Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with s3-amazonaws.com


  • This topic is locked This topic is locked
10 replies to this topic

#1 soso_sem

soso_sem

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 29 September 2016 - 08:24 AM

Hello all,

 

I was redirected to this forum as a more appropriate place to post.

you can find my previous post here:

http://www.bleepingcomputer.com/forums/t/628043/invisible-audio-ads-pop-up-windows-and-amazonaws-pop-ups/

 

The issue appears in some websites (ex. 9gag.com), where when the site starts to load, the original ads are loaded and then almost immediately they are covered up by other ads. After some time audio starts playing and pop-ups appear with messages like "congratulations, we want to make you a millionaire" or something similar.

Additionaly when in the main page I am scrolling and there is a .gif post it automatically redirects me to the post page.

If you would like to see it in action, I can post a link to a video of exactly what is happening.

 

I have been noticing these issues on my personal laptop, which runs on Windows 10, but also on my work laptop (runs Windows 7) only when connected to my home wireless network, to a much lesser extent.

 

Here is a summary of what I have tried so far.

- Fully scanned with McAfee

- Full system scan with Spybot Search & Destroy

- Checked Control panel for unwanted installed software: no unknown software found

- Reset all browsers (IE, Chrome, Firefox, Edge), deleted history, cookies, cache and website data

- Clean reset windows 10, deleting all user information

- run rkill,com

- Scan with Malwarebytes Anti-Malware

- Scan with ADWcleaner

- Scan with Malwarebytes Junk removal tool

- Scan with Hitman Pro

- Scan with NPE Symantec

- Scan with SpyHunter - 2 issues found (identified as dialer trojans): registry keys, created by Spybot at domains/zonemaps that correspond to restricted website - Increased McAfee firewall security settings

- Took the laptop to the IT work department, they did several things (not sure exactly what though) but couldn't find any issues. Also during the time my laptop was connected to my company's wifi network, all these pop-ups and audio-ads did not appear.

 

All these scans (except the last one) either came up clean, or with minor issues which where fixed by the software.

Unfortunatelly I have no logs, as I reset Windows after and all files were deleted.

All these steps temporarily fix the issues but it keeps coming back after 1-2 days and it is driving me crazy.

 

I am not sure if I am infected by some kind of adware but so far nothing has been able to remove the issue.

Have you seen anything similar before? Can you please help me with figuring out what is going on?

 

I am attaching FRST logs, it would be great if you can help me with any advise!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 29 September 2016 - 08:50 AM

Hi soso_sem :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

May I ask you which web browser you are using? To me it looks like you're just being bothered by normal ads that have redirection (malvertising). Installing an Adblocker (like uBlock Origin or Adblock Plus) usually prevents that from happening.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 soso_sem

soso_sem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 29 September 2016 - 09:12 AM

Hi Aura,

 

Thanks for your response! My name is Sofia, so you can also call me Sofia!

 

I first started noticing the issue with Chrome, but it appears in all my browsers (Firefox, IE, Edge).

 

Looking forward to getting to the bottom of this!

:thumbsup:



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 29 September 2016 - 09:21 AM

Nice to meet you Sofia :)

Alright, install uBlock Origin in Google Chrome and Mozilla Firefox, and let me know if you keep getting ads in these web browsers after.

uBlock Origin Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
uBlock Origin Mozilla: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 soso_sem

soso_sem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 30 September 2016 - 01:05 AM

Hi Aura,

 

I have installed uBlock and I don't see these ads anymore.

Meanwhile, I have also reset my router as it was suggested in my previous post.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 30 September 2016 - 06:55 AM

That's good to know :) Now, I know that Microsoft is working to make uBlock Origin compatible with Edge, so you'll be able to install it when that happens, as for Internet Explorer, since uBlock Origin isn't available for it, you can use AdBlock Plus instead (and disable the "Acceptable ads").

Disable Acceptable Ads in AdBlock Plus: https://adblockplus.org/acceptable-ads#optout

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 soso_sem

soso_sem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 30 September 2016 - 10:07 AM

Hi Aura,

 

Thanks a lot for your reply. Anything else that I can do? Will you get back to me after you had a look at the FSRT logs?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 30 September 2016 - 10:46 AM

If your only issue are with ads, and installing an adblocker stopped them from appearing, then no, there's nothing else to do, unless you had another issue you wanted me to address. Also, I took a look at your FRST logs and I don't see any traces of malware in them :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 soso_sem

soso_sem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 30 September 2016 - 12:42 PM

Hi Aura,

 

Ok. thanks a lot for all your help then!

 

Have a great weekend!



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 30 September 2016 - 12:45 PM

No problem Sofia, you're welcome! Have a great weekend too :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 30 September 2016 - 12:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users