• 0

Adfoc.us and adfly and every other popup?!


Go to solution Solved by Riggers,

Question

LexL

So I have recently been getting pop ups Usually when surfing around the net and the popups either start talking at me telling me how "adfoc.us is a revolutionary way to make money on the internet" amongst many others.

 

I have used Adwcleaner and it did find things and remove them but i am still getting the pop ups on both browsers (mostly chrome though)

 

I use both Chrome and IE. running Windows 8.1, 

 

I have run mal-ware and anti-virus scans but they detect nothing. The only program that has detected anything is adwcleaner. 

 

Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too..

 

So what am I left with?

 

Anyone know of a scanner that might find this ad-ware and remove it or am i looking at a format.... I would really hate a format, took me an age to setup 8.1

 

Thanks

 

Link to post
Share on other sites

15 answers to this question

Recommended Posts

  • 0
Riggers

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

Some recent examples and some of the routers affected. Turn off Remote Admin on your router if you don`t use it and it`s turned on by default.

https://www.gcpower.net/routers-getting-hacked/
http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/
Link to post
Share on other sites
  • 0
simonlang

adfly is one of the most annoying things i ever seen online ...

Link to post
Share on other sites
  • 0
nabz0r

Scan your pc with this.

https://www.malwarebytes.org

Link to post
Share on other sites
  • 0
nabz0r

Is there any toolbar installed on your system? Removing them usually helps and there should be extensions too, remove it. I will try to use a pc in a bit to be able to help you more (on phone now)

 

Edit: Do you have Adblock+? That will stop the pop up but it will not stop the script and for that the best choice is noscript for firefox and ScriptSafe for chrome will do the job.

 

Edit1:

Yeah tried that already - it found nothing.

Did you run it in safe mode? If not try it

Link to post
Share on other sites
  • 0
+BudMan

"Usually when surfing around the net"

"Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too.."

This points to something other than infection then.. Sure its just not a site your visiting that has them as ads?

I would boot a LiveCD - does it happen then?

Link to post
Share on other sites
  • 0
LexL

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

Link to post
Share on other sites
  • 0
+BudMan

Did you boot a liveCD and see if your still getting the issue? What are you using for dns?

Its not out of the realm of possibility - what is your router?

Example of router exploit, etc.

http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/

Link to post
Share on other sites
  • 0
nabz0r

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

No it is not the router it's your host. I assume you already checked if there is any toolbar installed or not. Do a scan in safe mode too.
Link to post
Share on other sites
  • 0
+BudMan

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

Link to post
Share on other sites
  • 0
+warwagon

I would check the DNS settings in your router. Make sure they didn't get tampered with. Does your still have the default username and password?

 

If they did all computers connecting to it would use those same DNS numbers including your RT tablet.

Link to post
Share on other sites
  • 0
nabz0r

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :P

 

LexL I am not pointing finger at you I am only talking in general.

 

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

Link to post
Share on other sites
  • 0
+xrobwx71

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :p

 

LexL I am not pointing finger at you I am only talking in general.

 

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

My Dad had these same issues and I ran Malewarebytes and Hitman Pro to fix. I ran them both in safemode. Hitman would not even finish unless I ran it in safemode. After running them both in safemode. It was all clear.

Link to post
Share on other sites
  • 0
LexL

 

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

So after Flashign my Router with DDWRT.

I discovered that the DNS settings had been changed to :

 

107.170.189.30

107.170.245.37

 

It was this causign these popups. I have changed the router admin password with one that is less "hackable". Quite sneaky, change routers DNS settings so that web browsers on every device attached is directed to these adfocus sites where the advertiser gets paid for the link being visited...

 

Much Smarts, Such Fraud

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Copernic
      Firefox 85.0 released for download
      by Razvan Serea



      Firefox is a fast, full-featured Web browser. It offers great security, privacy, and protection against viruses, spyware, malware, and it can also easily block pop-up windows. The key features that have made Firefox so popular are the simple and effective UI, browser speed and strong security capabilities.

      Firefox has complete features for browsing the Internet. It is very reliable and flexible due to its implemented security features, along with customization options. Firefox includes pop-up blocking, tab-browsing, integrated Google search, simplified privacy controls, a streamlined browser window that shows you more of the page than any other browser and a number of additional features that work with you to help you get the most out of your time online.

      Note: Firefox 85.0 changelog is not yet available.

      Download: Firefox 85.0 for Windows | Firefox 64-bit | ~50.0 MB (Freeware)
      Download: Firefox 85.0 for Linux | 64-bit | ~70.0 MB
      Download: Firefox 85.0 for MacOS | 124.0 MB
      View: Firefox Home Page | Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Google Chrome 88 (offline installer)
      by Razvan Serea



      The web browser is arguably the most important piece of software on your computer. You spend much of your time online inside a browser: when you search, chat, email, shop, bank, read the news, and watch videos online, you often do all this using a browser.

      Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Use one box for everything--type in the address bar and get suggestions for both search and Web pages. Thumbnails of your top sites let you access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop. Chrome has many useful features built in, including automatic full-page translation and access to thousands of apps, extensions, and themes from the Chrome Web Store.

      Google Chrome is one of the best solutions for Internet browsing giving you high level of security, speed and great features.

      Important to know! The offline installer links do not include the automatic update feature.

      Download web installer: Google Chrome Web 32-bit | Google Chrome 64-bit | Freeware
      Download: Google Chrome Offline Installer 32-bit | 65.1 MB
      Download: Google Chrome Offline Installer 64-bit | 67.6 MB
      Download: Google Chrome MSI Installers for Windows (automatic update)
      View: Chrome Website | v88.0.4324.104 Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Google Chrome 87.0.4280.141 (offline installer)
      by Razvan Serea



      The web browser is arguably the most important piece of software on your computer. You spend much of your time online inside a browser: when you search, chat, email, shop, bank, read the news, and watch videos online, you often do all this using a browser.

      Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Use one box for everything--type in the address bar and get suggestions for both search and Web pages. Thumbnails of your top sites let you access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop. Chrome has many useful features built in, including automatic full-page translation and access to thousands of apps, extensions, and themes from the Chrome Web Store.

      Google Chrome is one of the best solutions for Internet browsing giving you high level of security, speed and great features.

      Important to know! The offline installer links do not include the automatic update feature.

      Download web installer: Google Chrome Web 32-bit | Google Chrome 64-bit | Freeware
      Download: Google Chrome Offline Installer 32-bit | 64.1 MB
      Download: Google Chrome Offline Installer 64-bit | 66.5 MB
      Download: Google Chrome MSI Installers for Windows (automatic update)
      View: Chrome Website | v87.0.4280.141 Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Firefox 84.0.2
      by Razvan Serea



      Firefox is a fast, full-featured Web browser. It offers great security, privacy, and protection against viruses, spyware, malware, and it can also easily block pop-up windows. The key features that have made Firefox so popular are the simple and effective UI, browser speed and strong security capabilities.

      Firefox has complete features for browsing the Internet. It is very reliable and flexible due to its implemented security features, along with customization options. Firefox includes pop-up blocking, tab-browsing, integrated Google search, simplified privacy controls, a streamlined browser window that shows you more of the page than any other browser and a number of additional features that work with you to help you get the most out of your time online.

      Firefox 84.0.2 fixes:

      Security fix Download: Firefox 84.0.2 for Windows | Firefox 64-bit | ~50.0 MB (Freeware)
      Download: Firefox 84.0.2 for Linux | 64-bit | ~70.0 MB
      Download: Firefox 84.0.2 for MacOS | 126.0 MB
      View: Firefox Home Page | Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Basilisk 2021.01.05
      by Razvan Serea



      Basilisk is a free and Open Source XUL-based web browser created by the developers of the Pale Moon browser. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.

      Basilisk as an application is primarily a vessel for development of the XUL platform it builds upon, and additionally a potential replacement for Firefox to retain the use of Firefox Extensions. It aims to retain useful technologies that its sibling Firefox has removed.

      Requires Windows 7 or later. Windows XP or Windows Vista are not supported.

      Main features:

      Full support for JavaScript's ECMAscript 6 standard for modern web browsing. Support for all NPAPI plugins (Unity, Silverlight, Flash, Java, authentication plugins, etc.). Support for XUL/Overlay Mozilla-style extensions. Experimental support for WebExtensions (in gecko-target mode). Please note that some Mozilla-specific WebExtension APIs are not yet available. Support for ALSA on Linux. Support for WebAssembly (WASM). Support for advanced Graphite font shaping features. Support for modern web cryptography: up to TLS 1.3, modern ciphers, HSTS, etc. Important differences with Mozilla Firefox:

      Uses Goanna as a layout and rendering engine. Goanna behaves slightly differently than Gecko in certain respects and may result in different display of web pages. e.g.: Goanna renders gradients in a more accurate color space (non-premultiplied). Builds on UXP, our XUL platform in development. As such XUL is alive and well in this browser and will not be deprecated. Has some long-standing known issues with the Mozilla code-base fixed (e.g. CVE-2009-1232). Does not use Rust or the Photon user interface. You can expect a familiar interface as-carried by Firefox between v29 and v56. Does not use Electrolysis (e10s, multi-process browsing). Does not require walled-garden extension signing. Basilisk 2021.01.05 changelog:

      Fixed the display of dates and times to honor what the user has set in their regional settings. Disabled the use of the legacy database format for stored passwords and certificates. Worked around crashes and run-time issues with module scripts. Moved the global user-agent override to the networking component. Please note that this may interfere with some "user agent spoofing" extensions. Fixed a website layout issue with table-styled elements potentially overlapping when placed inside a flexbox. Updated the list of prohibited ports the browser can use. Updated NSS to 3.59.1 Security issues fixed: CVE-2020-26978 and CVE-2020-35112. Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 16 not applicable. Download: Basilisk 2021.01.05 (32-bit) | Portable | ~50.0 MB (Open Source)
      Download: Basilisk 2021.01.05 (64-bit) | Portable
      View: Basilisk Website

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware