Adfoc.us and adfly and every other popup?!

[OP LexL 3]

So I have recently been getting pop ups Usually when surfing around the net and the popups either start talking at me telling me how "adfoc.us is a revolutionary way to make money on the internet" amongst many others.

 

I have used Adwcleaner and it did find things and remove them but i am still getting the pop ups on both browsers (mostly chrome though)

 

I use both Chrome and IE. running Windows 8.1, 

 

I have run mal-ware and anti-virus scans but they detect nothing. The only program that has detected anything is adwcleaner. 

 

Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too..

 

So what am I left with?

 

Anyone know of a scanner that might find this ad-ware and remove it or am i looking at a format.... I would really hate a format, took me an age to setup 8.1

 

Thanks

 

[rocket_fuel 524]

adfly is one of the most annoying things i ever seen online ...

[Walid W. 134]

Scan your pc with this.

https://www.malwarebytes.org

[OP LexL 3]

 

 

Scan your pc with this.

https://www.malwarebytes.org

 

Yeah tried that already - it found nothing.

[Walid W. 134]

Is there any toolbar installed on your system? Removing them usually helps and there should be extensions too, remove it. I will try to use a pc in a bit to be able to help you more (on phone now)

 

Edit: Do you have Adblock+? That will stop the pop up but it will not stop the script and for that the best choice is noscript for firefox and ScriptSafe for chrome will do the job.

 

Edit1:

Yeah tried that already - it found nothing.

Did you run it in safe mode? If not try it

[+BudMan 2,418]

"Usually when surfing around the net"

"Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too.."

This points to something other than infection then.. Sure its just not a site your visiting that has them as ads?

I would boot a LiveCD - does it happen then?

[OP LexL 3]

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

[+BudMan 2,418]

Did you boot a liveCD and see if your still getting the issue? What are you using for dns?

Its not out of the realm of possibility - what is your router?

Example of router exploit, etc.

http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/

[Walid W. 134]

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

No it is not the router it's your host. I assume you already checked if there is any toolbar installed or not. Do a scan in safe mode too.

[+BudMan 2,418]

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

[mastercoms 434]

Use this:

http://www.safer-networking.org/

[+warwagon 7,451]

I would check the DNS settings in your router. Make sure they didn't get tampered with. Does your still have the default username and password?

 

If they did all computers connecting to it would use those same DNS numbers including your RT tablet.

[Walid W. 134]

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :P

 

LexL I am not pointing finger at you I am only talking in general.

 

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

[Riggers 100]

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

Some recent examples and some of the routers affected. Turn off Remote Admin on your router if you don`t use it and it`s turned on by default.

https://www.gcpower.net/routers-getting-hacked/

http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/

[xrobwx 628]

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :p

 

LexL I am not pointing finger at you I am only talking in general.

 

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

My Dad had these same issues and I ran Malewarebytes and Hitman Pro to fix. I ran them both in safemode. Hitman would not even finish unless I ran it in safemode. After running them both in safemode. It was all clear.

[OP LexL 3]

 

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

So after Flashign my Router with DDWRT.

I discovered that the DNS settings had been changed to :

 

107.170.189.30

107.170.245.37

 

It was this causign these popups. I have changed the router admin password with one that is less "hackable". Quite sneaky, change routers DNS settings so that web browsers on every device attached is directed to these adfocus sites where the advertiser gets paid for the link being visited...

 

Much Smarts, Such Fraud