| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 137450 | 2014-07-10 03:25:00 | Plagued by Pop-up ads and unwanted webpage redirects | Bob Kessler (9895) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1378898 | 2014-07-10 07:03:00 | As WT noted above, try AdwCleaner. (www.bleepingcomputer.com) Has removed PUP and Adware for me. | kahawai chaser (3545) | ||
| 1378899 | 2014-07-10 07:16:00 | Then tried Firefox again. Connected to the CNET downloads page (one that has been failing in the past) I would say this is where your problem started. AVOID this site / CNET and DON'T download anything off it. If you use their downloader, what they were doing, or probably still doing is they were repackaging valid downloads, and repackaging them with their own installers, and added malware to their installers. And I would also avoid filehippo. I read the other day they're starting to do the same thing. Or something similar to what CNET and download.com were doing / are doing now. And yup by startup entries if you've installed ccleaner, if you go to tools / startup. The entries you saw in hijackthis will appear here too |
Speedy Gonzales (78) | ||
| 1378900 | 2014-07-10 07:39:00 | Also, manually go through your browser addons, the dumb ones are listed and can be removed there. | pctek (84) | ||
| 1378901 | 2014-07-10 07:39:00 | Wandering if extensions or rogue search engine have sneaked in Firefox, maybe check extensions/search engine (unwanted) in FF settings. | kahawai chaser (3545) | ||
| 1378902 | 2014-07-10 08:22:00 | Wandering if extensions or rogue search engine have sneaked in Firefox, maybe check extensions/search engine (unwanted) in FF settings. While its in IE, chances are very high its also someplace else. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.findwide.com modern infections sometimes wont show in Hijackthis, but one is. Manual removal instructions, but one of the three programs I suggested before should catch it. malwaretips.com On that page, scroll right down, shows programs to run ( some I mentioned) as well as HitmanPro ( forgot that one - oops) I run them out of habit without having to think about it ;) |
wainuitech (129) | ||
| 1378903 | 2014-07-10 08:47:00 | CNET installer,has it been downloaded as this may be a problem See in the news that File Hippo has added a installer that add's crapware if you add it just noticed the second page |
Lawrence (2987) | ||
| 1378904 | 2014-07-10 11:00:00 | Thanks pctek - it looks like you solved my problem!! I checked my Firefox addons and found 3 Extensions I'd not seen there before (nor were they on my Windows8 pc) so I removed them. They were named dealsEak 1.6, realdEaal 1.9 and SoufTCoupp 3.12. Tried a few websites, including the troublesome CNET downloads site, and have experienced no more popups/redirects. More time will tell, but I feel confident - at least right now! So, my thanks to everyone who 'chipped in', especially you and Speedy Gonzales, for your help. And, Speedy, I'll follow your last advice to stop using CNET's Download page in the future as I fully agree that they make clicking on the wrong thing very easy! |
Bob Kessler (9895) | ||
| 1378905 | 2014-07-10 11:41:00 | I feel your pain Bob. :D Just gave up on my old HP with XP because it had suddenly slowed to being unuseable. I thought it was a conflict between the last Microsoft updates but now think a rootkit virus somehow sneaked in. So I took it to a doctor because its a good pc and useful to have as a spare for the teenagers. Ran Combofix which cured some problems but not enough. Mind you it could be a failing drive but if so it isn't obvious. Anyway, when downloading software always start at the developers site. Otherwise I use Majorgeeks but the important thing is to choose a custom install because then you can opt out from the toolbars etc they generously :D include. |
Winston001 (3612) | ||
| 1378906 | 2014-07-10 20:46:00 | No probs Bob ! | Speedy Gonzales (78) | ||
| 1378907 | 2014-07-11 04:25:00 | You need to carry on sorting this but once you do I can recommend adblock plus plug-in and the pop up blocker they make as well, I see little or no adds and annoying pop-ups not at all . Also while spybot was long one of the best tools it is no longer, MBAM is very likely to catch everything spybot will so no real point running spybot any more . There is one exception though, much like CCleaner spybot in advanced mode has a startup tool that lets you view, disable, or remove start-up entries and gives a description of many of them . It also bold's any entries that have recently changed . On the off chance that it's firefox that's playing up you could reset it to defaults, instructions here . mozilla . org/en-US/kb/reset-preferences-fix-problems" target="_blank">support . mozilla . org |
dugimodo (138) | ||
| 1 2 | |||||