Jump to content

Cannot find source of fake Java/Flash update pop-ups.


Recommended Posts

For about month now while browsing the web in Chrome I have been randomly (about 2-3 times per week or so) been getting thrown to a new tab with a suspicious webpage telling me I need to update Flash or Java and prompting me to download a "download manager" that is quite obviously adware.  For the life of me, I cannot track down the source of these pop-ups.

 

This has occurred when browsing perfectly legitimate websites including The New York Times, The Onion, and Reddit, so I am assuming the source is installed on my computer somewhere.

 

I have run:

 

Malewarebytes

Super Anti-Spyware

Spybot S&D

MS Security Essentials

 

I've attached a screenshot of the page it sent me to today, but the URL always seems to be different.  The "uninstall" link you see leads  to a set of completely generic uninstall instructions for Windows ("Go to Programs & Features" -> "Select software" -> "Click Ok") but nowhere is the name of the software specified.  In fact, nothing out of the ordinary appears in Programs & Features at all and certainly nothing from "softwarehelp.check-live.com" or anything similar

 

What should my next step be?

 

hijackthis.log also attached.

post-182316-0-02051400-1422299863_thumb.

hijackthis.log

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Try to reset your router to factory settings.
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Okay, I spent some time just opening various websites in both Chrome and Firefox, cleaning out cookies and cache intermittently.  I did this both on my the Win7 system experiencing symptoms as well as on another system running Linux.

 

Over the course of about 90-minutes I was only kicked to the fake Java update page once (again at a different URL).  This happened on the Win7 system, right at the beginning, after I first cleared Chrome's browser cache and cookies.  It happened when I navigated, again, to The Onion with the fake Java page popping up after the page took some time to load.

 

Something I hadn't considered previously was the fact that The Onion is one of the few websites on which I typically leave Adblock disabled (since it interferes with video playback), so I suppose it is possible that one of the advertisements on The Onion is compromised.  However, because I suspected this, I repeatedly cleared cache/cookies and opened The Onion on both systems.  I also opened up The Onion in about 20 separate tabs in Chrome on both systems and let them auto-refresh for over 30 minutes.  Unfortunately, none of them re-directed to the fake Java update during that time.  In fact, to my recollection, I've never seen the fake Java update pop-up on the Linux system at all, in spite of browsing all the same websites on it using the same browser (Chrome).

Link to post
Share on other sites

  • 3 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.