Author Topic: LinkBucks adware - how to remove?  (Read 12958 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24351
  • malware fighter
LinkBucks adware - how to remove?
« on: April 27, 2010, 12:18:38 AM »
Hi forum friends,

Page opened up: htxp://a1b08eb4.linkbucks.com/

How to get this from your computer? Blocked it with NoScript,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32144
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: LinkBucks adware - how to remove?
« Reply #1 on: April 27, 2010, 02:24:00 PM »
Hi forum friends,
Page opened up: htxp://a1b08eb4.linkbucks.com/
How to get this from your computer? Blocked it with NoScript,
polonus

Did you get this from surfing a hacked site..? http://wordpress.org/support/topic/377664
Or did you mean it opens from your pc? Check your hosts file!
Or didn't i get your question right..?
asyn
XP SP3 - Avast 10.3.2222.R3.RC - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.8 [NS/ABP/EHH/BP/SVC] - Thunderbird 38.0.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
    • Shift Style
Re: LinkBucks adware - how to remove?
« Reply #2 on: April 27, 2010, 02:31:37 PM »
polonus+infected pc=CONFUSED ??? ???
what is the question,or what do you mean :-\
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32144
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: LinkBucks adware - how to remove?
« Reply #3 on: April 27, 2010, 02:55:57 PM »
polonus+infected pc=CONFUSED ??? ???

Yes, i wonder, too. :(
But it can happen to all of us unexpected...
asyn
XP SP3 - Avast 10.3.2222.R3.RC - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.8 [NS/ABP/EHH/BP/SVC] - Thunderbird 38.0.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24351
  • malware fighter
Re: LinkBucks adware - how to remove?
« Reply #4 on: April 27, 2010, 03:35:35 PM »
Hi Asyn,

It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll's, nothing there, nor anything out of the ordinary seen to processes in Process Explorer. This is closest to what I experienced the Rapidshare annoyment:
http://www.technize.com/remove-waiting-time-in-rapidshare-and-other-sites/
SkipScreen, a free firefox extension, comes to help here. SkipScreen is a firefox extension that bypasses the waiting time on Rapidshare and many other sites. The list of sites is given below:

zShare
Mediafire
Sendspace
Sharebee
Rapidshare
Megaupload
DepositFiles
Linkbucks
Link-protector
This add-on is controversial Re: http://www.maximumpc.com/article/news/mediafire_not_too_happy_about_skipscreen_firefox_addon

polonus
« Last Edit: April 27, 2010, 03:41:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
    • Shift Style
Re: LinkBucks adware - how to remove?
« Reply #5 on: April 27, 2010, 05:20:16 PM »
I wish it is just an annoy made by download websites.
anyway we all get some of those from time to time
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24351
  • malware fighter
Re: LinkBucks adware - how to remove?
« Reply #6 on: April 27, 2010, 07:54:08 PM »
Hi superhacker,

It is annoying. Here is a removal script  for those that have it on their websites:
http://userscripts.org/scripts/review/56273

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
    • Shift Style
Re: LinkBucks adware - how to remove?
« Reply #7 on: April 27, 2010, 07:54:52 PM »
thanks ;)
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24351
  • malware fighter
Re: LinkBucks adware - how to remove?
« Reply #8 on: April 27, 2010, 09:49:54 PM »
Hi Superhacker,

Here you have this same code compressed:
Code: [Select]
var url=document.URL.split("url/")[1];window.location=url;
pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32144
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: LinkBucks adware - how to remove?
« Reply #9 on: April 28, 2010, 01:23:29 AM »
Hi Asyn,
It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll's, nothing there, nor anything out of the ordinary seen to processes in Process Explorer.

Hi D, good you could catch it early enough..!! :)
(Malware Domains Filter Abo for AB+ http://malwaredomains.lanik.us/malwaredomains_full.txt)
asyn
XP SP3 - Avast 10.3.2222.R3.RC - CIS 3.14 [FW/D+] - MBAM 1.75 [OD] - Firefox ESR 31.8 [NS/ABP/EHH/BP/SVC] - Thunderbird 38.0.1 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos):
https://forum.avast.com/index.php?topic=60523.0