Author Topic: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers  (Read 9038 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #15 on: September 16, 2017, 01:27:56 AM »
Even after system restart?
unfortunately yes :( at least on firefox.

I have scanned the PC Nr. 2 with FABAR again and attached the logs.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #16 on: September 16, 2017, 12:01:28 PM »
Let's clear this. What is the status of PC 1?

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #17 on: September 17, 2017, 05:29:35 PM »
Let's clear this. What is the status of PC 1?
I still get some pop-up windows on some pages. Not so often as on PC 2, but never the less sometimes. Here are the logs of PC 1.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #18 on: September 17, 2017, 06:33:53 PM »
Your router settings has been modified by malware. Login to your router configuration page and find DHCP server settings. There you will find "87.117.234.36" as primary DNS server. Remove it and set router's local IP address as primary DNS server (default gateway address and primary DNS address should be same).

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #19 on: September 17, 2017, 07:55:07 PM »
Your router settings has been modified by malware. Login to your router configuration page and find DHCP server settings. There you will find "87.117.234.36" as primary DNS server. Remove it and set router's local IP address as primary DNS server (default gateway address and primary DNS address should be same).


OK. I have found the DHCP Settings on my router configuration page and have changed Primary DNS as you told me. It seems to help. I can not notice any popup windows now. but I will keep watching it next days and write here if I see something suspicious.

You wrote - "router settings has been modified by malware". Is the malware still in the system? How could I find it? and more important, how to prevent it in the future?

 I have changed the default login and password of the router configuration page. Would it prevent the malware to make modifications in the future? Should I change anything else here?

« Last Edit: September 17, 2017, 08:04:50 PM by dafarulia »

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #20 on: September 18, 2017, 01:42:07 AM »
It wasn't present in your systems according to FRST logs. Changing default password for router configuration should prevent future attacks and no additional action required. However, XP SP3 no longer receives security updates and PC2 is capable of running 7, 8.1 and 10 so you should consider installing them.


If there is no more adware popups:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.]
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #21 on: October 02, 2017, 07:51:30 AM »
It wasn't present in your systems according to FRST logs. Changing default password for router configuration should prevent future attacks and no additional action required. However, XP SP3 no longer receives security updates and PC2 is capable of running 7, 8.1 and 10 so you should consider installing them.


If there is no more adware popups:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.]
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.




On the PC Nr. 2 I sometimes still have the same issue. Not so often as earlier, but never the less on some pages it shows same pop-up windows. :(

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #22 on: October 02, 2017, 10:31:44 AM »
Can you make screenshot of that popup window and page on which it showed? Just to make sure was popup caused by adware or by web pagee you visited.

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #23 on: October 02, 2017, 12:28:32 PM »
Can you make screenshot of that popup window and page on which it showed? Just to make sure was popup caused by adware or by web pagee you visited.
Unfortunately today I have no acces to the PC Nr. 2.  I will have it in two days and then I will make screenshots. 

But I remember one webpage where I got pop-up windows last time. Here it is if it hepls:  http://sostavproduktov.ru/potrebitelyu/kak-izbavitsya-ot-pishchevoy-moli

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #24 on: October 04, 2017, 06:01:12 PM »
Can you make screenshot of that popup window and page on which it showed? Just to make sure was popup caused by adware or by web pagee you visited.
Here are the screenshots.

First appears page Nr. 1 (blank), than it redirects to other (different) pages, here is one of them on the second image.

See attachments.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #25 on: October 05, 2017, 12:20:47 AM »
Attach fresh FRST logs from that PC.

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #26 on: October 07, 2017, 04:11:21 PM »
Attach fresh FRST logs from that PC.
Here it is. Logs from Pc Nr. 2 made today.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #27 on: October 07, 2017, 07:34:29 PM »
Did you install Tampermonkey?

REDACTED

  • Guest
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #28 on: October 09, 2017, 07:39:03 AM »
Did you install Tampermonkey?
I do not really remember. I think yes. It was together with some kind of chrome addon as I remember. Adblock or something similar.

Is it a dangerous addon? Should I remove it?

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Malware Causes Pop-up Windows (oneclickrev.com) in Browsers
« Reply #29 on: October 09, 2017, 09:35:35 PM »
It is not dangerous but it can be misused by adware. If you don't use it feel free to disable/remove it.