Jump to content
starligthn

Ad Malware help, pop-ups on web and inside programs like Steam and LoL

Recommended Posts

I've already tried a lot of programs and procedures to remove it but with no success, among them are: CCleaner, Emsisoft Emergency kit, Malwarebits, AdwClener, HitmanPro, AVG free version and some others, even returned chrome and firefox (web browsers that I use most) settings to their original defaults.

Also, all the pcs and smartphones that we have in our house are experiencing the same problem, it has already been a couple months with it, on the computers we only have to deal with the annoying ads while in the smartphones, whenever we try to use the web browser the page is redirected to an ad page that shows a pop-up message with a warning like " your phone is infected, install that app quick!!!1!! ", so it kinda dont let you use the internet.

It has appeared on programs like Steam, Origin and League of Legends, but there are some periods of time that it dissapears from the last.

 

Note: The smartphones with this malware are all android, Im not sure if the the Iphones have the same issue.

 

Here's some images that show the issue (some of them are +18ads): http://imgur.com/a/KAwVM

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hello,

 

 

Probably you need to reset your router to factory settings, to change the hijacked DNS address 94.102.53.185 with the other Google DNS address 8.8.4.4, to set a strong admin password and to update the router firmware to the latest version.

 

Platform: Windows 8.1 Single Language (X64) OS Language: Português (Brasil)
Tcpip\..\Interfaces\{2E0ACE7B-5C26-48D2-86A1-ED636EFFF875}: [DhcpNameServer] 94.102.53.185 8.8.8.8 =>  Netherlands

 

Next clean the browsers cache (including all Android based browsers) and purge the dns cache on the affected computers with the command from an elevated Command prompt => ipconfig /flushdns

 

 

Regards,

Georgi

Share this post


Link to post
Share on other sites

Ive changed the preferencial server dns(ipv4) to the other google DNS adress on my computer and cleaned the browsers cache, and it seems that it resolved my problem (for now, at least). but theres something else that im in doubt.

Actually, my router is also my internet modem, they arent separated, because of that Im kinda afraid on resetting it.

I dont know if by resetting it, I may also delete settings that provides me access to the internet service, theres an option on the router's web interface to save those settings but Im not sure if after the reset and after I put the settings back it will run again without any problems, and thats something that wont affect only me.

Do you know something about that?

 

Also, thanks for the help!! Not seeing those annoying ads for a while made me feel really relieved, I was trying to get rid of this problem for a long time.

Share this post


Link to post
Share on other sites

Hello,

 

 

I had a similar device before used by my previous ISP provider (a combined device that functioned as both a modem and a wireless router) and I believe that the modem don't have any available settings to change. It usually acts like a media converter gpon used for the fiber optics. However if you fear to reset the router settings then to be on the safe side you can export the settings to a config file using the router's web-based setup page first.

 

http://i.imgur.com/8GOwybq.png

 

This is highly recommended before you decide to update the firmware to the latest version since most vendors reset the settings after the update anyway automatically. If you still don't wanna reset the settings be sure to change the DNS addresses of the router and at least change the default admin password (the default password is admin by the way and it is very easy to be compromised).

 

Here are the advised settings to check and adjust (their names may differ for different routers).

 

Changing the DNS addresses:

 

http://i.imgur.com/NUku0Xz.png

 

You can enable MAC filtering to ensure that only the devices you want can access the router (the Mac addresses should be added manually for every device you want to access the router and can be a little annoying).

 

http://i.imgur.com/lCPSBkR.png

 

Turn on the WPA2 encryption if available:

 

http://i.imgur.com/rVRyLol.png

 

You can Disable the UPnP for security purposes:

 

http://i.imgur.com/JhCkVXD.png

 

More info can be found in the articles below:

 

HTG Explains: Is UPnP a Security Risk?

Disable This Buggy Feature On Your Router Now To Avoid A Serious Set Of Security Vulnerabilities

 

Turn on the SPI firewall if available. You can always disable it if you encounter any problems after enabling it.

 

http://i.imgur.com/MAYzfZG.png

 

You may enable the Advanced Security Settings but don't enable the DoS detection and don't mess with the Flooding detection settings if you are planning to use P2P programs since you will lose Internet access...

 

http://i.imgur.com/GYyzDSI.png

 

You can set who to access the router settings page from the Local Management page:

 

http://i.imgur.com/vCf5OQS.png

 

You can disable the Remote Management for security purposes:

 

http://i.imgur.com/4I4iG4y.png

 

Don't forget to change your default admin password:

 

http://i.imgur.com/OEBmqoO.png

 

In case of problems at a later stage you can always restore the config file you exported earlier or call the ISP support for assistance.

 

Be sure to reboot the router in order for the changes to take effect. Also you may need to perform a hard reboot on all Android devices to clear the DNS cache on all of them.

 

 

 

Regards,

Georgi

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.