Quantcast

Maximum PC

It is currently Fri Aug 22, 2014 2:42 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 22 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Damn Adware? how the hell do i get rid of it?
PostPosted: Tue Dec 02, 2008 7:42 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
I keep getting random porn adds and pop ups on maximumpc's site along with other sites. Its a pain in the ass... I tried spyware doctor (the free one that comes with google download pack) It found some things and deleted them but I'm still getting this shit. Every day it gets worse and I don't want credit cards stolen. Reinstall of windows would be a last effort but i would rather not.

Help please. It's annoying and I'm worried about the security of my pc.


Top
  Profile  
 
 Post subject:
PostPosted: Tue Dec 02, 2008 7:55 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
This should really be in the Free Clinic, but I guess it works here too.

Since it is already confirmed malware, I'm going to have you skip HijackThis for now and skip right to SUPERAntiSpyware.

Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Paste the logfile here and close the program.


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 6:14 am 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2008 at 11:15 PM

Application Version : 4.22.1014

Core Rules Database Version : 3661
Trace Rules Database Version: 1641

Scan type : Complete Scan
Total Scan Time : 00:56:03

Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 5788
Registry threats detected : 0
File items scanned : 64289
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\John\Cookies\john@adcentriconline[2].txt
C:\Documents and Settings\John\Cookies\john@doubleclick[2].txt
C:\Documents and Settings\John\Cookies\john@windowsmedia[1].txt
C:\Documents and Settings\John\Cookies\john@advertising[2].txt
C:\Documents and Settings\John\Cookies\john@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\John\Cookies\john@2o7[2].txt
C:\Documents and Settings\John\Cookies\john@cgi-bin[2].txt
C:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt
C:\Documents and Settings\John\Cookies\john@atdmt[2].txt
C:\Documents and Settings\John\Cookies\john@statcounter[1].txt
C:\Documents and Settings\John\Cookies\john@kontera[2].txt


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 6:16 am 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
still getting same problem... some ads on web pages mpc for example get removed are replaced with other ads (look fake) and there is a little bar at the top saying click here to remove ads.


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 7:47 am 
Team Member Top 1000
Team Member Top 1000
User avatar

Joined: Thu Sep 11, 2008 4:10 pm
Posts: 868
Wait are there ads on the site? That is normal. There's a difference between popups and ads.

I found a quick screen shot.
Image

Do you mean there's an ad banner like at the top of the picture here? The Scion ad is the one I'm referring to. Ads do rotate on the site. If I'm totally wrong please correct me. But with your second post it sounds as if you are annoyed with the ads on the site. If you're using Firefox, download Adblock Plus.

AJ


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 1:07 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Well that didn't detect much at all.

What sites (other than MPC) are you getting pop-ups on?

Unless you are experiencing what CTskifreak described.


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 2:27 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
This is what I am getting. I dont mind ads but this is a pain and if is the ads that max pc is supposed to have thats pathetic.

Image

Image

Image

Image

Image

Image


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 5:15 pm 
Team Member Top 1000
Team Member Top 1000
User avatar

Joined: Thu Sep 11, 2008 4:10 pm
Posts: 868
It is what I described. If you use Firefox, download AdBlock now. Save you a lot of hassle. That's not adware, it's just ads on the site.

Firefox 3.0.4 with AdBlock Plus 1.0
Image


However, those ads look like a lot of porn. This is what IE7 looks like to me with out any ad blocker.
Image
Hmmm.

AJ


Top
  Profile  
 
 Post subject:
PostPosted: Wed Dec 03, 2008 5:51 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
sometimes ads are normal other times i get the porn crap... for years I have never seen any porn related add till now


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 1:32 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
ideas.... anyone?


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 1:33 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Any custom DNS settings? Or an odd host file?


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 1:49 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
No... I do have DMZ enabled. But why wont these spyware programs detect and remove this... im an geting same ads on other sites including facebook and kijiji.ca


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 2:43 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
I'm not sure if this is malware. Though I'm not sure what is up with those porn ads.

Can you post the hosts file text here please? (C:\Windows\System32\drivers\etc). Open the hosts file with Notepad and just paste the text here.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 3:13 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space. - dddddddddddddd---------
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#

127.0.0.1 localhost
127.0.0.1 atwola.com
#68.178.151.28 delb.opt.fimserve.com # 728x90
#68.178.151.28 desk.opt.fimserve.com # 160x600
#68.178.151.28 demr.opt.fimserve.com # 300x250
72.167.163.234 www.google-analytics.com
#72.167.163.234 pagead.googlesyndication.com
#72.167.163.234 pagead2.googlesyndication.com
#127.0.0.1 as.casalemedia.com
#68.178.151.288 ad.yieldmanager.com
#68.178.151.288 ad.doubleclick.net
#72.167.163.234 ads.sup.com
68.178.151.28 view.atdmt.com
#68.178.151.28 rad.~LINK BROKEN BY MANAGEMENT~
##68.178.151.28 themis.geocities.yahoo.com
127.0.0.1 www.intuneads.com
127.0.0.1 KILLMEPLEASE.com
127.0.0.1 www.cifras.com.br
127.0.0.1 www.gshome.com
127.0.0.1 www.all-midi.com
127.0.0.1 www.directtabs.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 cdn1.tribalfusion.com
127.0.0.1 isg01.casalemedia.com
127.0.0.1 isg02.casalemedia.com
127.0.0.1 isg03.casalemedia.com
127.0.0.1 isg04.casalemedia.com
127.0.0.1 isg05.casalemedia.com
127.0.0.1 isg06.casalemedia.com
127.0.0.1 isg07.casalemedia.com
127.0.0.1 isg08.casalemedia.com
127.0.0.1 isg09.casalemedia.com
127.0.0.1 isg10.casalemedia.com
127.0.0.1 isg11.casalemedia.com
127.0.0.1 isg12.casalemedia.com
127.0.0.1 isg14.casalemedia.com
127.0.0.1 isg15.casalemedia.com
127.0.0.1 isg16.casalemedia.com
127.0.0.1 ads.PointRoll.com
127.0.0.1 icq.rambler.ru
#127.0.0.1 global.msads.net
127.0.0.1 distortica.com


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 3:45 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Did you add any of those entries in the host file?


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 4:08 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
wouldnt even know how to.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 4:10 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Okay, I'm going to have you restore the default host file.

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Restart the computer and try browsing web sites again.


Top
  Profile  
 
 Post subject:
PostPosted: Fri Dec 05, 2008 4:21 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
spyware doctor found this

http://www.pctools.com/en/mrc/infection ... Virtumonde


Top
  Profile  
 
 Post subject:
PostPosted: Fri Dec 05, 2008 4:32 pm 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
What was the filepath of that detection?


Top
  Profile  
 
 Post subject:
PostPosted: Fri Dec 05, 2008 7:46 pm 
Klamath
Klamath
User avatar

Joined: Sat Jan 27, 2007 6:59 am
Posts: 214
Location: Canada
OK so most ads seem to be gone.... and WOW it infected one of spyware doctors dll's! It took a few full system scans to find it im surprised it did.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ]  Go to page 1, 2  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group