Jump to content

Plagued with Numerous Ads!


Recommended Posts

I've been Plagued with numerous Ads and now popups are also appearing for about two weeks.  They are for sites such as: Alibab.com, Russian Brides.com Sekindo(video ads), other dating sites.

 

Also many fake ads/warnings such as:  "You need to be registered to watch this content..., " Your flash player is outdated, update to latest version..." etc...  

 

I've ran several different legit adware/spyware scanners, downloaded from safe sources, including of coure Anti- Malwarebytes.  They initially have picked up a few low risk problems and removed them, but they are not removing all the Ads I'm being plagued with.  I really don't want to go through the hassle of reformatting again as I just barely had my laptop returned from Dell 2 months ago and it was completwly wiped out at that time.  I don't understand how it could have gotten this bad so quickly!

 

Please any help or suggestions would be greatly appreciated.

 

Thanks!

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Step #1 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.

  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Option and put a tick mark on everything;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.

Do a fresh FRST scan and post the log.

  • Required Log(s):
    • Malwarebytes' Anti-malware Log
    • AdwCleaner Log
    • FRST.txt
Regards,

Valinorum

Link to post
Share on other sites

2016-03-04 09:14 - 2016-03-04 09:14 - 00012381 _____ C:\Users\Scott\Downloads\Flight.World.War.II.2015.720p.BRRip.x264.AC3-iFT.torrent

2016-03-04 09:13 - 2016-03-04 09:13 - 00059278 _____ C:\Users\Scott\Downloads\World.War.II.In.HD.Colour.S01.Part1.720p.BluRay.x264-TD.torrent

2016-03-04 09:13 - 2016-03-04 09:13 - 00059278 _____ C:\Users\Scott\Downloads\World.War.II.In.HD.Colour.S01.Part1.720p.BluRay.x264-TD (1).torrent

2016-03-04 09:09 - 2016-03-04 09:09 - 00015008 _____ C:\Users\Scott\Downloads\Flight.World.War.II.2015.BRRip.XviD.AC3-EVO.torrent

Please refrain from torrenting.
  • Step # Fix with FRST

    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --

      StartCreateRestorePoint:CloseProcesses:EmptyTemp:HKU\S-1-5-21-3977910519-4191028296-1914516480-1001\...\MountPoints2: {c7d9942d-cc18-11e5-a22b-4851b7a5e9ce} - "E:\setup.exe" HKU\S-1-5-21-3977910519-4191028296-1914516480-1001\...\MountPoints2: {d5e829fe-c911-11e5-a22a-4851b7a5e9ce} - "G:\OriginInstaller.exe" CHR Extension: (Media Hint) - C:\Users\Scott\Downloads\Apps\media_hint (1) [2016-02-01] [UpdateUrl: hxxps://127.0.0.1] <==== ATTENTIONC:\Users\Scott\Downloads\Apps\media_hintEnd
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.

Reset your browsers.


  • Required Log(s):
    • FRST Fix Log
Regards,

Valinorum

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Scott (2016-03-12 12:54:09) Run:1

Running from C:\Users\Scott\Desktop

Loaded Profiles: Scott (Available Profiles: Scott & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

EmptyTemp:

HKU\S-1-5-21-3977910519-4191028296-1914516480-1001\...\MountPoints2: {c7d9942d-cc18-11e5-a22b-4851b7a5e9ce} - "E:\setup.exe" 

HKU\S-1-5-21-3977910519-4191028296-1914516480-1001\...\MountPoints2: {d5e829fe-c911-11e5-a22a-4851b7a5e9ce} - "G:\OriginInstaller.exe" 

CHR Extension: (Media Hint) - C:\Users\Scott\Downloads\Apps\media_hint (1) [2016-02-01] [updateUrl: hxxps://127.0.0.1] <==== ATTENTION

C:\Users\Scott\Downloads\Apps\media_hint

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-3977910519-4191028296-1914516480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7d9942d-cc18-11e5-a22b-4851b7a5e9ce}" => key removed successfully

HKCR\CLSID\{c7d9942d-cc18-11e5-a22b-4851b7a5e9ce} => key not found. 

"HKU\S-1-5-21-3977910519-4191028296-1914516480-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5e829fe-c911-11e5-a22a-4851b7a5e9ce}" => key removed successfully

HKCR\CLSID\{d5e829fe-c911-11e5-a22a-4851b7a5e9ce} => key not found. 

C:\Users\Scott\Downloads\Apps\media_hint (1) <==== ATTENTION => not found

"C:\Users\Scott\Downloads\Apps\media_hint" => not found.

EmptyTemp: => 988 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 12:55:28 ====

Link to post
Share on other sites

No it's not with every site. I'll use an example When I visit www.vocm.com  On the top Banner "Vocm News Now" there was an Ad to the right .  There should also be an Ad below "listen to VOCM" on the right hand side of the page.  Now they are just a blank space where the ad should be.  until I applied your fix this was being taken over by obvious unwanted adware. All the other Ads on the site display fine and many webpages display ads as normal.  It is just random, as was the Adware previously.

 

I am not concerned at all about these legit ads being gone, but Is there a chance that the adware is just idle for the time being and could return?

Link to post
Share on other sites

Yes I have done that already. Internet Explorer the same results.  I was wondering if it had something to do with adobe flash player as many of the adware ads had messages asking to update flash player.  (I did not though, as I knew I had the latest version already).  I tried uninstalling and reinstalling but makes no difference.

Link to post
Share on other sites

I'm being Bombarded worse than ever since yesterday with continuous popups saying that my computer is Infected with malicious content.(see attachment)  Also, my Wife's Ipad now is having similar issues.  I didn't think it was possible to have an ipad corrupted with malware.  I even tried using my sons hipstreet w7 tablet that hasn't been used in almost a year.  It too is displaying adware.  

Is it possible that my Modem and or Router itself is being targeted? 

Can't believe I didn't think to mention in the beginning that about a month ago I received a scam phone call from someone claiming to be a microsoft technician and I knew immediately not to give them any info.  But thought I would humor them for a few minutes before they disconnected,  I just thought it was a coincidence that I now am starting to have adware issues.  

Please help me I am at my Wits End!!! :(

Eastlink Customer.docx

Link to post
Share on other sites

  • Step #4 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      Hosts:
      CHR Extension: (Media Hint) - C:\Users\Scott\Downloads\Apps\media_hint (1) [2016-02-01] [UpdateUrl: hxxps://127.0.0.1] <==== ATTENTION
      C:\Users\Scott\Downloads\Apps\media_hint
      cmd: bitsadmin reset /allusers
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.

 

Reset the browsers and then proceed to the following fix.

  • Step #5 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
Link to post
Share on other sites

Still have the adware.  I just had an idea to test my theory about adware coming through my router on all devices.  I hooked the Lan Cable to this same laptop where the issue started and plugged directly into my ISP Modem(bypassing my Router)  and sure enough It confirms it.  I can load any website adfree!  So what can I do about this?  I'm thinking a good place to start is to set my router to factory settings?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.