Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

apost.com subscription and popups


  • Please log in to reply
27 replies to this topic

#1 aspen_matthews

aspen_matthews

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 17 July 2017 - 11:44 PM

Last night I followed a link on Facebook to apost.com which had a "native american spirit animal" guide. I read the post and thought it was fun and decided to share it on Facebook. As I copied the url to the page, I got a small brief popup thanking me for subscribing (which I certainly did not do). I looked over the page and did not see any options to subscribe/unsubscribe. I updated my Norton and ran a scan and it found nothing. Tonight while watching hulu I got a popup ad from apost.com. Any help would be appreciated, thanks!



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 PM

Posted 17 July 2017 - 11:49 PM

Apost.com is a clean site...

 

https://www.virustotal.com/en/url/7148e127e0c583503df26448be99a363cf42fe79304bbceaf1797ae97ea2f993/analysis/1500353320/

 

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/

Create a System Restore point first.


Edited by jwoods301, 17 July 2017 - 11:50 PM.


#3 Pimptech

Pimptech

  • Malware Study Hall Senior
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:06:53 PM

Posted 17 July 2017 - 11:59 PM

Last night I followed a link on Facebook to apost.com which had a "native american spirit animal" guide. I read the post and thought it was fun and decided to share it on Facebook. As I copied the url to the page, I got a small brief popup thanking me for subscribing (which I certainly did not do). I looked over the page and did not see any options to subscribe/unsubscribe. I updated my Norton and ran a scan and it found nothing. Tonight while watching hulu I got a popup ad from apost.com. Any help would be appreciated, thanks!

 

You are using chrome ? Check if there isn't any strange extension installed.

Extensions can inject html on current pages.


Edited by Pimptech, 17 July 2017 - 11:59 PM.


#4 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 July 2017 - 12:01 AM

Only extensions are adobe, google, norton and skype



#5 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 July 2017 - 12:02 AM

Adwcleaner found:

PUP.Optional.Legacy

PUP.Optional.InstallCore

PUP.Optional.ProductSetup.A



#6 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 PM

Posted 18 July 2017 - 12:04 AM

Not actually "infections"...PUP stands for Potentially Unwanted Program.

 

Let it delete them and continue with JRT.



#7 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 July 2017 - 12:09 AM

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 05:03:16 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKU\S-1-5-21-826220148-540340821-647461178-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-826220148-540340821-647461178-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1512 B] - [2017/7/18 4:59:45]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#8 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 PM

Posted 18 July 2017 - 12:10 AM

Keep going and run JRT.

 

Then see if the issue happens again.



#9 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 July 2017 - 12:13 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by tatia (Administrator) on Mon 07/17/2017 at 22:10:55.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Program Files\comodo\geekbuddy (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{967499DA-8704-4017-96E7-B2EF5601A9DF} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/17/2017 at 22:13:10.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 July 2017 - 12:28 AM

Ok so all done, any thoughts on the logs?



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:53 PM

Posted 18 July 2017 - 12:34 AM

Use your computer and see if the issue happens again.



#12 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 19 July 2017 - 01:24 AM

My laptop wanted to do an update today then after all that the popups from apost.com are happening again. I'm at a Marriott hotel today but now my computer is using duckduckgo as the automatic search engine instead of google and I didn't change anything. I don't know if it has anything to do with the update. Help please :-(



#13 Pimptech

Pimptech

  • Malware Study Hall Senior
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:06:53 PM

Posted 19 July 2017 - 02:12 AM

My laptop wanted to do an update today then after all that the popups from apost.com are happening again. I'm at a Marriott hotel today but now my computer is using duckduckgo as the automatic search engine instead of google and I didn't change anything. I don't know if it has anything to do with the update. Help please :-(

 

Hi, aspen_matthews.

 

Please follow theses steps and let's see if it solve your problems:

You will be lead to the steps, but it's good to read the possibilities on how you got this. In this same article there is some very useful information take a look ;).



#14 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:53 PM

Posted 19 July 2017 - 05:29 AM

If it is adware or similar malware you might have a harder time removing it. Since it is designed to increase traffic to malicious websites, it will try to do so. Adding and improving the previously mentioned removal method, try these steps and see if it helps:

 

1. Check your browser for any add-ons or extensions you do not recognize and remove them.
2. Check your installed programs and see if there isn't anything suspicious that was installed lately (If there is, simply remove them).
3. Install any popular antivirus and do a quick scan (Majority of the providers do have free versions of their software). Or just use Windows Defender. It works really well in most cases.
4. Install and scan your PC with Malwarebytes and Hitman Pro to clean most adware.
 
After this, in most cases, the issues of malware should be solved. If it doesn't work, sometimes Windows has a hard time removing the malware in normal mode, if that is the case, restart Windows in "Safe mode with networking". And try the following steps again.
 
Let me know if this helps.


#15 aspen_matthews

aspen_matthews
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 19 July 2017 - 01:40 PM

I will run through these recommendations and post my results,thanks. One of the head scratchers is that these are both legit websites (apost and duckduckgo) so I don't know how this happened, very weird. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users