Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible skype infetion?


  • This topic is locked This topic is locked
21 replies to this topic

#1 gabe22

gabe22

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 28 October 2017 - 02:47 PM

Not sure whats going on but just today I noticed there are strange ads within skype (desktop version), in home and chat window.


Home ad:

1.jpg

 

 

Chat window ad:

2.jpg

 

 

Anyways so I ran a few scans:

 

Malwarebytes, ADW Cleaner, Zemana Anti-Malware - found nothing

HitmanPro, SUPERAntiSpyware and - found mostly cookies of ad sites etc, removed em but this skype ad thing wont go.

 

Tried reinstall, removing files from AppData\Roaming\Skype, no luck.

 

Also on a side note, when restarting this laptop sometimes it displays windows security services disabled but not always, related maybe?

 

I think its an infection of sorts, not sure ... Any help is much appreciated, thanks!

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 29 October 2017 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.
==============================

#3 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 29 October 2017 - 10:39 AM

Hi nasdaq,

 

Thank you and both requested logs attached.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 29 October 2017 - 12:30 PM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Please let me know what problem persists with this computer.

#5 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 29 October 2017 - 03:56 PM

Log attached and not sure if it worked,but this is how it is now:

 

 

home (no loading circle thingy .. just empty white screen and it stays that way) :

3.jpg

 

 

 

chat window: doesn't seem like ad's are there but placeholder is still there

 

4.jpg

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 30 October 2017 - 08:18 AM

I would reinstall skype

#7 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 30 October 2017 - 10:22 AM

Just reinstalled skype and the ads are back again, both in home and chat window.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 30 October 2017 - 12:41 PM

Hi,

Please run the Farbar program and post a fresh FRST log for my review.

p.s.

Is Firefox your default browser and did you reset it as I previously requested.

#9 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 30 October 2017 - 01:02 PM

Log attached and yes indeed firefox is the default browser and I did reset it as per given instructions.

 

FYI: I ran the FRST program's fix option first then after system restart I reset firefox And when I ran the fix option from FRST I had skype turned off and had firefox active but it got auto shutdown by FRST fix thingy I think.

Attached Files

  • Attached File  FRST.txt   49.89KB   1 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 31 October 2017 - 07:43 AM



Hi.

got auto shutdown by FRST fix thingy I think
That's normal.
===

If you run Skype do you still get the adds?

If yes, please update Malwarebytes and run the program. Remove everything that will be identified.

You may be infected by this malware.
https://forums.malwarebytes.com/topic/187203-removal-instructions-for-bestoffer/

Restart the computer normaly and let me know if the problem persists.

#11 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 31 October 2017 - 09:57 AM

Yes the ads are still there, both home and chat window have ads like before.

 

Ok so I ran both hyper and threat scan and nothing ... not a single detection.

 

Also the malware forum url states that in FRST log, for that specific case/example .. IDM and and the following was there ..

 

C:\Users\{username}\Desktop\iStripper.lnk
C
:\Users\{username}\Desktop\BestOffer EveryDay.lnk

 

I checked the FRST and addition log and no such thing there and yes I have IDM on this system but mbam forum that post kinda implies that the IDM download auto installs those other two but I never had anything with that name in this system, just mentioning this cause the symptoms doesn't exactly match.

 

Please advise how to proceed.


Edited by gabe22, 31 October 2017 - 09:57 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 31 October 2017 - 01:04 PM



Hi,

Refer to this topic.
How can I disable ads in Skype on Windows 10?
http://forum.thewindowsclub.com/microsoft-technologies-discussions/38617-how-can-i-disable-ads-skype-windows-10-a.html
===

If the problem persists, lets try a few things.

Disable your Flash in Firefox.

https://www.google.ca/search?ei=lbj4WfetEYbWjwTPpp-4Bw&q=disable+flash+firefox&oq=disable+flash+firefoxe&gs_l=psy-ab.1.0.0i13k1l2j0i22i30k1l8.1723.4347.0.7805.7.7.0.0.0.0.209.1214.0j6j1.7.0....0...1.1.64.psy-ab..0.7.1199...0j0i8i13i30k1j0i13i30k1j0i13i5i30k1j0i67k1.0.mJoejvaKgGE

===

How to disable extensions and themes

How to disable plugins

How to:
https://support.mozilla.org/en-US/kb/disable-or-remove-add-ons

Restart the computer and if the problem is eliminated enable the Extensions and the Plugins one or two at a time.

Test the system and see if you can find thie culprit.

#13 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 31 October 2017 - 01:46 PM

Ok so if I follow the instructions on How can I disable ads in Skype on Windows 10? here's what happens:

# Home - only displays the loading circle thingy and it keeps on loading forever.
# Chat window - no ads but the placeholder is there on top of the window like how it is on my previous chat window screenshot.

 

While this solution somewhat works but I prefer to remove w/e's infecting the system if possible.

 

# Disabling the plugins/extension/theme didn't work, I tried disabling all of them and after restart and plugins still disabled ... ads are still there.


Edited by gabe22, 31 October 2017 - 01:47 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 PM

Posted 01 November 2017 - 08:13 AM



Hi,

It may be a new feature of Skype.

This is what I just found.

https://support.skype.com/en/faq/FA10942/why-are-there-advertisements-for-other-companies-in-skype

and

https://support.skype.com/en/faq/FA140/how-do-i-manage-my-privacy-settings-in-skype-for-windows-desktop

Hope it helps.

#15 gabe22

gabe22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 01 November 2017 - 01:18 PM

Hmmm interesting ...

 

Even if its the case ... how come no patch/update and ad's just come out of nowhere? (yes perhaps it could've been intended/planned and thus systems were implemented previously which just happen to activate but this idea seems rather far fetched .. just thinking out loud) ...idea?

 

Also if you check the screenshots, it says they are links of taboola.com and google results show its just simply bad ... so just wondering, even if its ms ad, would ms knowingly go with a company with bad rep? idk ...

 

And I already have these marked off:

fa140_5.png

But then again there are lots of people searching for "how to remove skype ads" and strangely I've never heard of skype until a few days ago. I don't get it.

 

Anyway to the point, anyway to know for sure ... like with absolute certainty that these are authentic ms/skype ad or something else?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users