16 posts in this topic

So I have recently been getting pop ups Usually when surfing around the net and the popups either start talking at me telling me how "adfoc.us is a revolutionary way to make money on the internet" amongst many others.

 

I have used Adwcleaner and it did find things and remove them but i am still getting the pop ups on both browsers (mostly chrome though)

 

I use both Chrome and IE. running Windows 8.1, 

 

I have run mal-ware and anti-virus scans but they detect nothing. The only program that has detected anything is adwcleaner. 

 

Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too..

 

So what am I left with?

 

Anyone know of a scanner that might find this ad-ware and remove it or am i looking at a format.... I would really hate a format, took me an age to setup 8.1

 

Thanks

 

Share this post


Link to post
Share on other sites

adfly is one of the most annoying things i ever seen online ...

Share this post


Link to post
Share on other sites

Scan your pc with this.

https://www.malwarebytes.org

Share this post


Link to post
Share on other sites

Is there any toolbar installed on your system? Removing them usually helps and there should be extensions too, remove it. I will try to use a pc in a bit to be able to help you more (on phone now)

 

Edit: Do you have Adblock+? That will stop the pop up but it will not stop the script and for that the best choice is noscript for firefox and ScriptSafe for chrome will do the job.

 

Edit1:

Yeah tried that already - it found nothing.

Did you run it in safe mode? If not try it

Share this post


Link to post
Share on other sites

"Usually when surfing around the net"

"Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too.."

This points to something other than infection then.. Sure its just not a site your visiting that has them as ads?

I would boot a LiveCD - does it happen then?

Share this post


Link to post
Share on other sites

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

Share this post


Link to post
Share on other sites

Did you boot a liveCD and see if your still getting the issue? What are you using for dns?

Its not out of the realm of possibility - what is your router?

Example of router exploit, etc.

http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/

Share this post


Link to post
Share on other sites

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

No it is not the router it's your host. I assume you already checked if there is any toolbar installed or not. Do a scan in safe mode too.

Share this post


Link to post
Share on other sites

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

I would check the DNS settings in your router. Make sure they didn't get tampered with. Does your still have the default username and password?

 

If they did all computers connecting to it would use those same DNS numbers including your RT tablet.

Share this post


Link to post
Share on other sites

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :P

 

LexL I am not pointing finger at you I am only talking in general.

 

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

Share this post


Link to post
Share on other sites

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

Some recent examples and some of the routers affected. Turn off Remote Admin on your router if you don`t use it and it`s turned on by default.

https://www.gcpower.net/routers-getting-hacked/
http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/

Share this post


Link to post
Share on other sites

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :p

 

LexL I am not pointing finger at you I am only talking in general.

 

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

My Dad had these same issues and I ran Malewarebytes and Hitman Pro to fix. I ran them both in safemode. Hitman would not even finish unless I ran it in safemode. After running them both in safemode. It was all clear.

Share this post


Link to post
Share on other sites

 

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

So after Flashign my Router with DDWRT.

I discovered that the DNS settings had been changed to :

 

107.170.189.30

107.170.245.37

 

It was this causign these popups. I have changed the router admin password with one that is less "hackable". Quite sneaky, change routers DNS settings so that web browsers on every device attached is directed to these adfocus sites where the advertiser gets paid for the link being visited...

 

Much Smarts, Such Fraud

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.