Jump to content

Adware stuff?


Recommended Posts

I've recently noticed /g00/ in sites like https://www.everydayhealth.com/ and even experienced it before, so I looked it up and it turns out it's injected adware. When I was browsing google images on Jeet Kune Do stuff, chrome said it wasn't secure and when I clicked on one result, MWB said it blocked connection to oocities.org despite it being a middleeasy site. I don't know what's going on here, is there some sort of vulnerability in my system that's letting them in easier, or is there someone/thing secretly tracking me? 

image.png.48b6fafcfb8af8be1c25ac4f389298c2.png

Link to post
Share on other sites

  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello @BreadmanYan

This is probably a browser issue, but we'll scan to make sure there is nothing else going on.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin

Deleting cookies is rarely good enough. As far as preventing from happening again, no. Disabling the synch will remove the current bad information. Then clean the computer and if wanted turn sync back on (it will now be new, fresh content) and continue on.

Use of a good Ad Blocker will help to prevent some of these bad changes. Following good safety practices will also help. Not visiting known risky sites, downloading unknown or risky software, not updating plugins, etc.

 

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education, you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Thank you and take care

Ron

 

 

Link to post
Share on other sites

  • Root Admin

Please download the following tool from Nir Sofer

  BrowserAddonsView v1.15 - Web browser addons/plugins viewer
Copyright (c) 2016 - 2018 Nir Sofer

BrowserAddonsView

Then run the tool with Admin rights. Using your mouse and keyboard highlight everything found. Then click on the Save icon or File-Save-Selected-Items and save it to a location where you can find it and upload that file as an attachment in your next reply please.

Thank you

Ron

Link to post
Share on other sites

  • Root Admin

We can look at removing Chrome if you like but don't try to do both things at once please.

These 2 add-ons are as least suspicious due to their update date being recent. I'm not saying they are the issue, but they were updated recently.

==================================================
Item ID           : hnjhnncdcllbkacphdmdabdajfcnnnld
Status            : Enabled
Web Browser       : Chrome
Addon Type        : Extension
Name              : Bring Google View Image Back
Version           : 0.0.4
Description       : This extension brings the view image button back in google image search results
Title             :
Creator           :
Install Time      : 7/15/2018 4:35:36 AM
Update Time       :
Homepage URL      :
Update URL        : https://clients2.google.com/service/update2/crx
Source URL        :
Addon Filename    : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjhnncdcllbkacphdmdabdajfcnnnld\0.0.4_0\manifest.json
Addon File Created Time: 7/15/2018 4:35:33 AM
Addon File Modified Time: 7/15/2018 4:35:36 AM
Size              :
Profile Folder    : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
==================================================

==================================================
Item ID           : omghfjlpggmjjaagoclmmobgdodcjboh
Status            : Enabled
Web Browser       : Chrome
Addon Type        : Extension
Name              : Browsec VPN - Free and Unlimited VPN
Version           : 3.20.1
Description       : Encrypts your traffic. Allows to open blocked websites.
Title             : Browsec
Creator           :
Install Time      : 6/28/2018 2:23:29 PM
Update Time       :
Homepage URL      : https://browsec.com/
Update URL        : https://clients2.google.com/service/update2/crx
Source URL        :
Addon Filename    : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh\3.20.1_0\manifest.json
Addon File Created Time: 6/28/2018 2:23:27 PM
Addon File Modified Time: 6/28/2018 2:23:29 PM
Size              :
Profile Folder    : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
==================================================

 

Please see if you can uninstall these add-ons and if that corrects the issue or not and let me know.

You also have a very old one for Internet Explorer. I would recommend you uninstall that one and if wanted, update to the latest version.

 


==================================================
Item ID           : {FFCB3198-32F3-4E8B-9539-4324694ED664}
Status            : Enabled
Web Browser       : Internet Explorer
Addon Type        : Browser Helper Objects
Name              : Adblock Plus
Version           : 1.5.0
Description       : Adblock Plus BHO for Internet Explorer
Title             : Adblock Plus for IE Browser Helper Object
Creator           : Eyeo GmbH
Install Time      :
Update Time       :
Homepage URL      :
Update URL        :
Source URL        :
Addon Filename    : C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
Addon File Created Time: 9/22/2015 7:17:16 PM
Addon File Modified Time: 9/22/2015 7:17:16 PM
Size              :
Profile Folder    :
==================================================

 

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.