Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Offersbycontext adware/ Popups while browsing


  • Please log in to reply
8 replies to this topic

#1 Ma_t14

Ma_t14

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 March 2016 - 09:44 AM

Hi,

 

I recently got a pesky adware that produces advertising popups while I'm surfing the web. It's been years since I have gotten any sort of infection as I am usually really careful about what I click on the web, what I install and what options are selected during the installation process. Anyway somehow it happened today and since the solutions I have tried did not work I am posting here.

I have managed to trace the popups to this website which appears to be the homepage of its makers: http://www.bycontext.com/?aff_id=1162&subaff_id=src270&sbrand=&pn=cjs&sr=ys

Screenshot:

 

H4iDXOe.png

 

Additionally new tabs with further advertising links randomly appear while browsing.

Things I tried:

-Malwarebytes Anti-Malware

-Adwcleaner

-AdwareRemovalTool

 

System:

Windows 10 64bit

 

Browser I am using:

Vivaldi (uses chromium engine backend in case you haven't heard of it).

 


Edited by Ma_t14, 04 March 2016 - 09:47 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 AM

Posted 04 March 2016 - 10:01 AM

Give these programs a go at the adware. (Does Vivaldi block Third party cookies or allow you to block third party cookies?

Do you know of any ad blocking software compatible with Vivaldi? )

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Ma_t14

Ma_t14
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 March 2016 - 10:19 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x64 
Ran by Marios (Administrator) on 04/03/2016 at 16:52:39.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Marios\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2016 at 16:54:36.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Yes HKCU:Run DiscordPTB Hammer & Chisel, Inc. C:\Users\Marios\AppData\Local\DiscordPTB\app-0.0.12\DiscordPTB.exe
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\Marios\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
Yes HKCU:Run Google Photos Backup Google, Inc "C:\Users\Marios\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
Yes HKCU:Run Keypirinha Jean-Charles Lefebvre "C:\Users\Marios\Desktop\Keypirinha\keypirinha.exe" --autorun
Yes HKCU:Run Listary Bopsoft "C:\Program Files\Listary\Listary.exe"
Yes HKCU:Run MySQL Notifier Oracle Corporation C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKLM:Run Everything "C:\Program Files\Everything\Everything.exe" -startup
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes Startup User ArsClip.lnk C:\Program Files (x86)\ArsClip\ArsClip.exe
Yes Startup User My Shorcuts.exe.lnk C:\Users\Marios\OneDrive\My Shorcuts.exe
Yes Startup User ShareX.lnk ShareX Team C:\Program Files\ShareX\ShareX.exe


 
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-3780740502-1510083273-281139964-1001Core Google Inc. C:\Users\Marios\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3780740502-1510083273-281139964-1001UA Google Inc. C:\Users\Marios\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MySQLNotifierTask Oracle Corporation "C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe" --c
Yes Task Opera scheduled Autoupdate 1456909235 Opera Software C:\Program Files (x86)\Opera beta\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task RunUninstallTool_SkipUac CrystalIDEA Software C:\Program Files\Uninstall Tool\UninstallTool.exe $(Arg0


3D Builder Microsoft Corporation 06/01/2016 10.10.38.0
Adobe Flash Player 21 PPAPI Adobe Systems Incorporated 04/03/2016 19.4 MB 21.0.0.174
Adobe Reader XI (11.0.10) Adobe Systems Incorporated 06/01/2016 326 MB 11.0.10
Alarms & Clock Microsoft Corporation 06/01/2016 10.1512.58020.0
App connector Microsoft Corporation 06/01/2016 1.3.3.0
ArsClip 06/01/2016 6.12 MB
Atom GitHub Inc. 11/12/2016 84.8 MB 1.5.2
AutoHotkey 1.1.22.09 Lexikos 12/01/2016 1.1.22.09
Awesomenauts Ronimo Games 26/02/2016 2.07 GB
Bandizip Bandisoft.com 04/03/2016 15.3 MB 5.12
Beyond Compare 4.1.3 Scooter Software 22/01/2016 44.0 MB 4.1.3.20814
Calculator Microsoft Corporation 21/01/2016 10.1601.49020.0
Camera Microsoft Corporation 02/03/2016 2016.225.10.0
Candy Crush Soda Saga king.com 15/02/2016 1.59.300.0
CCleaner Piriform 04/03/2016 5.15
Championify version 1.2.7 Dustin Blackman 09/01/2016 107 MB 1.2.7
Devart MyDAC 8.6.20 Professional for Delphi 10 Devart 02/03/2016 80.7 MB 8.6.20
Discord PTB Hammer & Chisel, Inc. 04/03/2016 44.2 MB 0.0.12
Droid4X Haiyu Dongxiang Co.,Ltd. 22/02/2016 0.9.0
EasyBCD 2.3 NeoSmart Technologies 29/01/2016 5.60 MB 2.3
Embarcadero InterBase XE7 Embarcadero Technologies, Inc. 29/01/2016 Embarcadero InterBase XE7
Embarcadero RAD Studio 10 Seattle Embarcadero Technologies, Inc. 04/03/2016 1.75 GB 17.0
ESET Online Scanner v3 04/03/2016
Everything 1.3.4.686 (x64) 06/01/2016
f.lux 09/01/2016
FastReport 5 Embarcadero edition FastReports 15/01/2016 74.1 MB Embarcadero Edition
FileZilla Client 3.15.0.2 Tim Kosse 19/02/2016 13.5 MB 3.15.0.2
Films & TV Microsoft Corporation 04/03/2016 3.6.17801.0
Get Office Microsoft Corporation 02/02/2016 17.6628.23511.0
Get Skype Skype 06/01/2016 3.2.1.0
Get Started Microsoft Corporation 08/01/2016 2.6.12.0
Google Chrome Google Inc. 06/01/2016 473 MB 48.0.2564.116
Google Photos Backup Google, Inc. 31/01/2016 7.52 MB 1.1.0.230
Grim Dawn Crate Entertainment 04/03/2016 3.74 GB
Groove Music Microsoft Corporation 06/01/2016 3.6.15131.0
Honeycam Bandisoft.com 22/01/2016 6.46 MB 2.0
Honeyview Bandisoft.com 16/02/2016 5.16
Intel® Processor Graphics Intel Corporation 29/01/2016 9.17.10.4229
IntelliJ IDEA 15.0.2 JetBrains s.r.o. 29/01/2016 919 MB 143.1184.17
Intel® Driver Update Utility Intel 26/02/2016 18.3 MB 2.4.0.7
IntraWeb XIV Atozed Software Ltd 15/01/2016 113 MB
Java 8 Update 66 (64-bit) Oracle Corporation 06/01/2016 46.4 MB 8.0.660.18
Java SE Development Kit 8 Update 65 (64-bit) Oracle Corporation 06/01/2016 537 MB 8.0.650.17
Join by joaoapps joaomgcd 29/02/2016 1.1.12.0
Listary version 4.23 09/01/2016 8.73 MB 4.23
Mail and Calendar Microsoft Corporation 26/02/2016 17.6568.46121.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 04/03/2016 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 20/01/2016 4.1601.10150.0
Messaging + Skype Microsoft Corporation 22/01/2016 2.13.20000.0
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 20/01/2016 2.47 MB 4.0.40804.0
Microsoft Office Professional Plus 2013 Microsoft Corporation 12/02/2016 51.8 MB 15.0.4569.1506
Microsoft Silverlight Microsoft Corporation 15/01/2016 101 MB 5.1.41212.0
Microsoft Solitaire Collection Microsoft Studios 13/01/2016 3.7.1041.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15/01/2016 9.69 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 14/01/2016 9.19 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10/01/2016 21.0 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16/01/2016 14.8 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07/01/2016 16.9 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/01/2016 16.3 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 20/01/2016 27.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 20/01/2016 22.2 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 20/01/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 20/01/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 07/01/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 09/01/2016 17.1 MB 12.0.21005.1
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 Microsoft Corporation 23/02/2016 22.5 MB 14.0.23506.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 Microsoft Corporation 23/02/2016 18.7 MB 14.0.23506.0
Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 19/02/2016 87.8 MB
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12/02/2016 14.5 MB 10.0.50903
Microsoft Visual Studio Code Microsoft Corporation 13/02/2016 170 MB 0.10.8
Microsoft WiFi Microsoft Corporation 06/01/2016 1.1511.2.0
Money Microsoft Corporation 26/01/2016 4.8.239.0
Mozilla Firefox 44.0.2 (x86 en-US) Mozilla 26/02/2016 43.8 MB 44.0.2
Mozilla Maintenance Service Mozilla 21/02/2016 231 KB 44.0.2.5884
MSI Afterburner 4.2.0 MSI Co., LTD 20/01/2016 4.2.0
MusicBee 2.5 Steven Mayall 06/01/2016 2.5
MySQL Connector C++ 1.1.6 Oracle and/or its affiliates 06/01/2016 66.5 MB 1.1.6
MySQL Connector J Oracle Corporation 06/01/2016 27.2 MB 5.1.37
MySQL Connector Net 6.9.8 Oracle 06/01/2016 32.5 MB 6.9.8
MySQL Connector/C 6.1 Oracle Corporation 06/01/2016 124 MB 6.1.6
MySQL Connector/ODBC 5.3 Oracle Corporation 06/01/2016 62.4 MB 5.3.4
MySQL Documents 5.7 Oracle Corporation 06/01/2016 120 MB 5.7.10
MySQL Examples and Samples 5.7 Oracle Corporation 06/01/2016 7.36 MB 5.7.10
MySQL Fabric 1.5.6 & MySQL Utilities 1.5.6 Oracle Corporation 06/01/2016 39.3 MB 1.5.6
MySQL Installer - Community Oracle Corporation 06/01/2016 770 MB 1.4.13.0
MySQL Notifier 1.1.6 Oracle 06/01/2016 3.28 MB 1.1.6
MySQL Server 5.7 Oracle Corporation 06/01/2016 477 MB 5.7.10
MySQL Workbench 6.3 CE Oracle Corporation 06/01/2016 205 MB 6.3.5
News Microsoft Corporation 26/01/2016 4.8.239.0
Nox APP Player Duodian Technology Co. Ltd. 22/02/2016 3.1.0.0
NVIDIA GeForce Experience 2.10.2.40 NVIDIA Corporation 23/02/2016 30.7 MB 2.10.2.40
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 20/01/2016 348 MB 9.15.0428
OneNote Microsoft Corporation 23/02/2016 17.6741.18061.0
Open Broadcaster Software 11/02/2016
Opera beta 36.0.2130.26 Opera Software 04/03/2016 126 MB 36.0.2130.26
Opera Mail 1.0 Opera Software ASA 06/01/2016 1.0.1040
Oracle VM VirtualBox 4.3.12_ZZZZ Oracle Corporation 22/02/2016 112 MB 4.3.12
paint.net dotPDN LLC 03/02/2016 55.7 MB 4.0.9
People Microsoft Corporation 02/03/2016 10.0.10500.0
Phone Microsoft Corporation 06/01/2016 2.12.14001.0
Phone Companion Microsoft Corporation 05/02/2016 10.1602.3010.0
Photos Microsoft Corporation 04/03/2016 16.302.8200.0
Potplayer Kakao Corp. 06/01/2016
RivaTuner Statistics Server 6.4.1 Unwinder 20/01/2016 6.4.1
ShareX ShareX Team 21/02/2016 13.5 MB 10.7.0
Skype™ 7.18 Skype Technologies S.A. 04/02/2016 153 MB 7.18.111
Sport Microsoft Corporation 26/01/2016 4.8.239.0
Steam Valve Corporation 06/01/2016 2.10.91.91
Store Microsoft Corporation 12/02/2016 2016.27.2.0
Stremio Smart Code Ltd. 13/02/2016 220 MB 3.5.1
Sublime Text Build 3083 Sublime HQ Pty Ltd 06/01/2016 23.1 MB
Sway Microsoft Corporation 23/02/2016 17.6741.45271.0
Tixati 06/01/2016
Total Commander 64-bit (Remove or Repair) Ghisler Software GmbH 07/01/2016 8.52a
Twitter Twitter Inc. 17/02/2016 4.3.4.0
Uninstall Tool CrystalIDEA Software, Inc. 06/01/2016 8.10 MB 3.4.4
Universal Extractor oszone.net 21/01/2016 v1.9.11.196
VirtualCloneDrive Elaborate Bytes 13/01/2016 2.07 MB 5.4.9.0
Vivaldi Vivaldi 24/02/2016 1.0.403.20
Voice Recorder Microsoft Corporation 06/01/2016 10.1512.21110.0
VSO Downloader 4.5.0.17 VSO Software 03/03/2016 37.1 MB 4.5.0.17
Weather Microsoft Corporation 26/01/2016 4.8.239.0
Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) BigNox Corporation 10/01/2016 09/16/2015 4.3.12
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) BigNox Corporation 10/01/2016 09/16/2015 4.3.12
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) BigNox Corporation 10/01/2016 09/16/2015 4.3.12
WinPcap 4.1.3 CACE Technologies 03/03/2016 4.1.0.2980
Xbox Microsoft Corporation 18/02/2016 14.14.16008.0
XMind 7 (Update 1) (v3.6.1) XMind Ltd. 07/01/2016 290 MB 3.6.1.201512240104
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά Microsoft Corporation 16/01/2016 12.1 MB 15.0.4569.1506







I will post the eset online scan log in a few hours as I need to leave right now.
 



 


#4 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 AM

Posted 04 March 2016 - 11:37 AM

I asked some questions about Vivaldi you didn't answer.

How many days have the ads been appearing? I ask this to help determine which program(s) might be responsible for the ads.

 

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right.

Yes HKCU:Run DiscordPTB Hammer & Chisel, Inc. C:\Users\Marios\AppData\Local\DiscordPTB\app-0.0.12\DiscordPTB.exe
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\Marios\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
Yes HKCU:Run Google Photos Backup Google, Inc "C:\Users\Marios\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
Yes HKCU:Run Keypirinha Jean-Charles Lefebvre "C:\Users\Marios\Desktop\Keypirinha\keypirinha.exe" --autorun
Yes HKCU:Run Listary Bopsoft "C:\Program Files\Listary\Listary.exe"
Yes Startup User ArsClip.lnk C:\Program Files (x86)\ArsClip\ArsClip.exe
Yes Startup User My Shorcuts.exe.lnk C:\Users\Marios\OneDrive\My Shorcuts.exe
Yes Startup User ShareX.lnk ShareX Team C:\Program Files\ShareX\ShareX.exe

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-3780740502-1510083273-281139964-1001Core Google Inc. C:\Users\Marios\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-3780740502-1510083273-281139964-1001UA Google Inc. C:\Users\Marios\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Opera scheduled Autoupdate 1456909235 Opera Software C:\Program Files (x86)\Opera beta\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task RunUninstallTool_SkipUac CrystalIDEA Software C:\Program Files\Uninstall Tool\UninstallTool.exe $(Arg0

 

Uninstall these programs:

Candy Crush Soda Saga king.com 15/02/2016 1.59.300.0 (Use Download Revo Uninstaller Freeware in Advanced Mode to uninstall)

Java 8 Update 66 (64-bit) Oracle Corporation 06/01/2016 46.4 MB 8.0.660.18
Java SE Development Kit 8 Update 65 (64-bit) Oracle Corporation 06/01/2016 537 MB 8.0.650.17
Opera beta 36.0.2130.26 Opera Software 04/03/2016 126 MB 36.0.2130.26 (Use Download Revo Uninstaller Freeware in Advanced Mode to uninstall)
Opera Mail 1.0 Opera Software ASA 06/01/2016 1.0.1040
Tixati 06/01/2016 (Or keep it...Beware that using it to download free stuff is VERY RISKY and often illegal)
WinPcap 4.1.3 CACE Technologies 03/03/2016 4.1.0.2980
 

 

 

 


Edited by buddy215, 04 March 2016 - 11:44 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Ma_t14

Ma_t14
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 March 2016 - 01:13 PM

First off, I'd like to mention that I'm coming from a computer science background.

Sorry, I must have forgotten to answer your question about Vivaldi. As I said it's using the chromium engine so it has all the features that come with it, third party cookie blocking being one of them. It also supports chrome extensions and I am using ublock Origin for ad blocking. The popups started happening today.

I disabled all the unecessary scheduled tasks (will probably have to re-enable chrome updater later). Removed the candy crush game which actually might be part of the issue since I never installed it intentionally.

I am not disabling any of my start up programs since I have verified them all and confirmed that all were set by myself.

Not sure why you are suggesting to unininstall Java run-time environment and development kit, care to elaborate? Also I'm not removing any of the other programs, except from Candy Crush as previously mentioned, as they are all programs I intentionally installed and use occasionally.

The Eset Online Scanner is currently running and has found some threats which will hopefully be the culprits. I'll post the log shortly after it's finished.


Edited by Ma_t14, 04 March 2016 - 01:14 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 AM

Posted 04 March 2016 - 02:07 PM

Java needs to be updated if you actually use it. Old Java are malware magnets. Once updated...be sure to uninstall the old ones.

 

Opera was purchased by Chinese company that intends to use it as an ad platform.

Who are the Chinese tech companies that just bought Opera?

The listing shows that Opera Beta was installed today....... 04/03/2016


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Ma_t14

Ma_t14
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 March 2016 - 02:27 PM

Java needs to be updated if you actually use it. Old Java are malware magnets. Once updated...be sure to uninstall the old ones.

 

Opera was purchased by Chinese company that intends to use it as an ad platform.

Who are the Chinese tech companies that just bought Opera?

The listing shows that Opera Beta was installed today....... 04/03/2016

That's a valid point. I will make sure to update Java shortly.

Yes, I know about the Opera acquisition but it hasn't been finalized yet. Rest assured that I'll remove Opera once things start looking sketchy. I installed a new build that was released today, that's why it's showing as installed today.

I actually have a suspicion of what might be the cause but I don't think I can verify anymore sadly.

I have not received any more popups since I got home so one of the scans might have done the job.
 

But here take a look at the Eset log anyway. The dnsunlocker  was actually detected in previous scans and is definitely the adware (if not one of a few) that was causing the popups. Seems like the other tools didn't manage to remove it completely. I will keep Eset Online Scan in mind for the future, thanks for the suggestion. 
 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\ab36fac3-93dd-4505-9add-ad6d38d4b914\updater.exe.vir a variant of Win32/BrowseFox.BZ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll.vir a variant of Win32/Adware.CloudGuard.B application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DNS Unlocker\dnslockington.exe.vir a variant of MSIL/Adware.CloudGuard.C application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\ab36fac3-93dd-4505-9add-ad6d38d4b914\PluginContainer.exe.vir a variant of Win32/BrowseFox.AU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\ab36fac3-93dd-4505-9add-ad6d38d4b914\plugins\12\Plugin.exe.vir a variant of Win32/BrowseFox.CY potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\ab36fac3-93dd-4505-9add-ad6d38d4b914\plugins\12\resources\plugin.dll.vir a variant of Win32/BrowseFox.CN potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\ab36fac3-93dd-4505-9add-ad6d38d4b914\plugins\2\Plugin.exe.vir a variant of Win32/BrowseFox.CX potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\ab36fac3-93dd-4505-9add-ad6d38d4b914\plugins\8\Plugin.exe.vir a variant of Win32/BrowseFox.CX potentially unwanted application cleaned by deleting


#8 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:25 AM

Posted 04 March 2016 - 02:40 PM

Actually Eset only identified what AdwCleaner had already quarantined.....nothing new was found and removed by Eset.

 

Please let me know if ads show up again....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Ma_t14

Ma_t14
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 04 March 2016 - 02:41 PM

Will do. And yes you are right, I only skimmed through the results. Didn't realize the path was pointing to Adwcleaner's quarantine folder.


Edited by Ma_t14, 04 March 2016 - 02:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users