Im a new user here and Ive read all the sticky threads about what to before posting etc.
I believe I may have a virus on all my devices (Windows 7 PC, Mac laptop on Yosemite, iPad and iPhone) and that this seems to be a recurring problem for the last few months. Sorry this explanation is going to be long winded but I guess better to have all the details included.
First off, several months ago I had some malware or something that would randomly redirect me to this website:
this was only happening occasionally though so I wasn't really noticing anything a first and thought I had just clicked come ad and also Im based in SE Asia (but not SG) and it looks like a legit news site. Anyway I started to notice that sometimes a site I was trying to open would take a long time to load and then would redirect to this site.
I can't recall what I did to remove it but I think I just ran some virus scan programs as the problems stopped after that, then I had another problem a few weeks later where Google ads on many sites had other ads overlayed which said 'Ads by dns unlocker' this was on my Windows 7 PC and my iPad and iPhone 5 and even thought I didn't seem to be getting it on my Mac laptop I did occasionally see a few ads banners on some sites such as PCgamer.com which were intrusive and not the kind of ads you would expect a major site to run (they were tower banners that overlapped a pages content and didn't look right etc) although these did not say 'Ads by DNS unlocker' and PCgamer was pretty much the only site I saw them, all other devices had these spam ads eveywhere.
Ive always had the paid version of Norton on my PC and that hadn't warned me about anything and I did several deep scans and found nothing, I then ran other free versions of programs such as Malware bytes, R-Kill and 9-lab removal tool as well as CCleaner, these programs did find a couple of suspicious things which they removed but the ads were still there so eventually I decided to format the router as read somewhere that the virus could be in there.
So finally after doing that the virus/malware was gone. Then just a few days ago started getting redirected to spammy websites selling things (all Thai language sites too) and again this was on my PC and iPad and iPhone but again Mac seems ok (but still occasionally see those weird looking ads on PCgamer.com) also this wasn't just when I was using a web browser if I was using any app on the iPad or iPhone e.g. Facebook, BBC sport, The Guardian, Reddit it would often redirect me when clicking a page within the app or a link to something external from the app, also my mrs started getting it to on her brand new iPhone. This would all happen very sporadically though so sometimes nothing for a full day and then in the evening almost every link clicked in an app or web browser would try and redirect me. These were not the 'Ads by DNS unlocked' though and i haven't had those since formatting the router.
I hadn't had time to look into this properly yet and yesterday my wife went on some Thai site (we live in Thailand) to look for the solution for this 'onclickads.net' virus problem and asked what to do as and she was advised to check and change the DNS settings, this is something Id read about before with the 'ADS by DNS unlocker' and that it changed your DNS settings but at that time it had never changed mine so I didn't think of it this time, anyway she changed her DNS to something else (18.104.22.168 and 22.214.171.124 I think) and hey presto spam ads gone, so I did the same and no spam ads again. That was yesterday and Im in the gym today and on cellular connection with my iPhone and there are the redirect spam ads again and from what I can tell there is no way to change the DNS on a iPhone unless its jail broken.
So....any ideas? I was thinking that the virus was in the router again but I guess if Im getting it on my phone with celluar connection then its on all my devices?? How has this happened too? I had a premium version of Norton plus CCleaner plus I ran R-Kill etc yesterday and nothing found again, also how can one virus work on different OS like with Windows and iOS?
I should also point out that we have two isp, one with a fiber connection upstairs (which is the one I formatted last month) and another ADSL (never formatted) I haven't done full tests to see if I get the malware when on each connection, I *think* its been mainly when on the fiber one but not sure.
A few other things Ive just noticed in the last hr or so and while typing this:
- I think the PCgamer.com spam ads are to do with Lijit, Im typing this on my Mac and have the site open on my PC and even though the site is fully loaded I can see Chrome showing Lijit processes loading in the bottom and the spam looking banners have just popped up (I just took a screen grab which I can upload if thats allowed?)
- A few times after signing in on Gmail and Facebook on my PC, the next day I have opened up Chrome again and even though I had the box checked to save my login details I've had to login again which isn't normal, I should point out that I do have two step verification setup for both of these and no suspicious activity detected from either and I've checked the last known locations etc and all ok.
- A couple of times I've been working on my laptop with the PC on and its been in sleep mode and then suddenly it spins up and the screen comes on.
- The start menu popped open as if it had been clicked on just an hr ago on the PC while I was using the laptop, Im pretty sure I hadn't clicked on it earlier or left it like that, I could be wrong though
- A local forum site that I use often but not always logged in had some weird behavior too today, I opened the login page and my details were saved in the login fields but they looked a bit different like they had been typed wrong like this:
so a '.' used where it shouldn't be an the 'i' missing from Gmail, it could be a typo but it just looks so strange and not something I would do when logging in especially adding a '.' like that
Just to recap on what programs I have run and used:
Norton anti virus, done full sys scan and power eraser - nothing found
Malwarebytes free version - nothing found
9-labs - this just found something called 'Malware.Win32.Gen.sm'
R-kill - didn't find anything
I also ran Hitman a few weeks ago but can't recall the results.