Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware problem


  • This topic is locked This topic is locked
11 replies to this topic

#1 deepak123

deepak123

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 20 December 2015 - 04:31 PM

windows 7 ultimate service pack 1 64 bit
 
 
the browser opens a new page redirecting to hxxttp://hidcptqmerifcusymaqddcomolsujibeptsmycmqsrwgrcmywshgnfpjhcc.com/rot.aspx?partner=910345&f=popup-u
 
and then this redirects to some page on tradeexchange.com
 
and then to some other page which I am not interested(the latest one was a page telling me to update/ install java)
 
this happens when I visit some website page which I don't use too regularly.(seems like a reaction to a click on the webpage ,although the click is not at any link)
 
this also happens when I was offline(I had downloaded a few webpages)
 
besides this, some adds also block the screen on some websites, the details I am showing by uploading 2 screen-shots.Attached File  01.png   453.99KB   0 downloadsAttached File  02.png   604.02KB   0 downloads
 
I have downloaded some tools which are commonly advised by this website like MAMB.
 
PLEASE help me. thanks in advance for the help.

Edited by nasdaq, 21 December 2015 - 10:04 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 21 December 2015 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#3 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 23 December 2015 - 04:03 PM

Attached File  Addition.txt   26.78KB   2 downloadsAttached File  FRST.txt   40.75KB   3 downloadsmy laptop is running good except this adware problem.the problem does not occur on sites which I regularly visit(or occurs very less) I hate such things on my laptop. so want to get rid of it.

 

the laptop is 6 month old.It is possible that the adware came when I installed few soft wares whose installations had been taken from torrent(from another computer)

 

Adwarecleaner did NOT find anything.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 24 December 2015 - 09:29 AM

Nothing suspicious was found on your logs.
This is just a cleanup of empty items.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

EmptyTemp:

HKLM-x32\...\Run: [Yahoo Messenger] => [X]
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-18\...\RunOnce: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
U4 sr; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U2 wuaserv; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

===

Is the problem persisting.

#5 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 25 December 2015 - 12:30 PM

thank you very much nasdaq for your reply.this did not work.I may retry this in safe mode.

 

adware is not so disturbing but I want to get rid of it.

 

should I try to uninstall some programs that may have carried this malware, using advanced uninstaller free?

 

how about malwarebytes anti-rootkit?(I have read their disclamier)



#6 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 26 December 2015 - 03:29 AM

the adware cleaner had NOT detected anything initially. however after I installed advanced uninstaller pro, it detected folders related to this uninstaller(Innovative Solutions seems to be name of the company)


when I disabled java on my browser,the program FAILS to trouble me & does NOT do anything.so I am a little happy about it.

Attached Files


Edited by deepak123, 26 December 2015 - 03:30 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 26 December 2015 - 09:18 AM

Looking good.

Any remaining issues?

#8 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 26 December 2015 - 11:08 AM

the original adware is still there.IT does re-appear when I again enable java on my chrome browser.

 

Not able to understand which version of java is there on my system.see 3rd picture.

 

the programs or feature list inside the control panel do NOT show any java as installed.(see 4th pic.)

 

using firefox & going to the java test page to find WHICH VERSION is Installed results in this.(1st &2nd pic.)

Attached Files


Edited by deepak123, 26 December 2015 - 11:09 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 27 December 2015 - 07:55 AM

the original adware is still there.IT does re-appear when I again enable java on my chrome browser.


Chrome as it's own copy of Java.
I suggest your remove Chrome and re-install the application.

How to:

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

Java is not installed on your Firefox.
If ever you need it check this with your Firefox browser.
You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
==

p.s.
If you want or need to install Java in IE check the same Java link above with the Internet Explorer browser.

Only when you have Java Installed in Internet Explorer and possibly Firefox will you see a reference to the installed version in the Programs and Features list.

===

Let me know of any remaining issues.

#10 deepak123

deepak123
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 31 December 2015 - 02:08 AM

Thank you Nasdaq for all the help.

 

After uninstalling & reinstalling chrome, the computer is running well.

 

If anything comes, I will inform.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 31 December 2015 - 08:53 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 AM

Posted 06 January 2016 - 09:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users