Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pool.admedo.com - have I a problem?


  • Please log in to reply
3 replies to this topic

#1 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 5,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:32 AM

Posted 01 August 2015 - 07:23 PM

64 bit Win 7 SP!, Avast (Free), Malwarebytes (Free) and Super Antispyware (Free)

 

Yesterday evening, about 10 pm, I went on-line to check my e-mails, then have a look at 'The Register' and then come here. As soon as I went to open a page on 'The Register' I got a pop-up from Avast saying it had stopped an infection, see image below. This repeated every page until I stopped and switched to Chrome to find the same behaviour and IE 11 decided it didn't want to start.

 

At this point I ran a quick scan with Avast, result clean, then S/Antispyware which found and deleted a few persistent cookies, then a Malwarebytes quick scan which came back clean and finished up by running JRT which said it had found a few problems in Chrome which it had fixed.

 

Following a re-boot I went back to 'The Register' to pick up where I had left off to find I was getting the same pop-up. At which point I shut down and re-booted into Linux where at least i am not getting the warning pop-up.

 

https://www.dropbox.com/s/q72hqf6plc3ei5c/pool.admedo.com%20screenshot.jpg?dl=0

 

I must have taken this screenshot when I was in Chrome, but the one in Firefox except replacing 'Google' with 'Mozilla' and 'Chrome' with 'Firefox'.

 

My question is - have I a problem or, since everything is coming up clean, is this some kind of false positive ?

 

Chris Cosgrove



BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:32 AM

Posted 02 August 2015 - 01:11 AM

Hi Chris,

I actually tried going to that domain (pool.admedo.com) myself, and I got a "Not Found" message (not a 404, just two words "Not Found").

When I directly go to the site shown in your Avast alert, this is what I got:
(function(src){
var img = document.createElement("img");
img.alt = " ";
img.style.display = "none";
img.src = src;
document.body.appendChild(img);
})("\/\/ib.adnxs.com\/setuid?entity=238&code=34147380-9cc4-49de-86da-ac2257b482a3");
The domain in the code appears to be associated with a browser hijacker, but VirusTotal is clean (0/63). Maybe someone with knowledge of programming can decipher this further.

#3 Chris Cosgrove

Chris Cosgrove
  • Topic Starter

  • Moderator
  • 5,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:32 AM

Posted 02 August 2015 - 12:23 PM

I got the 'Not found', and I googled Admedo as well with very mixed results. Very little information about them and very mixed for and against. There was even a link to the Avast forums where again the discussion appeared inconclusive.

 

There seems to be a company called Admedo who are in the business of supplying web-tracking software for advertising purposes and another, or a different branch of the same, running more nefarious software. Whatever, I don't like being tracked and am starting to get annoyed. I will see if anybody else comes up with any ideas.

 

Chris Cosgrove



#4 Chris Cosgrove

Chris Cosgrove
  • Topic Starter

  • Moderator
  • 5,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:32 AM

Posted 02 August 2015 - 04:36 PM

Since I made the earlier post two things have happened, the pop-ups have stopped and I don't know which one was responsible for it !

 

When I got back to my own computer Avast wanted to do a software update which I did. Once I had re-booted I ran AdwareCleaner. It didn't appear to find much but this is the log -

 

# AdwCleaner v4.110 - Logfile created 02/08/2015 at 19:03:26
# Updated 05/02/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Cosgrove - DESKTOP
# Running from : F:\Software d-lds 1\AdwCleaner\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Cosgrove\Favorites\Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Conduit

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v44.0.2403.125

[C:\Users\Cosgrove\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1204 bytes] - [02/08/2015 19:00:53]
AdwCleaner[S0].txt - [1086 bytes] - [02/08/2015 19:03:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1145  bytes] ##########

 

Whichever, one of them appears to have done the trick !

 

Chris Cosgrove






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users