Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found something weird in IE history


  • Please log in to reply
8 replies to this topic

#1 behem0th

behem0th

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:36 AM

Posted 28 September 2016 - 03:00 PM

I rarely use IE but decided to poke around today. In my history, I found "trc.taboola.com" I have never heard of or visited that site but it was in the history from one week ago. What is it? I looked online and it seems to be adware but I've never gotten any redirects or anything like that. I ran Malwarebytes, Hitman Pro, and Adwcleaner and they all found nothing.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:36 AM

Posted 28 September 2016 - 04:47 PM

I would think that the programs you scanned with would of found adware. It may be something related to a cookie. Check your

addons in IE for unknown addons.

 

I suggest you block Third party cookies...aka...ad/ tracking cookies from installing in your browsers. Once you have done

that run CCleaner to remove the existing ones. How to disable third-party cookies in all major web browsers

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

If you don't have an ad blocker installed I would recommend using Adblock Plus. One that I have used for years.

Adblock Plus :: Add-ons for Firefox

Adblock Plus - Chrome Web Store

 

Another popular program used here to scan for adware is Junkware Removal Tool.

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by buddy215, 28 September 2016 - 04:48 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 behem0th

behem0th
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:36 AM

Posted 28 September 2016 - 05:05 PM

 

I would think that the programs you scanned with would of found adware. It may be something related to a cookie. Check your

addons in IE for unknown addons.

 

I suggest you block Third party cookies...aka...ad/ tracking cookies from installing in your browsers. Once you have done

that run CCleaner to remove the existing ones. How to disable third-party cookies in all major web browsers

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

If you don't have an ad blocker installed I would recommend using Adblock Plus. One that I have used for years.

Adblock Plus :: Add-ons for Firefox

Adblock Plus - Chrome Web Store

 

Another popular program used here to scan for adware is Junkware Removal Tool.

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 10 Home x64 
Ran by Computer (Administrator) on Wed 09/28/2016 at 18:01:35.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Computer\AppData\Local\{87C2B19E-A36A-DD26-CEF2-F8CEEA9A0456} (Empty Folder)
Successfully deleted: C:\Users\Computer\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Computer\AppData\Roaming\3909 (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/28/2016 at 18:04:42.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Looks good to me, doesn't seem like anything suspicious. Any idea what winit.ini is?

Edited by behem0th, 28 September 2016 - 05:10 PM.


#4 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:36 AM

Posted 28 September 2016 - 05:18 PM

If adware such as Taboola was active on the computer I think you would be seeing popups/ search redirects, etc when surfing the web.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 behem0th

behem0th
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:36 AM

Posted 28 September 2016 - 05:33 PM

If adware such as Taboola was active on the computer I think you would be seeing popups/ search redirects, etc when surfing the web.

Fair point



#6 buddy215

buddy215

  • BC Advisor
  • 12,878 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:36 AM

Posted 28 September 2016 - 07:36 PM

I just took a look at my local newspaper site. I have NoScript installed. It shows me the scripts that would run when opening a web page and

allows me to allow them or block them. Taboola was one of the scripts being blocked. If I allow it to run it is possible that Taboola would place content

such as links to articles and videos. Of course, those would be ads.

 

A user who posted a comment on WOT's site said this: QUOTE: An example of an ad shown today had the headline of "Obama to California Home Owners - 'Get Free Solar Panels,'" with an obviously photoshopped image of Obama speaking at a podium while HOLDING the SUN! There was a total of 21 ads in a single adbox... 3X7 grid. Most of it click-bait, such as the headline "This Animal Just Solved A Legendary Mystery" with a picture of a kitten playing cards.... Most of the links generated at list one pop-up ad when you click on it, and many of the sites are of the sort that are completely swamped in ads, so it takes about a minute to load the page.

The actual website when you go to it is of a completely different look, as professional as possible, in sharp contrast to the clutter it creates on its "partners." More like a parasite and its hosts.

And the worst part of all this? I no longer trust the real links, because you can never tell if it truly is part of the website. END QUOTE

 

I use Adblock Plus so I likely would not see the Taboola crapola even if I allowed its script to run.

I also block the Ad/ Tracking cookies....another way that would block Taboola targeting me.

 

The bottom line....when you last used IE and visited a website....Taboola called home if you allowed its cookies, scripts and had no Ad Blocker active in IE.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 behem0th

behem0th
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:36 AM

Posted 28 September 2016 - 07:50 PM

I just took a look at my local newspaper site. I have NoScript installed. It shows me the scripts that would run when opening a web page and

allows me to allow them or block them. Taboola was one of the scripts being blocked. If I allow it to run it is possible that Taboola would place content

such as links to articles and videos. Of course, those would be ads.

 

A user who posted a comment on WOT's site said this: QUOTE: An example of an ad shown today had the headline of "Obama to California Home Owners - 'Get Free Solar Panels,'" with an obviously photoshopped image of Obama speaking at a podium while HOLDING the SUN! There was a total of 21 ads in a single adbox... 3X7 grid. Most of it click-bait, such as the headline "This Animal Just Solved A Legendary Mystery" with a picture of a kitten playing cards.... Most of the links generated at list one pop-up ad when you click on it, and many of the sites are of the sort that are completely swamped in ads, so it takes about a minute to load the page.

The actual website when you go to it is of a completely different look, as professional as possible, in sharp contrast to the clutter it creates on its "partners." More like a parasite and its hosts.

And the worst part of all this? I no longer trust the real links, because you can never tell if it truly is part of the website. END QUOTE

 

I use Adblock Plus so I likely would not see the Taboola crapola even if I allowed its script to run.

I also block the Ad/ Tracking cookies....another way that would block Taboola targeting me.

 

The bottom line....when you last used IE and visited a website....Taboola called home if you allowed its cookies, scripts and had no Ad Blocker active in IE.

OOOOH THAT MAKES SO MUCH MORE SENSE NOW! 



#8 behem0th

behem0th
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:36 AM

Posted 28 September 2016 - 08:06 PM

Btw, do you know what wininit.ini is? Because JRT removed it.



#9 Jaycan

Jaycan

  • Members
  • 442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 28 September 2016 - 09:52 PM

See your original post where it explains what a .ini file is and should finish this ..........






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users