Jump to content

Doesn't find this malware

jamjim13

By jamjim13
in Resolved Malware Removal Logs

 Share

Recommended Posts

kayfelix

kayfelix

Posted
Posted

I have the exact same issues on about 6 different machines.

Constant popups in Chrome - yet none of the antivirus/anitmalware/antiwhatever software detects this. There are no unknown programs running, there are no unknown registry entries, I am the end of my tether here - just cant find the cause of this issue!

Will update here if I can find anything.

Link to post
Share on other sites
kayfelix

kayfelix

Posted
Posted

Well... I'm still stumped.
What I've tried so far:
Scan with HitManPro
Scan with MalwareBytes
Scan with UnHackMe
Scan with BitDefender
Scan with CCleaner

Searched computer for any mention of confirm or prize, including all drives, all registry locations

Have check Google Chrome and Internet Explorer and reset both to factory defaults

Have checked for any newly installed programs - nohting

Have checked any weird services or processes running - nothing

No new shortcuts created. Checked all shortcuts for injections - nothing

Windows Task Scheduler - nothing

No recent windows Updates.

 

All computers are Windows 10 Pro, all have mostly similar software profiles, all users have "administrator" permissions on their own machines.

Funnily out of about 60 machines, only about 10% machines are affected currently.

I have instead blocked confirmprize.com IP address (136.144.170.26) on the router level (also so I can record which computers are "infected") as well as with our DNS blocking software.

will keep looking.

Link to post
Share on other sites
jp91

jp91

Posted
Posted (edited)
25 minutes ago, kayfelix said:

Well... I'm still stumped.
What I've tried so far:
Scan with HitManPro
Scan with MalwareBytes
Scan with UnHackMe
Scan with BitDefender
Scan with CCleaner

Searched computer for any mention of confirm or prize, including all drives, all registry locations

Have check Google Chrome and Internet Explorer and reset both to factory defaults

Have checked for any newly installed programs - nohting

Have checked any weird services or processes running - nothing

No new shortcuts created. Checked all shortcuts for injections - nothing

Windows Task Scheduler - nothing

No recent windows Updates.

 

All computers are Windows 10 Pro, all have mostly similar software profiles, all users have "administrator" permissions on their own machines.

Funnily out of about 60 machines, only about 10% machines are affected currently.

I have instead blocked confirmprize.com IP address (136.144.170.26) on the router level (also so I can record which computers are "infected") as well as with our DNS blocking software.

will keep looking.

idk if it's just me but they've just changed the domain and ip it's forwarding to...

pandasrockmedia.com

92.242.132.24

 

But prior to redirecting it's directing to:

trk.dsllgal.com

99.198.108.197

 

So may want to add these to your blacklist as well

Edited by jp91
Link to post
Share on other sites
kayfelix

kayfelix

Posted
Posted

Thanks for the info. There's another group thats throwing ideas around. I think I have pinpointed the culprit now. As soon as I installed the old version of Skype I started getting those shitty popups. I've had this gut feeling all along - a rogue add *****ing around - I'm now 99% sure its Skype!!!!

Link to post
Share on other sites
fabio84

fabio84

Posted
Posted

I found the same problem on a colegue pc, we too had an old version of skype (i didn't check the old version number) i didn't noticed new popups after the update

I found this post on a facebook group where they blamed an old skype version too: https://m.facebook.com/groups/2204579521?view=permalink&id=10156641304434522

So hopefully this vulnerability allowed just to open an url on the default browser from an advertising on old Skype versions

Link to post
Share on other sites
teo_zakeruga

teo_zakeruga

Posted
Posted (edited)

This happened to me August of LAST YEAR with version 7 of Skype (not sure which one exactly) and the version I was using was the latest one at that time. I was getting suspicious ads for a couple of days until one day a fake tech support website popped up in a new chrome tab with a very disturbing image and I was confused how it happened because I had adblock enabled. I scanned my PC with a couple of programs and nothing was found. After a while, I determined that Skype was the problem since when Skype was closed, my computer acted normally so I then manually blocked Skype's ad network and automatic updates feature so I didn't have to keep blocking Skype's ad network after everytime I updated. I don't know why or how a big company like Microsoft would ever allow sketchy as networks to advertise for any of their programs and not do anything about it ?. I still use that version of Skype today and I have no clue if I should actually update or not since I'm not a fan of Skype 8.

Edited by teo_zakeruga
Link to post
Share on other sites
moth

moth

Posted
Posted

I've been dealing with this problem for three days off and on, and after updating Skype, I haven't had any more issues either. I've tried using Malwarebytes, AdwCleaner, Spyhunter, HitmanPro, Emsisoft, and a few other programs that were admittedly a bit more on the sketchy side, but none of them picked up anything besides a few cookies that my primary security program (Norton) didn't catch. 

Link to post
Share on other sites
Organizer

Organizer

Posted
Posted

Finally I found someone with this issue which started Tuesday 4th September and per similar thread from someone, I've tried all, plus a few programs already mentioned in the thread and none of them found the issue nor has been able to remove it. I'm still confused how this can be related to the old Skype, though I am running it (as the new one is horrible). First I thought it was Firefox related, but as it turned out it simply uses whatever your default app is set to browser wise.

My always running setup include ESET and Malwarebytes which clearly did not do their job in this case. Would have been great to see some more official information and involved on this thread as I do need the classic Skype (which was not touched, nor updated) and one should think there's more to it seeing this Skype is used by a lot of people, but there seems to be very few reports on this issue so far.

Link to post
Share on other sites
Organizer

Organizer

Posted
Posted

In case each unwanted advert is triggered by a certain Skype advert being processed in the background (and that this is not related to an already infected Skype installation that I can't run anymore without having this issue, seeing I won't be upgrading) I've disabled adverts in Skype 7 by doing the following, I'll report back in case the advert issue returns, but I'm hopeful this could be an alternative solution for now.

Close Skype and head to C:\users\[your user name]\App Data\Roaming\Skype\[your Skype username]. You should see a config.xml file in this directory. Right-click it and choose Edit, then find the line that says <AdvertPlaceholder> and delete the entire line. Make sure to save your changes to the file before exiting. You can use Ctrl+F to find the line quickly.

Note: If you do not see the App Data folder, it's probably because you don't have Show hidden files enabled. Click the Organize button > Folder and search options> View tab > mark the radio button next to Show hidden files, folders, or drives.

Link to post
Share on other sites
cbminstrel

cbminstrel

Posted
Posted

Hello,

I've been searching for help with the same issue!

Since yesterday firefox has been opening new tabs, to start with an obviously fake offer of a year free of netflix, and now online surveys. So I closed firefox and started using avast browser instead. However, firefox keeps opening itself to open surveys which have the same addys listed above:

pandasrockmedia.com

trk.dsllgal.com

And also: visit.net-ax51.stream

I've attached screen shots of the adverts too.

I've scanned using a number of different programmes....avast, malwarebytes free edition, spybot search & destroy and I'm currently running microsoft safety scanner. Nothing has found anything wrong with my system. Yet, I've been consistently getting firefox opening itself with these adverts and it's starting to a) worry me and b) frustrate me. I've opened a thread in another forum but there's no answers there yet either.

I'm going to wait for this microsoft safety scanner scan to end and then I'm going to try getting rid of skype 7 (yes, I'm running this version and currently using it). Does anyone have advice as to whether to fully delete it and download the new version fresh? Or should I just update via the version 7 I have. Also, is this enough? Or do I still need to run some kind of cleaner after that?

I'll obviously update as to whether this works or not once I do it.

(I should mention I'm a really non techy savvy person, so all help and advice is valued!)

firefoxnetflix.JPG

newsurvey.JPG

Link to post
Share on other sites
Organizer

Organizer

Posted
Posted
36 minutes ago, cbminstrel said:

Since yesterday firefox has been opening new tabs, to start with an obviously fake offer of a year free of netflix, and now online surveys. So I closed firefox and started using avast browser instead. However, firefox keeps opening itself to open surveys which have the same addys listed above:

It's for sure not FF related as per my post above, I changed windows default browser from FF to Chrome, and then Chrome became the new issue. Still testing running Skype 7 without adverts on my one PC with issue as per my latest post (I have two on the network, one had ads disabled and have no issues and one was showing ads before me also fixing that today - the one that had and might still have the issues).

Link to post
Share on other sites
cbminstrel

cbminstrel

Posted
Posted

Hi Organizer,

Yeah, I started to suspect it was a default browser being used by something else issue rather than firefox. Thanks for confirming that!

At the moment, my skype box is stuck on an advertisement place card (so not a real ad, just a placeholder), I'm waiting to see if when it finally changes to a real advert in the skype chatbox I get another survey pop up.

If so, I'll go from there. Not sure whether to try your advert fix above or just play safe and upgrade completely.

Link to post
Share on other sites
Organizer

Organizer

Posted
Posted

@cbminstrel If you don't hate the lack of certain settings in Skype 8 I'd just update if I was you (personally there's too many drawbacks for me). If my advert fix works, it likely means an update is all that is needed, no further cleaning etc. (as in whatever is triggering being related to random adverts and the intervals of those adverts in open Skype tabs and windows due to someone finding a way to exploit Skype to trigger an automated website open through adverts). Would also explain why no-scanner/tool mention in this thread detects anything. Then again I'm a novice at best at this, so all over just my two cents. Just happy I found this thread after almost going bad due to wasting time on this :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.