Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on August 09, 2015, 01:21:11 PM
-
My HP laptops browsers & Android Browsers got infected first . Chrome was badly hit by pop ups on almost every click.
Any site redirects automatically to the URL starting from ad-type.google.com and then redirecting to Total Ad Performance.com.
I cleaned all extensions from chrome, blocked pop ups, checked all necessary steps to stop these pop us, deleted cache cookies etc. , No useless software or toolbar.
Added Ad Block Plus to Chrome,Scanned with Malware bytes & Avast Security.
As of now i'm a bit relieved as less pop ups are coming but once in 5 min a pop up from Total ad performance comes and avast blocks it as Malware.
But my android Xiaomi Mi3 is badly hit. Chrome ,mozilla , local native Browser ,UC Browser all are getting pop ups at every click.
Finally i decided to factory reset my device (it took guts as i wasted 3 hours in backup and reinstalling)
But still still still even after hard reset browsers had pop ups.
Please suggest me what to do. Im really scared
Thank you
Sagar
-
Reset chrome to defaults and see if that works
-
But my android Xiaomi Mi3 is badly hit. Chrome ,mozilla , local native Browser ,UC Browser all are getting pop ups at every click.
Please suggest me what to do. Im really scared
Restore to factory default ..... http://lmgtfy.com/?q=Xiaomi+Mi3+factory+restore
-
@ESSEXBOY- Done it already. Result was the same.
-
But my android Xiaomi Mi3 is badly hit. Chrome ,mozilla , local native Browser ,UC Browser all are getting pop ups at every click.
Please suggest me what to do. Im really scared
Restore to factory default ..... http://lmgtfy.com/?q=Xiaomi+Mi3+factory+restore
Done it already sir.. Still result was the same
-
hmmm .... buy WindowsPhone ;)
Android forum section and sub forums are located here, maybe somone there know
Avast Mobile Products https://forum.avast.com/index.php?board=66.0
-
Did you root your phone before getting infected?
-
Did you root your phone before getting infected?
No my phone is not rooted.
I had installed windows 7 ultimate (not original ) in my laptop before this problem started.
i had downloaded a multiple drivers online.
-
Laptop Avast security blocking pop up as Infection Malware
-
Laptop Avast security blocking pop up as Infection Malware
what popup .... post screenshot
-
Laptop Avast security blocking pop up as Infection Malware
what popup .... post screenshot
-
Every time redirects to different ads.
Opens by some URL like dis-
http://ad-type.google.comhttp://ad-type.google.com/sh.aspx?f=popup-u&h=c8d5ad7d804ba49015d1b83443fbc54d
Then redirects to
http://www.totaladperformance.com/a/display.php?r=425636
and then comes ads
-
I'm facing the same problem .. i've tried everything possible and it's still the same :( >:(
-
No help with android but if you run an FRST scan on the windows system I will take a look
-
No help with android but if you run an FRST scan on the windows system I will take a look
Thanks for the help sir.
il just scan and upload in a minute.
One new thing i discovered.This pop up virus is now in very android phone and laptop in my house.
My parents also cribbing about Total Ad performance pop ups. We use a common wifi at home.
-
Both the files added as an attachment.
-
Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks (http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816)
2. Then I need you to go Google Sync (https://www.google.com/settings/chrome/sync) and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome (https://www.google.com/intl/en/chrome/browser/)
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
2015-08-04 23:58 - 2015-08-04 23:58 - 00003162 _____ C:\Windows\System32\Tasks\{C0084FC8-7928-41BB-A301-D9E07A30451F}
2015-08-04 23:58 - 2015-08-04 23:58 - 00000000 _____ C:\autoexec.bat
2015-08-04 23:46 - 2015-08-04 23:46 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-04 23:44 - 2015-08-04 23:44 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
FINALLY
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[cx].txt as well.
-
FixLog.txt
-
Adw Cleaner log
-
Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks (http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816)
2. Then I need you to go Google Sync (https://www.google.com/settings/chrome/sync) and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome (https://www.google.com/intl/en/chrome/browser/)
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
2015-08-04 23:58 - 2015-08-04 23:58 - 00003162 _____ C:\Windows\System32\Tasks\{C0084FC8-7928-41BB-A301-D9E07A30451F}
2015-08-04 23:58 - 2015-08-04 23:58 - 00000000 _____ C:\autoexec.bat
2015-08-04 23:46 - 2015-08-04 23:46 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-04 23:44 - 2015-08-04 23:44 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
FINALLY
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[cx].txt as well.
Log files added sir
-
How is the computer now ?
-
How is the computer now ?
No pop ups as of now. Lets wait and watch a day.
And sir thanks for your help.
Please provide some kinda support for my Android also. Its struck badly. Cannot open any website other than google, Immediate pop ups on touching the screen.
-
Unfortunately I know nothing of android
There is an android version of MBAM https://play.google.com/store/apps/details?id=org.malwarebytes.antimalware&hl=en_GB
-
i have the app on my phone. I scan it daily but it says no virus threats found.
-
How is the computer now ?
AND THE POP UPS ARE BACKKK
:( :(
AD-type Google :(
-
Are you connecting the phone to the computer \?
-
Yes i had to.. had to transfer some important data.
-
In that case every time you connect it you will transfer the infection.. Did you try MBAM for android ?
-
In that case every time you connect it you will transfer the infection.. Did you try MBAM for android ?
Yes i scan it daily.
It says no threats malware found.
I have factory reset my phone still the virus is there.
-
Do you synch the phone with chrome / google ? If so then that is where it is coming from
-
Do you synch the phone with chrome / google ? If so then that is where it is coming from
Ok. I wont connect my android to my laptop now.
And yes i have synchronized my android chrome to lappy chrome.
But these pop ups is on all d browsers.. Not just chrome
-
It will need cleaning again then
Please post fresh FRST scans
-
Sagar ..I am also having same problem with my nexus 5 and hp laptop... i just bought a iphone 6 and i pad and never connected it to laptop... just in one day through wifi it both of them is infected with this virus... i am really pissed off ... i tried every antivirus and anti malware.. nothing is working on this virus...did you found solution to this problem
Hey Ashish
I am also bery pissed with these pop ups.
No doubt its coming through WIFI.
I had hard reset my android , reset my mtnl modem and router.
Still virus persists. :(:(
-
It will need cleaning again then
Please post fresh FRST scans
-
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2015-08-04 23:58 - 2015-08-14 03:04 - 00000000 _____ C:\autoexec.bat
2015-08-14 03:06 - 2015-08-14 03:06 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {185A17C1-0DDC-4249-A5F2-780994553825} - \{C0084FC8-7928-41BB-A301-D9E07A30451F} -> No File <==== ATTENTION
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THEN
This is an updated version
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[CX].txt as well.
-
Is this relevant
Sagar--- This is the Solution..Call up your internet provider and ask them to change your DNS server setting... mine is airtel and they put me into some wrong dns server...the call center lady quickly realized that when i told her my problem...she rebooted my server setting from back end... and now its resolved (hope so)... recently i changed my airtel plan and may be because of that some one put me on wrong dns id which is not meant for consumers..Hope this will help.
Regards
Ashish
-
Guys if u see your problem persist when you are connected with a particular WiFi... try this with 3g connection or your mobile service provider connection you won't face this pop up ... mine is working fine now ... the problem got rectified when my airtel guys changed the DNS server of my WiFi
My pop ups even coming on 3G data :(