Author Topic: LinkBucks adware - how to remove?  (Read 11589 times)

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20149
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
LinkBucks adware - how to remove?
« on: April 26, 2010, 10:18:38 PM »
Hi forum friends,

Page opened up: htxp://a1b08eb4.linkbucks.com/

How to get this from your computer? Blocked it with NoScript,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24930
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: LinkBucks adware - how to remove?
« Reply #1 on: April 27, 2010, 12:24:00 PM »
Hi forum friends,
Page opened up: htxp://a1b08eb4.linkbucks.com/
How to get this from your computer? Blocked it with NoScript,
polonus

Did you get this from surfing a hacked site..? http://wordpress.org/support/topic/377664
Or did you mean it opens from your pc? Check your hosts file!
Or didn't i get your question right..?
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline superhacker

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • Gender: Male
  • superhacker != super mario
    • Shift Style
    • Personal Message (Offline)
Re: LinkBucks adware - how to remove?
« Reply #2 on: April 27, 2010, 12:31:37 PM »
polonus+infected pc=CONFUSED ??? ???
what is the question,or what do you mean :-\
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24930
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: LinkBucks adware - how to remove?
« Reply #3 on: April 27, 2010, 12:55:57 PM »
polonus+infected pc=CONFUSED ??? ???

Yes, i wonder, too. :(
But it can happen to all of us unexpected...
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20149
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: LinkBucks adware - how to remove?
« Reply #4 on: April 27, 2010, 01:35:35 PM »
Hi Asyn,

It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll's, nothing there, nor anything out of the ordinary seen to processes in Process Explorer. This is closest to what I experienced the Rapidshare annoyment:
http://www.technize.com/remove-waiting-time-in-rapidshare-and-other-sites/
SkipScreen, a free firefox extension, comes to help here. SkipScreen is a firefox extension that bypasses the waiting time on Rapidshare and many other sites. The list of sites is given below:

zShare
Mediafire
Sendspace
Sharebee
Rapidshare
Megaupload
DepositFiles
Linkbucks
Link-protector
This add-on is controversial Re: http://www.maximumpc.com/article/news/mediafire_not_too_happy_about_skipscreen_firefox_addon

polonus
« Last Edit: April 27, 2010, 01:41:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • Gender: Male
  • superhacker != super mario
    • Shift Style
    • Personal Message (Offline)
Re: LinkBucks adware - how to remove?
« Reply #5 on: April 27, 2010, 03:20:16 PM »
I wish it is just an annoy made by download websites.
anyway we all get some of those from time to time
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20149
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: LinkBucks adware - how to remove?
« Reply #6 on: April 27, 2010, 05:54:08 PM »
Hi superhacker,

It is annoying. Here is a removal script  for those that have it on their websites:
http://userscripts.org/scripts/review/56273

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • Gender: Male
  • superhacker != super mario
    • Shift Style
    • Personal Message (Offline)
Re: LinkBucks adware - how to remove?
« Reply #7 on: April 27, 2010, 05:54:52 PM »
thanks ;)
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20149
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: LinkBucks adware - how to remove?
« Reply #8 on: April 27, 2010, 07:49:54 PM »
Hi Superhacker,

Here you have this same code compressed:
Code: [Select]
var url=document.URL.split("url/")[1];window.location=url;
pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24930
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: LinkBucks adware - how to remove?
« Reply #9 on: April 27, 2010, 11:23:29 PM »
Hi Asyn,
It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll's, nothing there, nor anything out of the ordinary seen to processes in Process Explorer.

Hi D, good you could catch it early enough..!! :)
(Malware Domains Filter Abo for AB+ http://malwaredomains.lanik.us/malwaredomains_full.txt)
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now