Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When using Ad-fly, "Skip Ad" redirects to malicious sites


  • This topic is locked This topic is locked
40 replies to this topic

#1 Duke_Dave

Duke_Dave

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 01 September 2016 - 11:39 AM

Hello,

 

I've had a problem when using Adfly to download mods. When I click on any adfly link, it sends me to the adfly and I wait 5 seconds to click "Skip Ad". But when I click "Skip Ad" it opens up a new tab and redirects me to malicious sites. I've gotten help from buddy 215, but the problem cannot be solved yet. Before following his instructions I've scanned with my antivirus and detected nothing. You can view the full procedures here:

 

http://www.bleepingcomputer.com/forums/t/625156/adfly-redirects-my-download-malware/

 

I used FRST, and here are my attachments

Attached Files


Edited by Duke_Dave, 02 September 2016 - 09:27 AM.


BC AdBot (Login to Remove)

 


#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 04 September 2016 - 09:48 AM

Hi Duke_Dave & Welcome to the forums ^_^,


I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 Duke_Dave

Duke_Dave
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 04 September 2016 - 11:51 AM

Hi Duke_Dave & Welcome to the forums ^_^,


I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav

Thanks Pranav. Take your time in reading the logs  :)



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 06 September 2016 - 06:43 AM

Hi Duke_Dave,


Kindly allow me a bit more time to review your log files :)



Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 06 September 2016 - 01:00 PM

Hi Duke_Dave ^_^,

I have gone through your log files and everything seems to be clean and fine. There is only a single flaw that the JAVA present on your system is outdated. Besides that, everything seems fine. Still, I would like you to run an Emsisoft Emergency Scan using the below instructions -
 
 
Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 
Regarding the Adf.ly advertisements, could you please tell me what kind of mods you are trying to download? Could you please link me to the website from where you are trying to download those mods?


Have a nice day!


Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#6 Duke_Dave

Duke_Dave
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 07 September 2016 - 04:45 PM

Hi Duke_Dave ^_^,

I have gone through your log files and everything seems to be clean and fine. There is only a single flaw that the JAVA present on your system is outdated. Besides that, everything seems fine. Still, I would like you to run an Emsisoft Emergency Scan using the below instructions -
 
 
Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 
Regarding the Adf.ly advertisements, could you please tell me what kind of mods you are trying to download? Could you please link me to the website from where you are trying to download those mods?


Have a nice day!


Regards,
Pranav

 

Here are the logs: http://pastebin.com/EpsgFgFZ

 

I'm trying to download the world save and the texture pack from this site http://www.planetminecraft.com/project/greenfield---new-life-size-city-project/



#7 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 10 September 2016 - 02:08 AM

Hi Duke_Dave,

 

I am still discussing the issue with Adf.ly with my instructor. Please allow me a bit more of time :)

 

 

 

Thanks!

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#8 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 11 September 2016 - 03:53 AM

Hi Duke_Dave ^_^,
 
The log files are clean. 
 
Regarding the Adf.ly downloads, they work fine over here (I am using ESET on my laptop). I am concerned Mcafee Site Advisor might be contributing to your troubles.
 
I would suggest you to disable Mcafee Site Advisor using the following guide to disable extensions -
 
https://community.box.com/t5/Account-Information/How-To-Disable-Plugins-Add-Ons-Extensions-In-Multiple-Browsers/ta-p/19
 
The above link contains instructions for both Chrome and Firefox. Please disable the Mcafee Site Advisor.
 
In case Firefox does not show the Site Advisor Plugin, please follow this guide - https://support.mozilla.org/en-US/questions/988401

Once you have disabled the extensions, simply restart the browser and see if you are still getting warnings on the Adf.ly website.......If so then please let me know as I have possibly another solution.
If no, download and enjoy ^_^ . Please make sure that you don't click on any of the advertisements which are displayed on Adf.ly though.
 
If you are still not able to download the files, you can post the Adf.ly links which you would like to download and I could send the links behind them.
 
Let me know in case of any problem  :hug:
 
Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#9 Duke_Dave

Duke_Dave
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 September 2016 - 11:13 AM

Hi Duke_Dave ^_^,
 
The log files are clean. 
 
Regarding the Adf.ly downloads, they work fine over here (I am using ESET on my laptop). I am concerned Mcafee Site Advisor might be contributing to your troubles.
 
I would suggest you to disable Mcafee Site Advisor using the following guide to disable extensions -
 
https://community.box.com/t5/Account-Information/How-To-Disable-Plugins-Add-Ons-Extensions-In-Multiple-Browsers/ta-p/19
 
The above link contains instructions for both Chrome and Firefox. Please disable the Mcafee Site Advisor.
 
In case Firefox does not show the Site Advisor Plugin, please follow this guide - https://support.mozilla.org/en-US/questions/988401

Once you have disabled the extensions, simply restart the browser and see if you are still getting warnings on the Adf.ly website.......If so then please let me know as I have possibly another solution.
If no, download and enjoy ^_^ . Please make sure that you don't click on any of the advertisements which are displayed on Adf.ly though.
 
If you are still not able to download the files, you can post the Adf.ly links which you would like to download and I could send the links behind them.
 
Let me know in case of any problem  :hug:
 
Regards,
Pranav

Still redirects me to malicious sites.

I got the main downloads from the mods.



#10 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 11 September 2016 - 11:45 AM

Hi Duke_Dave ^_^,

 

 

Could you please tell me how do you know that the website is malicious? Are you seeing any prompt?

 

Could you please post a screenshot when you try visiting the Adf.ly link?

 

 

Also, could you please post the Adf.ly links from which you are trying to download stuff?

 

 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#11 Duke_Dave

Duke_Dave
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 September 2016 - 12:45 PM

Hi Duke_Dave ^_^,

 

 

Could you please tell me how do you know that the website is malicious? Are you seeing any prompt?

 

Could you please post a screenshot when you try visiting the Adf.ly link?

 

 

Also, could you please post the Adf.ly links from which you are trying to download stuff?

 

 

Regards,

Pranav

When I click Skip Ad, the download redirects me to a malicious site such as:

 

adexchangeprediction.com

drb34.voluumtracker1.com

installthesoftware.com
ipsowrite.com
 
Mostly are scams that prompts me to download malware. I'm trying to download from these links:
 
 
 
Update: When I got the main download from Mediafire by some mod, it gave me the download I wanted but at the same time it redirected me to a malicious site. In this case, it might be both Adfly and MediaFire which causes the redirects. Here is the download:
 


#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 12 September 2016 - 07:42 PM

Hi Duke_Dave ^_^,

 

 

Sorry to hear that the problem is still occurring. I am able to download from both those links provided by you and so is my instructor. Let's try another approach.

 

I would like you to install the uBlock Origin addon for FireFox. Kindly follow the below instructions -

  1. Open up Firefox.
  2. Go to this link in FireFox - https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
  3. You would see the Install option. Please click on it.
  4. Once the addon has installed, restart Firefox and try browsing those links.

 

Let me know how it goes ^_^.

 

Also, when you click on "Skip Ad" after 5 seconds on Adf.ly, does it open any other tab or do you notice any notification from the browser that a pop-up has been blocked? If yes, then please let me know  :)

 

 

Have a nice day!

 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 Duke_Dave

Duke_Dave
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 13 September 2016 - 01:48 PM

 

Hi Duke_Dave ^_^,

 

 

Sorry to hear that the problem is still occurring. I am able to download from both those links provided by you and so is my instructor. Let's try another approach.

 

I would like you to install the uBlock Origin addon for FireFox. Kindly follow the below instructions -

  1. Open up Firefox.
  2. Go to this link in FireFox - https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
  3. You would see the Install option. Please click on it.
  4. Once the addon has installed, restart Firefox and try browsing those links.

 

Let me know how it goes ^_^.

 

Also, when you click on "Skip Ad" after 5 seconds on Adf.ly, does it open any other tab or do you notice any notification from the browser that a pop-up has been blocked? If yes, then please let me know  :)

 

 

Have a nice day!

 

Regards,

Pranav

 

I don't have Firefox, I use Chrome. When I click skip ad, it opens up a new tab with the malicious site but it doesn't show any notification from the browser that a pop-up has been blocked. I double checked and my Chrome browser doesn't allow popups.



#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:26 AM

Posted 14 September 2016 - 12:59 PM

Hi Duke_Dave ^_^,
 
 

I don't have Firefox, I use Chrome.

That's strange. I see Mozilla Firefox installed on your system as per the FRST logs. Anyways, ublock Origin is available for Chrome as well. You can download it from this link - https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
 

When I click skip ad, it opens up a new tab with the malicious site but it doesn't show any notification from the browser that a pop-up has been blocked. I double checked and my Chrome browser doesn't allow popups.

Could you please also tell me what happens to the original tab? I mean the tab in which the Adf.ly link was open?
 
 
Let me know how it goes ^_^
 
 
Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 Duke_Dave

Duke_Dave
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 15 September 2016 - 04:58 PM

Hi Duke_Dave ^_^,
 
 

I don't have Firefox, I use Chrome.

That's strange. I see Mozilla Firefox installed on your system as per the FRST logs. Anyways, ublock Origin is available for Chrome as well. You can download it from this link - https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
 

When I click skip ad, it opens up a new tab with the malicious site but it doesn't show any notification from the browser that a pop-up has been blocked. I double checked and my Chrome browser doesn't allow popups.

Could you please also tell me what happens to the original tab? I mean the tab in which the Adf.ly link was open?
 
 
Let me know how it goes ^_^
 
 
Regards,
Pranav

 

Alright, the first time I clicked "Skip Ad" with uBlock, it opened up a new tab but without the malicious site, just about:blank. The original adfly link didn't change. The second time I clicked "Skip Ad", it sent me to the Mediafire download, not a new tab. Then I clicked the download and a new tab appeared with about:blank, but the Mediafire site redirected to a malicious site. But at the same time my content was being downloaded normally.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users