Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think all my devices are infected (PC, Mac, iPad & iPhone)


  • Please log in to reply
4 replies to this topic

#1 easycompany80

easycompany80

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 14 January 2016 - 03:14 AM

Hi,

 

Im a new user here and Ive read all the sticky threads about what to before posting etc.

 

I believe I may have a virus on all my devices (Windows 7 PC, Mac laptop on Yosemite, iPad and iPhone) and that this seems to be a recurring problem for the last few months. Sorry this explanation is going to be long winded but I guess better to have all the details included.

 

First off, several months ago I had some malware or something that would randomly redirect me to this website:

 

http://asnews.com.sg

 

this was only happening occasionally though so I wasn't really noticing anything a first and thought I had just clicked come ad and also Im based in SE Asia (but not SG) and it looks like a legit news site. Anyway I started to notice that sometimes a site I was trying to open would take a long time to load and then would redirect to this site.

 
I can't recall what I did to remove it but I think I just ran some virus scan programs as the problems stopped after that, then I had another problem a few weeks later where Google ads on many sites had other ads overlayed which said 'Ads by dns unlocker' this was on my Windows 7 PC and my iPad and iPhone 5 and even thought I didn't seem to be getting it on my Mac laptop I did occasionally see a few ads banners on some sites such as PCgamer.com which were intrusive and not the kind of ads you would expect a major site to run (they were tower banners that overlapped a pages content and didn't look right etc) although these did not say 'Ads by DNS unlocker' and PCgamer was pretty much the only site I saw them, all other devices had these spam ads eveywhere.
 
Ive always had the paid version of Norton on my PC and that hadn't warned me about anything and I did several deep scans and found nothing, I then ran other free versions of programs such as Malware bytes, R-Kill and 9-lab removal tool as well as CCleaner, these programs did find a couple of suspicious things which they removed but the ads were still there so eventually I decided to format the router as read somewhere that the virus could be in there.
 
So finally after doing that the virus/malware was gone. Then just a few days ago started getting redirected to spammy websites selling things (all Thai language sites too) and again this was on my PC and iPad and iPhone but again Mac seems ok (but still occasionally see those weird looking ads on PCgamer.com) also this wasn't just when I was using a web browser if I was using any app on the iPad or iPhone e.g. Facebook, BBC sport, The Guardian, Reddit it would often redirect me when clicking a page within the app or a link to something external from the app, also my mrs started getting it to on her brand new iPhone. This would all happen very sporadically though so sometimes nothing for a full day and then in the evening almost every link clicked in an app or web browser would try and redirect me. These were not the 'Ads by DNS unlocked' though and i haven't had those since formatting the router.
 
I hadn't had time to look into this properly yet and yesterday my wife went on some Thai site (we live in Thailand) to look for the solution for this 'onclickads.net' virus problem and asked what to do as and she was advised to check and change the DNS settings, this is something Id read about before with the 'ADS by DNS unlocker' and that it changed your DNS settings but at that time it had never changed mine so I didn't think of it this time, anyway she changed her DNS to something else (8.8.8.8 and 8.8.4.4 I think) and hey presto spam ads gone, so I did the same and no spam ads again. That was yesterday and Im in the gym today and on cellular connection with my iPhone and there are the redirect spam ads again and from what I can tell there is no way to change the DNS on a iPhone unless its jail broken.
 
So....any ideas? I was thinking that the virus was in the router again but I guess if Im getting it on my phone with celluar connection then its on all my devices?? How has this happened too? I had a premium version of Norton plus CCleaner plus I ran R-Kill etc yesterday and nothing found again, also how can one virus work on different OS like with Windows and iOS?
 
I should also point out that we have two isp, one with a fiber connection upstairs (which is the one I formatted last month) and another ADSL (never formatted) I haven't done full tests to see if I get the malware when on each connection, I *think* its been mainly when on the fiber one but not sure.
 
A few other things Ive just noticed in the last hr or so and while typing this:
 
- I think the PCgamer.com spam ads are to do with Lijit, Im typing this on my Mac and have the site open on my PC and even though the site is fully loaded I can see Chrome showing Lijit processes loading in the bottom and the spam looking banners have just popped up (I just took a screen grab which I can upload if thats allowed?)
 
- A few times after signing in on Gmail and Facebook on my PC, the next day I have opened up Chrome again and even though I had the box checked to save my login details I've had to login again which isn't normal, I should point out that I do have two step verification setup for both of these and no suspicious activity detected from either and I've checked the last known locations etc and all ok.
 
- A couple of times I've been working on my laptop with the PC on and its been in sleep mode and then suddenly it spins up and the screen comes on.
 
- The start menu popped open as if it had been clicked on just an hr ago on the PC while I was using the laptop, Im pretty sure I hadn't clicked on it earlier or left it like that, I could be wrong though
 
- A local forum site that I use often but not always logged in had some weird behavior too today, I opened the login page and my details were saved in the login fields but they looked a bit different like they had been typed wrong like this:
 
e.asycompany80@gmal.com
 
so a '.' used where it shouldn't be an the 'i' missing from Gmail, it could be a typo but it just looks so strange and not something I would do when logging in especially adding a '.' like that 
 
Just to recap on what programs I have run and used:
 
Norton anti virus, done full sys scan and power eraser - nothing found
Malwarebytes free version - nothing found
9-labs  - this just found something called 'Malware.Win32.Gen.sm'
R-kill - didn't find anything
 
I also ran Hitman a few weeks ago but can't recall the results.
 
 


BC AdBot (Login to Remove)

 


#2 easycompany80

easycompany80
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 14 January 2016 - 03:21 AM

p.s just want to add the following about my PC:

 

No suspicious add-ons in my main browser (Chrome)

 

I can't see anything untoward in MSCONFIG startup or in tasks or processes

 

All installed programs look safe and I recognize all

 

Any executable program download has to ask me for permission first

 

Im very careful with what I download and can't think of any new program I have downloaded recently

 

I do torrent movies a lot although never been warned about a file by Norton



#3 easycompany80

easycompany80
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 14 January 2016 - 03:49 AM

Also just want to add that I was reading this thread and decided to move ahead and run some of the advised programs:

 

http://www.bleepingcomputer.com/forums/t/601397/persistent-dnsunlocker-infections/

 

TDSS Rootkit - didn't find anything

 

ADWcleaner - found just these files, everything else clean 

 

File Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

File Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
Farbar service scanner - Norton said this was suspicious and removed it after download
 
MiniToolBox - the output of this is quite big so let me know if I should post it here, from what I can tell though there doesn't seem to be anything suspicious there though


#4 TheITGUI

TheITGUI

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 15 January 2016 - 09:09 AM

I would nuke it all from orbit. Do a fresh OS install on your PC (not familiar with macs but maybe you can use Time Machine instead?) and restore your devices back to factory settings.

Once you're recovered I would start using disk imaging. It's a really underrated way to recover a computer in a case like this.

Finally, you may want to consider the freeware, Rollback Rx Home ed. Next time you get malware you can just roll back to a previous state. It's an ok program but it's main bread and butter is going back in time to before OS attacks like this.

Just my $0.02



#5 easycompany80

easycompany80
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 08 February 2016 - 09:57 PM

I would nuke it all from orbit. Do a fresh OS install on your PC (not familiar with macs but maybe you can use Time Machine instead?) and restore your devices back to factory settings.

Once you're recovered I would start using disk imaging. It's a really underrated way to recover a computer in a case like this.

Finally, you may want to consider the freeware, Rollback Rx Home ed. Next time you get malware you can just roll back to a previous state. It's an ok program but it's main bread and butter is going back in time to before OS attacks like this.

Just my $0.02

 

 

OK thanks, I might do that soon, Ive been running those programs again several times as well as updated Windows, still catch a few things and clean them out, the virus hardly ever pops up now but it still does occasionally (less than once per day though) on my PC and haven't seen it in weeks on my iPad (I did format that again though) but did get it once on my iPhone and I wasn't at home and was on celluar network, its really weird and still can't figure out where this virus still is lurking.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users