A very frustrating Malware/Virus floating around lately that basically gives you strange random Adsense ads popups on basically any page and weird redirection when clicking on links.
Symptoms
- Redirected to Random sites when clicking on Links , Any link on any site ( I did notice that I was redirected to sites that contained commonly used search terms that I remember using in the past)
- Random little adsense popups on pretty much every site except for on my online banking webpage, Ads appeared on the bottom right of my screen usually those little iPhone shaped ads.
Why?
This malware is designed to make money for the creator through adsense revenue , so it doesn't seem particularly harmful but its very frustrating and as far as key logging or anything else goes I'm not sure how much info it can collect about you.
What didn't Work?
I tried quite a few virus / malware removal tools that failed to remove the issue
these are
- Kapersky Labs freeware Scan and Remove tools
-Adaware
- Spybot Search and Destroy
- Microsoft Security Essentials
- Malwarebytes
What worked?
The only tool that worked for me to remove the malware was ComboFix which can be downloaded from http://www.combofix.org/download.php
Every single virus removal forum I visited told me not to run this tool unless directed by a professional but in the end everyone seems to run it, Make sure that you disable any antivirus / malware software you have running, close all running programs and run at your own risk of course.
hooray that is the end, Yes I could've just told you the solution straight off
The cause with these ad popups in the bottom left and right corners of the browser is likely due to your hosts file being hijacked.. as in my case.
ReplyDeleteRogueKiller or MalwareBytes didn’t correct the problem for me as the permissions for the hosts file had been chanted to “Authenticated Users” only and the Read Only attribute was selected. This prevented anti-malware programs from fixing the hosts file.
My problem started with Recommended For You popups scrolling up from the bottom right corner of the browser window, followed a few weeks later by similar scroll ups from the left corner. And it didn’t matter which browser, Firefox or IE. The same results
The problem was the hosts file (path = C:\Windows\System32\drivers\etc) had been hijacked. Viewing the hosts file initially indicated it appeared OK, but on closer inspection I noticed the file was several pages long. Scrolling to the bottom through several lines of blank lines revealed the offending entries.
In addition, hosts file ownership and permissions had been hijacked and the only group with permissions to the file was “Authenticated Users” which means I was unable to delete or alter the file in any way including permissions, nor could I change the Read Only status.
The first step is to right click, select properties, open to the file security tab and remove the group “Authenticated Users” and update permissions to include “SYSTEM”, “Administrators” and “Users” groups. Give "SYSTEM and "Administrators” groups "Full Control” and the "Users" group "Read & execute" and "Read" permission only.
Second, remove the file “Read Only” attribute
Third, open Notepad as administrator (right Click and “Run As Administrator”) and modify the hosts file to remove the offending entries at the bottom of the file. Save the file. The problem should now be solved with those annoying popups’ gone forever.
thanks Anon, very detailed
ReplyDeleteA detailed explanation Anonymous
ReplyDeleteI carried out the changes you mentioned in the security setting and deleted all suspicious users but when I checked the host file it had no extra entries.