Annoying ad popups/malware infection

Party Rooster

Unleash The Beast
Apr 27, 2005
40,304
7,454
438
The Inland Empire State
#1


Just recently started getting these. Tried Malwarebytes and a Combofix scan and it didn't clean it. Also ran an AVG Free scan and nothing came up. Happens on both Chrome and Firefox. On Chrome you can click the X and it goes away, but you can't on Firefox.

I think it reset some either proxies or DNS redirects, and I didn't notice anything in the hosts file but I notice my google searches on Chrome are getting redirected and were also on Firefox until I disabled the proxy settings in there, so it had to mess with some proxy settings at least.

I also noticed at the top of Google search results there's entries for traffic.*******.com, so I think that has something to do with it. I'm leary to click on anything because of being hijacked.

Speaking of hijacked, I ran a Hijackthis scan and there were too many things in there I was unsure of so I haven't gone that route yet.

Any ideas?
 

Neon

ネオン
Donator
Mar 23, 2008
51,803
18,538
513
Kingdom of Charis
#2
Did you try running those scans in safe mode? Sometimes that's the only way to detect the malware or whatever it is.
 

fletcher

Darkness always says hello.
Donator
Feb 20, 2006
59,552
19,736
513
jersey
#3
Im no expert but have you cleared your cache?

But more seriously, are you running a flash blocker? I get zero popups using it in FF.

ClIcK HeRe 4 a FrEe IpAd!!!1!
 

samurai

Ridiculum Anserini
May 16, 2007
20,710
4,184
568
Chicago
#4
For me: NoScript, Flashblock and Adblock plus.

Sweetness ensues.
 

ruckstande

Posts mostly from the shitter.
Apr 2, 2005
14,998
4,511
678
South Jersey
#5


Just recently started getting these. Tried Malwarebytes and a Combofix scan and it didn't clean it. Also ran an AVG Free scan and nothing came up. Happens on both Chrome and Firefox. On Chrome you can click the X and it goes away, but you can't on Firefox.

I think it reset some either proxies or DNS redirects, and I didn't notice anything in the hosts file but I notice my google searches on Chrome are getting redirected and were also on Firefox until I disabled the proxy settings in there, so it had to mess with some proxy settings at least.

I also noticed at the top of Google search results there's entries for traffic.*******.com, so I think that has something to do with it. I'm leary to click on anything because of being hijacked.

Speaking of hijacked, I ran a Hijackthis scan and there were too many things in there I was unsure of so I haven't gone that route yet.

Any ideas?
Register at the forum for hijack this. I can't remember the name of it but you can post your scan log and people will tell you what is safe to remove. Post it here if you want to actually. Maybe we can help.
 

Party Rooster

Unleash The Beast
Apr 27, 2005
40,304
7,454
438
The Inland Empire State
#6
I run Adblock but this thing is impervious to it. Want to find out what it is because I don't want some trojan lingering in my system anyway.

I downloaded Macafee and have that running a full scan. But now I can't access my computer from my phone via TeamViewer because of the firewall block. I fucking hate how they've dumbed down everything so you can't customize what you want it to ignore. That's why I don't even have an AV program installed in the first place.
 

fletcher

Darkness always says hello.
Donator
Feb 20, 2006
59,552
19,736
513
jersey
#7
Did you get the same popup on the same sites? Flashblock will take care of that no problem. You have thrown a ton of things at something that might just be a simple problem, DL Flashblock already!
 

GrammatonCleric

Registered User
Nov 19, 2008
5,044
1,301
358
#8
For me: NoScript, Flashblock and Adblock plus.

Sweetness ensues.
Ditto. The other plus is that if you go to a questionable porn site then you have the list of sites trying to run scripts on that page.

Go to bleepingcomputer.com and download rkill.com (it's a dos file) then after running that without restarting your computer, download malwarebytes then update it and run it.
 

Party Rooster

Unleash The Beast
Apr 27, 2005
40,304
7,454
438
The Inland Empire State
#9
Did you get the same popup on the same sites? Flashblock will take care of that no problem. You have thrown a ton of things at something that might just be a simple problem, DL Flashblock already!
Isn't that kind of like turning up the radio in your car because you hear funny noises coming from the engine?

Ditto. The other plus is that if you go to a questionable porn site then you have the list of sites trying to run scripts on that page.

Go to bleepingcomputer.com and download rkill.com (it's a dos file) then after running that without restarting your computer, download malwarebytes then update it and run it.
Thanks, I'll try that next. McAffee was worthless, found like two things but neither helped with the problem.
 

fletcher

Darkness always says hello.
Donator
Feb 20, 2006
59,552
19,736
513
jersey
#10
Isn't that kind of like turning up the radio in your car because you hear funny noises coming from the engine?
Pop up ads for anti malware software doesnt mean you have malware on your computer, grampa. And no, you werent the 1,000,000th visitor to that other site you went to. ;)
 

blazin

Registered User
Dec 9, 2004
3,893
422
578
#11
probably got a rootkit.

Try TDSSKILLER first
 

whiskeyguy

PR representative for Drunk Whiskeyguy.
Donator
Jan 12, 2010
36,420
22,053
398
Northern California
#12
Pop up ads for anti malware software doesnt mean you have malware on your computer, grampa. And no, you werent the 1,000,000th visitor to that other site you went to. ;)
Ironically, the chat box at the bottom of the porn website he goes to is actually a girl from his hometown that wants to fuck him.
 

SOS

ONA
Wackbag Staff
Aug 14, 2000
48,124
8,888
1,038
USA
#13
I need to have a Firefox add-ons thread tomorrow.
 

freddyfox

Registered User
May 19, 2009
268
107
248
Albuquerque
#14

Party Rooster

Unleash The Beast
Apr 27, 2005
40,304
7,454
438
The Inland Empire State
#16
probably got a rootkit.

Try TDSSKILLER first
Looks like that was it. Thanks. Downloaded that and ran it and it found one. Looks like that cleared it up. Wish I would have wrote it down, but I didn't. Does that program create a log file because I couldn't find it.
 

blazin

Registered User
Dec 9, 2004
3,893
422
578
#17
yes, on the root of the c:\ you should see a text file
 

blazin

Registered User
Dec 9, 2004
3,893
422
578
#19
Word. Rootkits are fun. Sneaky little fuckers.
 

OccupyWackbag

Registered User
Dec 12, 2011
3,416
188
98
#20
Just poor bleach in the computer. It will kill the infection.

Sent from my Galaxy S3 using Tapatalk 2