:42 AM.


#5 brinkofinsanity

brinkofinsanity
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 October 2014 - 03:45 PM

Add "SUPERAntiSpywaye" to the list; no threats found other than some tracking cookies... removed anyway, problem persists.



#6 brinkofinsanity

brinkofinsanity
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 October 2014 - 04:43 PM

Update: Following a pop-up's direction to a page that said I should download a necessary media player for Internet Explorer, I decided to read the not so well put together EULA accompanying the obvious malware and found a link inside for a "contactus" which I followed and was hijacked to a site which appeared to be real, offering prices on cars...(yes someone hopes to make money legitimately by screwing with others' browsing experiences...ha) Some of the pop-ups now appear as empty boxes, same format though, bottom left, red box, a good way to illustrate what they all have in common and finally, I have noticed for the first time (highlighted elegantly by me and MS paint in the attachment) a suggestion to update my browser extension, which leads to some kind of page made to look like Internet Explorer's installation page... whatever. It appears removing flash has made the thing causing this problem a little sad, this has brought me some satisfaction.

 

Here is a URL to the image

http://imgur.com/BpiyFQU



#7 shamuh2014

shamuh2014

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gaithersburg MD
  • Local time:11:37 AM

Posted 17 October 2014 - 08:21 PM

Try OpneDNS.com to blacklist suspicious sites. Configure opendns to your network and see the difference. You will enjoy if you are supporting system and network issues. Its absolutely free  and you will learn a lot about cyber attacks.



#8 brinkofinsanity

brinkofinsanity
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 October 2014 - 10:23 PM

Are you suggesting that suspicious websites are delivering these pop-ups?

I explained that these pop-ups occur on different websites, in the exact same format on different browsers, which I am fairly certain means they are being put there by something on my computer. Something which I would like to terminate with extreme prejudice.


Edited by brinkofinsanity, 17 October 2014 - 10:35 PM.


#9 shamuh2014

shamuh2014

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gaithersburg MD
  • Local time:11:37 AM

Posted 25 October 2014 - 07:31 AM

No, the pop-ups occur because of advertisements and marketing the products not suspicious most of the times. If you act on pop-ups there starts the background running of application you clicked on. I suggest OpenDNS to protect your network or browsers not to execute and you don't need to terminate with extreme prejudice instead the OpenDNS blocks automatically by default.



#10 brinkofinsanity

brinkofinsanity
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 25 October 2014 - 03:51 PM

There isn't much freedom for anything to run on my computer except these pop-ups it seems.

 

I conceded because there was nothing, including  4 live session scans of the windows installation of the windows installation, which could find a problem. Make no mistake there was something locally doing this and it was beyond my skill level. You didn't really address the problem because I am well capable of blocking popups only this was not just "popups" as I explained. I really appreciate the help anyway but I went ahead and reinstalled windows. If the backup is infected and my computer reinfected I will be back.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users