Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

shmokiads.com adware


  • Please log in to reply
1 reply to this topic

#1 Alasdairpl

Alasdairpl

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 26 February 2017 - 06:57 AM

I am also infected with this malware. I have a mac, so any mac related suggestions will also be helpful. I haven't figured out a solution but I have done some research and tried a few things. Here's what I've learned:
 
1) It affects both Safari and Chrome browsers.
 
2) It seems to be able to be transmitted to others so be careful about sending links if your computer is infected. I sent a facebook message with a link in it from my macbook and the other person who clicked through then had the same redirect issue on his Android phone. My iphone was also infected when I tested the link and I reinstalled iOS on my phone to get rid of it. I'm trying to avoid doing a total a reinstall on my macbook but haven't been able to get rid of the malware yet and may have to.
 
3) It seems to be inconsistent. Sometimes disappearing for a while and then returning. It also seems to always redirect me from some websites and not always from others. When I reset my browser or erase my cache sometimes this seems to delay it from happening again. 
 
4) A couple sketchy sites have popped up recntly that give advice for getting rid of this specific malware and want you to download things. They are full of poor grammar and look hostile. These are the sites I found I wouldn't recommend downloading anything from either of them as it may put your computer at further risk: 

 
5) I have installed and ran malwarebytes. The first time I ran it it found a file called "Spigot" which I erased. From doing research it looks like this name is linked to redirect and browser hijack malware. All subsequent scans with Malwarebytes and Avira antivirus have turned up nothing. 
 
6) I have deleted recently downloaded files (I had very few and only download from reputable sources). This didn't help. I've also searched my mac library and applications folders for files others have related to the Spigot malware and have found nothing.
 
7) Depending on which device is infected I seem to be redirected to either an ad site (shmokiads.com on my macbook) or a porn site (ushotcams.com when my iphone was infected). I saw this code when one time my browser failed to redirect:
 
window.location = "
http://www.shmokiads.com/serve.php?p=35358&s=dl
(function(a, B){if(/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a)||/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(a.substr(0,4)))window.location=b})(navigator.userAgent||navigator.vendor||window.opera,'[color=#000000][font='Helvetica Neue']

http://ushotcams.com/

Edited by Grinler, 26 February 2017 - 02:31 PM.
3rd party removal guides removed as per forum rules


BC AdBot (Login to Remove)

 


#2 vynnus

vynnus

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 10 March 2017 - 08:22 AM

I had this problem with my android smartphone.

 

One of the sites I was trying to access was being redirected to ushotcams.com
After what I did below it fixed the redirection:

Settings > Apps > Chrome > Storage
Clear Data
Clear Cache
 
Settings > Apps > Settings > Storage
Clear Data
Clear Cache

Edited by vynnus, 10 March 2017 - 08:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users