Author Topic: LinkBucks adware - how to remove?  (Read 17125 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
LinkBucks adware - how to remove?
« on: April 27, 2010, 12:18:38 AM »
Hi forum friends,

Page opened up: htxp://a1b08eb4.linkbucks.com/

How to get this from your computer? Blocked it with NoScript,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: LinkBucks adware - how to remove?
« Reply #1 on: April 27, 2010, 02:24:00 PM »
Hi forum friends,
Page opened up: htxp://a1b08eb4.linkbucks.com/
How to get this from your computer? Blocked it with NoScript,
polonus

Did you get this from surfing a hacked site..? http://wordpress.org/support/topic/377664
Or did you mean it opens from your pc? Check your hosts file!
Or didn't i get your question right..?
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: LinkBucks adware - how to remove?
« Reply #2 on: April 27, 2010, 02:31:37 PM »
polonus+infected pc=CONFUSED ??? ???
what is the question,or what do you mean :-\
Dreams don't die, they just fall asleep.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: LinkBucks adware - how to remove?
« Reply #3 on: April 27, 2010, 02:55:57 PM »
polonus+infected pc=CONFUSED ??? ???

Yes, i wonder, too. :(
But it can happen to all of us unexpected...
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: LinkBucks adware - how to remove?
« Reply #4 on: April 27, 2010, 03:35:35 PM »
Hi Asyn,

It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll's, nothing there, nor anything out of the ordinary seen to processes in Process Explorer. This is closest to what I experienced the Rapidshare annoyment:
http://www.technize.com/remove-waiting-time-in-rapidshare-and-other-sites/
SkipScreen, a free firefox extension, comes to help here. SkipScreen is a firefox extension that bypasses the waiting time on Rapidshare and many other sites. The list of sites is given below:

zShare
Mediafire
Sendspace
Sharebee
Rapidshare
Megaupload
DepositFiles
Linkbucks
Link-protector
This add-on is controversial Re: http://www.maximumpc.com/article/news/mediafire_not_too_happy_about_skipscreen_firefox_addon

polonus
« Last Edit: April 27, 2010, 03:41:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: LinkBucks adware - how to remove?
« Reply #5 on: April 27, 2010, 05:20:16 PM »
I wish it is just an annoy made by download websites.
anyway we all get some of those from time to time
Dreams don't die, they just fall asleep.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: LinkBucks adware - how to remove?
« Reply #6 on: April 27, 2010, 07:54:08 PM »
Hi superhacker,

It is annoying. Here is a removal script  for those that have it on their websites:
http://userscripts.org/scripts/review/56273

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: LinkBucks adware - how to remove?
« Reply #7 on: April 27, 2010, 07:54:52 PM »
thanks ;)
Dreams don't die, they just fall asleep.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: LinkBucks adware - how to remove?
« Reply #8 on: April 27, 2010, 09:49:54 PM »
Hi Superhacker,

Here you have this same code compressed:
Code: [Select]
var url=document.URL.split("url/")[1];window.location=url;
pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: LinkBucks adware - how to remove?
« Reply #9 on: April 28, 2010, 01:23:29 AM »
Hi Asyn,
It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll's, nothing there, nor anything out of the ordinary seen to processes in Process Explorer.

Hi D, good you could catch it early enough..!! :)
(Malware Domains Filter Abo for AB+ http://malwaredomains.lanik.us/malwaredomains_full.txt)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0