• 0

Adfoc.us and adfly and every other popup?!


Go to solution Solved by Riggers,

Question

LexL

So I have recently been getting pop ups Usually when surfing around the net and the popups either start talking at me telling me how "adfoc.us is a revolutionary way to make money on the internet" amongst many others.

 

I have used Adwcleaner and it did find things and remove them but i am still getting the pop ups on both browsers (mostly chrome though)

 

I use both Chrome and IE. running Windows 8.1, 

 

I have run mal-ware and anti-virus scans but they detect nothing. The only program that has detected anything is adwcleaner. 

 

Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too..

 

So what am I left with?

 

Anyone know of a scanner that might find this ad-ware and remove it or am i looking at a format.... I would really hate a format, took me an age to setup 8.1

 

Thanks

 

Link to post
Share on other sites

15 answers to this question

Recommended Posts

  • 0
Riggers

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

Some recent examples and some of the routers affected. Turn off Remote Admin on your router if you don`t use it and it`s turned on by default.

https://www.gcpower.net/routers-getting-hacked/
http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/
Link to post
Share on other sites
  • 0
simonlang

adfly is one of the most annoying things i ever seen online ...

Link to post
Share on other sites
  • 0
nabz0r

Scan your pc with this.

https://www.malwarebytes.org

Link to post
Share on other sites
  • 0
nabz0r

Is there any toolbar installed on your system? Removing them usually helps and there should be extensions too, remove it. I will try to use a pc in a bit to be able to help you more (on phone now)

 

Edit: Do you have Adblock+? That will stop the pop up but it will not stop the script and for that the best choice is noscript for firefox and ScriptSafe for chrome will do the job.

 

Edit1:

Yeah tried that already - it found nothing.

Did you run it in safe mode? If not try it

Link to post
Share on other sites
  • 0
+BudMan

"Usually when surfing around the net"

"Oddly enough the problem is also occurring on my other networked computers, one of them being a Windows Surface RT! How?

This is also happening on a laptop on the network too.."

This points to something other than infection then.. Sure its just not a site your visiting that has them as ads?

I would boot a LiveCD - does it happen then?

Link to post
Share on other sites
  • 0
LexL

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

Link to post
Share on other sites
  • 0
+BudMan

Did you boot a liveCD and see if your still getting the issue? What are you using for dns?

Its not out of the realm of possibility - what is your router?

Example of router exploit, etc.

http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/

Link to post
Share on other sites
  • 0
nabz0r

Just reset and installed ScriptSafe. So will see if that does the trick...

the last time the pop up occurred i was at www.o2.co.uk (Mobile/Cell Phone network provider for those that don't know)

Is it possible the router could have picked up some sort of malicious code? Didnt think that would be possible

No it is not the router it's your host. I assume you already checked if there is any toolbar installed or not. Do a scan in safe mode too.
Link to post
Share on other sites
  • 0
+BudMan

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

Link to post
Share on other sites
  • 0
+warwagon

I would check the DNS settings in your router. Make sure they didn't get tampered with. Does your still have the default username and password?

 

If they did all computers connecting to it would use those same DNS numbers including your RT tablet.

Link to post
Share on other sites
  • 0
nabz0r

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :P

 

LexL I am not pointing finger at you I am only talking in general.

 

"No it is not the router it's your host."

But according to the OP its multiple hosts.. Simple enough to rule out outside issues with just booting a liveCD would know that its not something with the OS. While I agree its most likely not the router infected. When there is multiple hosts hard to know for sure something outside the hosts is not the cause - running something that is known for sure to be clean like something booted with liveCD would rule out that - or help us narrow down what could be causing it.

For example what is being used for DNS? Is there a proxy being used? That could be common between the hosts?

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

Link to post
Share on other sites
  • 0
+xrobwx71

I am kind of sure it's not his router. Mostly it's users mistake either they download something without reading (hitting next, next, finish) or they visit a suspicious website and they get infected and I meant hosts not host. :p

 

LexL I am not pointing finger at you I am only talking in general.

 

^ This

 

Now in your case, have you installed something in all your hosts recently? How long did you have the problem? Did you check if there is any toolbar installed in your PC? Have you removed/disabled the extentions? Did you run your AV and Adware in safe mode?

My Dad had these same issues and I ran Malewarebytes and Hitman Pro to fix. I ran them both in safemode. Hitman would not even finish unless I ran it in safemode. After running them both in safemode. It was all clear.

Link to post
Share on other sites
  • 0
LexL

 

Someone i know has just had his router DNS changed via an exploit and that was serving up loads of Adds as well as multiple malware links.

 

So after Flashign my Router with DDWRT.

I discovered that the DNS settings had been changed to :

 

107.170.189.30

107.170.245.37

 

It was this causign these popups. I have changed the router admin password with one that is less "hackable". Quite sneaky, change routers DNS settings so that web browsers on every device attached is directed to these adfocus sites where the advertiser gets paid for the link being visited...

 

Much Smarts, Such Fraud

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Copernic
      Google Chrome 89.0.4389.114 (offline installer)
      by Razvan Serea



      The web browser is arguably the most important piece of software on your computer. You spend much of your time online inside a browser: when you search, chat, email, shop, bank, read the news, and watch videos online, you often do all this using a browser.

      Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Use one box for everything--type in the address bar and get suggestions for both search and Web pages. Thumbnails of your top sites let you access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop. Chrome has many useful features built in, including automatic full-page translation and access to thousands of apps, extensions, and themes from the Chrome Web Store.

      Google Chrome is one of the best solutions for Internet browsing giving you high level of security, speed and great features.

      Important to know! The offline installer links do not include the automatic update feature.

      Download web installer: Google Chrome Web 32-bit | Google Chrome 64-bit | Freeware
      Download: Google Chrome Offline Installer 32-bit | 66.3 MB
      Download: Google Chrome Offline Installer 64-bit | 68.6 MB
      Download: Google Chrome MSI Installers for Windows (automatic update)
      View: Chrome Website | v89.0.4389.114 Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Pale Moon 29.1.1
      by Razvan Serea



      Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser!

      Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browsers speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.

      Features:

      Optimized for modern processors Based on proprietary optimized layout engine (Goanna) Safe: forked from mature Mozilla code and regularly updated Secure: Additional security features and security-aware development Supported by our user community, and fully non-profit Familiar, efficient, fully customizable interface Support for full themes: total freedom over any elements design Support for easily-created lightweight themes (skins) Smooth and speedy page drawing and script processing Increased stability: experience fewer browser crashes Support for many Firefox extensions Support for a growing number of Pale Moon exclusive extensions Extensive and growing support for HTML5 and CSS3 Many customization and configuration options Pale Moon 29.1.1 changes/fixes:

      Updated NSS to fix certificate import and keygen regressions. Removed restrictions for units of width/height attributes on SVG elements. Enabled scrollbar-width CSS keyword by default. Security issues addressed: CVE-2021-23981 and a DiD fix for potential document parser confusion. Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 9 not applicable. Download: Pale Moon (32-bit) | Portable 32-bit | ~40.0 MB (Freeware)
      Download: Pale Moon (64-bit) | Portable 64-bit
      Links: Pale Moon Homepage | Add-ons | Themes | Extensions

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Firefox 87.0
      by Razvan Serea



      Firefox is a fast, full-featured Web browser. It offers great security, privacy, and protection against viruses, spyware, malware, and it can also easily block pop-up windows. The key features that have made Firefox so popular are the simple and effective UI, browser speed and strong security capabilities.

      Firefox has complete features for browsing the Internet. It is very reliable and flexible due to its implemented security features, along with customization options. Firefox includes pop-up blocking, tab-browsing, integrated Google search, simplified privacy controls, a streamlined browser window that shows you more of the page than any other browser and a number of additional features that work with you to help you get the most out of your time online.

      What's new in Firefox 87.0:

      You’ll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. To further protect your privacy, our new default HTTP Referrer policy will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data. The “Highlight All” feature on Find in Page now displays tick marks alongside your scrollbar that correspond to the location of matches found on that page. We’re proud to announce full support for macOS built-in screen reader, VoiceOver. We’ve added a new locale: Silesian (szl) We’ve fixed several significant accessibility issues:

      Video controls now have visible focus styling and video and audio controls are now keyboard navigable. (Bug 1681007) HTML < meter > is now spoken by screen readers. (Bug 1460378) Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537) Firefox will now fire a name/description change event when aria-labelledby/describedby content changes. (Bug 493683) Various security fixes. Changed:

      To prevent user data loss when filling out forms, we’ve disabled the Backspace key as a navigation shortcut for the back navigation button. To re-enable the Backspace keyboard shortcut, you can change the about:config preference browser.backspace_action to 0. You can also use the recommended Alt + Left arrow (Command + Left arrow on Mac) shortcut instead. Firefox keyboard shortcuts We've removed items from the Library menu that weren't used often or have other access points in the browser: Synced tabs, Recent highlights, and Pocket list. We've simplified the Help menu by reducing redundant items, such as those that point to Firefox support pages that can also be accessed via the Get Help item. Enterprise:

      Various bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 87 Release Notes. Developer infromation:

      We've greatly simplified the Web Developer menu. Go to Application Menu > Web Developer > Web Developer Tools to access Inspector, Web Console, Debugger, Network Style Error, Performance, Storage Inspector, Accessibility, and Application Developers can now use the Page Inspector to simulate prefers-color-scheme media queries, without having to change the operating system to light or dark mode. Developers can now use the Page Inspector to toggle the :target pseudo-class for the currently selected element in addition to the pseudo-classes that were previously supported: :hover, :active and :focus, :focus-within, :focus-visible, and :visited. There is a number of Page Inspector improvements and bug fixes related to inactive CSS rules:

      The table-layout property is now marked as inactive for non-table elements. The scroll-padding properties (shorthand and longhand) are now marked as inactive for non-scrollable elements. The text-overflow property was previously incorrectly marked as inactive for some overflow values. Download: Firefox 87.0for Windows | Firefox 64-bit | ~50.0 MB (Freeware)
      Download: Firefox 87.0 for Linux | 64-bit | ~70.0 MB
      Download: Firefox 87.0 for MacOS | 125.0 MB
      View: Firefox Home Page | Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Basilisk 2021.03.17
      by Razvan Serea



      Basilisk is a free and Open Source XUL-based web browser created by the developers of the Pale Moon browser. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.

      Basilisk as an application is primarily a vessel for development of the XUL platform it builds upon, and additionally a potential replacement for Firefox to retain the use of Firefox Extensions. It aims to retain useful technologies that its sibling Firefox has removed.

      Requires Windows 7 or later. Windows XP or Windows Vista are not supported.

      Main features:

      Full support for JavaScript's ECMAscript 6 standard for modern web browsing. Support for all NPAPI plugins (Unity, Silverlight, Flash, Java, authentication plugins, etc.). Support for XUL/Overlay Mozilla-style extensions. Experimental support for WebExtensions (in gecko-target mode). Please note that some Mozilla-specific WebExtension APIs are not yet available. Support for ALSA on Linux. Support for WebAssembly (WASM). Support for advanced Graphite font shaping features. Support for modern web cryptography: up to TLS 1.3, modern ciphers, HSTS, etc. Important differences with Mozilla Firefox:

      Uses Goanna as a layout and rendering engine. Goanna behaves slightly differently than Gecko in certain respects and may result in different display of web pages. e.g.: Goanna renders gradients in a more accurate color space (non-premultiplied). Builds on UXP, our XUL platform in development. As such XUL is alive and well in this browser and will not be deprecated. Has some long-standing known issues with the Mozilla code-base fixed (e.g. CVE-2009-1232). Does not use Rust or the Photon user interface. You can expect a familiar interface as-carried by Firefox between v29 and v56. Does not use Electrolysis (e10s, multi-process browsing). Does not require walled-garden extension signing. Basilisk 2021.03.17 changelog:

      Changed the version of NSS to a custom build to address certificate import and (hopefully also) keygen issues.

      Updated the embedded emoji font for Yet More Professions With All Skin Colors&tm;.

      Updated the YouTube Studio useragent for compatibility.

      Download: Basilisk 2021.03.17 (32-bit) | Portable | ~50.0 MB (Open Source)
      Download: Basilisk 2021.03.17 (64-bit) | Portable
      View: Basilisk Website

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Copernic
      Google Chrome 89.0.4389.90 (offline installer)
      by Razvan Serea



      The web browser is arguably the most important piece of software on your computer. You spend much of your time online inside a browser: when you search, chat, email, shop, bank, read the news, and watch videos online, you often do all this using a browser.

      Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Use one box for everything--type in the address bar and get suggestions for both search and Web pages. Thumbnails of your top sites let you access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop. Chrome has many useful features built in, including automatic full-page translation and access to thousands of apps, extensions, and themes from the Chrome Web Store.

      Google Chrome is one of the best solutions for Internet browsing giving you high level of security, speed and great features.

      Important to know! The offline installer links do not include the automatic update feature.

      Download web installer: Google Chrome Web 32-bit | Google Chrome 64-bit | Freeware
      Download: Google Chrome Offline Installer 32-bit | 66.3 MB
      Download: Google Chrome Offline Installer 64-bit | 68.7 MB
      Download: Google Chrome MSI Installers for Windows (automatic update)
      View: Chrome Website | v89.0.4389.90 Release Notes

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware