Jump to content



Photo

Adfoc.us and adfly and every other popup?!

Answered Go to the full post adware adfoc.us browser popups popup virus

15 replies to this topic

#1 LexL

LexL

    Neowinian

  • Joined: 09-September 11
  • Location: Milton Keynes
  • OS: Win7

Posted 05 August 2014 - 17:29

So I have recently been getting pop ups Usually when surfing around the net and the popups either start talking at me telling me how "adfoc.us is a revolutionary way to make money on the internet" amongst many others.

 

I have used Adwcleaner and it did find things and remove them but i am still getting the pop ups on both browsers (mostly chrome though)

 

I use both Chrome and IE. running Windows 8.1, 

 

I have run mal-ware and anti-virus scans but they detect nothing. The only program that has detected anything is adwcleaner. 

 

Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too..

 

So what am I left with?

 

Anyone know of a scanner that might find this ad-ware and remove it or am i looking at a format.... I would really hate a format, took me an age to setup 8.1

 

Thanks

 



Best Answer Riggers , 07 August 2014 - 20:10

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

Some recent examples and some of the routers affected. Turn off Remote Admin on your router if you don`t use it and it`s turned on by default.

https://www.gcpower.net/routers-getting-hacked/
http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/
Go to the full post



#2 +Jack Unterweger

Jack Unterweger

    devoted fan of the us-armed forces

  • Tech Issues Solved: 2
  • Joined: 19-January 03
  • OS: Snapshot-Linux x64 1149 0.3
  • Phone: Samsung Galaxy S3

Posted 05 August 2014 - 17:30

adfly is one of the most annoying things i ever seen online ...



#3 Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 05 August 2014 - 17:35

Scan your pc with this.

https://www.malwarebytes.org

#4 OP LexL

LexL

    Neowinian

  • Joined: 09-September 11
  • Location: Milton Keynes
  • OS: Win7

Posted 05 August 2014 - 17:39

 

 

Scan your pc with this.

https://www.malwarebytes.org

 

Yeah tried that already - it found nothing.



#5 Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 05 August 2014 - 17:57

Is there any toolbar installed on your system? Removing them usually helps and there should be extensions too, remove it. I will try to use a pc in a bit to be able to help you more (on phone now)

 

Edit: Do you have Adblock+? That will stop the pop up but it will not stop the script and for that the best choice is noscript for firefox and ScriptSafe for chrome will do the job.

 

Edit1:

Yeah tried that already - it found nothing.

Did you run it in safe mode? If not try it



#6 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 August 2014 - 18:35

"Usually when surfing around the net"
"Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?
This is also happening on a laptop on the network too.."

This points to something other than infection then.. Sure its just not a site your visiting that has them as ads?

I would boot a LiveCD - does it happen then?

#7 OP LexL

LexL

    Neowinian

  • Joined: 09-September 11
  • Location: Milton Keynes
  • OS: Win7

Posted 05 August 2014 - 19:44

Just reset and installed ScriptSafe. So will see if that does the trick...



the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)


Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

#8 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 August 2014 - 19:50

Did you boot a liveCD and see if your still getting the issue? What are you using for dns?

Its not out of the realm of possibility - what is your router?

Example of router exploit, etc.
http://arstechnica.c...cating-malware/

#9 Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 05 August 2014 - 20:24

Just reset and installed ScriptSafe. So will see if that does the trick...



the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)


Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

No it is not the router it's your host. I assume you already checked if there is any toolbar installed or not. Do a scan in safe mode too.

#10 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 05 August 2014 - 20:46

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

#11 mastercoms

mastercoms

    Expert Microsoft Fanboy & C# Coder

  • Tech Issues Solved: 3
  • Joined: 21-May 13
  • Location: Marietta, Georgia
  • OS: W8.1U1 + Fedora 20
  • Phone: Lumia 928 WP8.1U1 Black

Posted 05 August 2014 - 20:55

Use this:

http://www.safer-networking.org/



#12 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 05 August 2014 - 21:07

I would check the DNS settings in your router. Make sure they didn't get tampered with. Does your still have the default username and password?

 

If they did all computers connecting to it would use those same DNS numbers including your RT tablet.



#13 Walid W.

Walid W.

    I love Orcinus Orca

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 06 August 2014 - 08:39

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :p

 

LexL I am not pointing finger at you I am only talking in general.

 

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?



#14 Riggers

Riggers

    Neowinian

  • Tech Issues Solved: 4
  • Joined: 03-March 08

Posted 07 August 2014 - 20:10   Best Answer

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

Some recent examples and some of the routers affected. Turn off Remote Admin on your router if you don`t use it and it`s turned on by default.

https://www.gcpower.net/routers-getting-hacked/
http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/


#15 xrobwx

xrobwx

    Leave the gun. Take the cannoli.

  • Tech Issues Solved: 1
  • Joined: 14-June 03
  • Location: Panama City Beach, FL USA
  • OS: Win 8.1
  • Phone: Galaxy Note II

Posted 07 August 2014 - 20:24

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :p

 

LexL I am not pointing finger at you I am only talking in general.

 

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

My Dad had these same issues and I ran Malewarebytes and Hitman Pro to fix. I ran them both in safemode. Hitman would not even finish unless I ran it in safemode. After running them both in safemode. It was all clear.