Can't get rid of this adware even after reinstallation of my OS 3 times

Status
Not open for further replies.

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
Ok, So it started back in 27 of April this year and I thought it was some common adware so I will get rid of it after I finish my project by reinstalling my OS. So I reinstalled my OS on 1st of April and everything was fine I didn't get any of the adware thing after that at all. But today that is 9th of April it started again. I click something and it opens up some adult website. So I thought it might be some adware again that I might have un intentionally activated so I reinstalled my OS but nothing changed I was still getting it. after 3 re-installs today I got fed up and thought of asking from some experts. So I fired up Tom's Hardware but It was way to hard for me to open the website as the adware was messing with me all the time.I really want some help. It is quite depressing for me. I think that clicking fires up the adware IMO not sure though.
Antivirus I was using : Avira free version
I changed it to Bitdefender free version yet nothing changed.
Please help I have my siblings at my home who are young to watch all those sites and usually use my PC.

PS. These are the websites which I usually get redirected to. bonjovi-fc.info go.trafficshop,com adultlube.info and then these to redirect me to some adult site

I need a cure.
 
Solution
@Skylyne I stated above the only way is to change your ISP which I cannot do just because other ISPs other than mine don't want to setup a new route of connection as it will cost them a lot for a single connection.

BTW I spoke with MTNL the did something with my IP and I haven't seen the problem for a month now

COLGeek

Cybernaut
Moderator
If this is happening with a fresh install of the OS, then you have an infection of another variety. It could be a problem with your OS image or with one of the applications you are installing.

So, where did you get your OS and the applications you are installing? Also, have you fully scanned all of your storage devices for viruses/malware?
 

mbarnes86

Distinguished
Sep 16, 2010
245
0
19,110
Hi

When re installing windows did you format c:?

This may not be enough if a master partition sector virus is involved
This would require running something like DBAN or a hard disk diagnostic program to wipe the MBR or first cylinder of the disk

Hirens Boot CD has suitable software
But this requires erasing all data on c: d: etc

So backup first to a usb drive or cloud or another PC over the network

Data files like word excell acrobat PDF can be infected and need scanning

You need either a full internet security package or a antivirus package & an anti malware package which is active all the time

You need something like secunia PSI to report if programs and windows are not upto date .I hope you are not still using XP

While on the Internet use a restricted account not a admin account to reduce the risk of infection again

Regards

Mike barnes
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
I lot of adware that I have received and have been analyzing has been writing itself to the unallocated space on a lot of hard drives and SSD's that a lot of manufactures hide so you can't see them. I won't go over the details on how this works but I can give you a recommendation as to what normally fixes the issue. You simply just need to delete the unallocated space, then reformat it to something like NTFS. To do this go into the windows search bar and type Disk Management then locate the drive with no letter on your computer, then click on it and click delete volume, you then will get an option when you right click on it again to create a new one. Create a new one and make it so it uses up all the extra space on that part of the drive, format it to NTFS and then follow the instructions. After that I would perform another fresh install of your operating system just to avoid having anything become contaminated again. Once you get everything up and running again do a very basic install, only use the driver disk, and only install windows updates. Go to ninite.com and download the basics that you need like web browser,run times, and a simple AV. Then download http://unchecky.com/ this will prevent you from agreeing to install anything that you don't want to install on commonly installed programs. But this has been my personal experience with what works for those types of things from what I have seen when I have done reverse engineering of malware.
 

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
Yeah I didn't formatted my D and E drives can that be a problem? I did format my System reserved one though. I installed Win8 thrice and currently installed Win7 and it got the adware again.
I have some of my project files on my E drive can I create a back up of them or is there a chance they might be infected too. And can my Modem be the culprit? I mean can it contain some kind of virus? I got my Win8's copy from a friend of mine who gave it to me and it used to run perfect on his system without any problem.
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
Just make sure you have no unallocated space on the drive. Use the disk management tool that I listed that comes with windows and make sure that space is taken up. Just scan a flash drive to make sure it's clean then transfer your stuff, and also make sure you disable autorun before plugging it in again to your clean system and scan it.. Then just reformat everything, and reinstall only the things that you really need through somewhere trusted like ninite.com one of my co-workers sons laptop had over 12 gigs of unused space on the drive that was hidden on the system and when we made it so it wasn't hidden the drive had several .exe and even encrypted folders that had various logs of what it was doing.
 

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
I cannot find any drive without a drive letter on disk management

Update: I completely reinstalled my OS again removing all the partitions and recreating them. I am still getting this annoying adware redirect everytime and I got a redirect just after my pc was switched on. And in the past the copy of OS I have never gave me any problem after installation
 

mbarnes86

Distinguished
Sep 16, 2010
245
0
19,110
Hi

Maybe your internet router has been hacked instead of your PC

If you have the configuration details available you can reset the Internet router
Change default user name and password
Turn off remote access and configuration
If possible have login only from a network cable not wifi

Then re enter your ISP specific account settings

There have been reports of some internet routers being vonerable to hacking

Alterative if you have a Lenovo brand PC the manufacturer installed addware software called super fish or similar name which would be on any windows recovery disk

http://www.pcworld.com/article/2887392/lenovo-hit-with-lawsuit-over-superfish-snafu.html

Is your windows disk a microsoft branded system builder OEM disk or one from Lenovo or other manufacturer?

Regards
Mike Barnes
 

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
I tried gmer.exe but it says sqgsbxlh.exe has stopped working. Update: It ran after I restarted my PC. After a quick scan it said it Finished successfully and this is what it showed on the window
jg436c.jpg


And I dont have a router at home all I have is a modem and a connection splitter for telephone and internet. What is the probability my modem can get infected? if it is what can be done. Update: did a Reset for my modem nothing happened I didn't even had to configure it ran as if I never reset it. And wasn't able to get rid of the problem.

And this is wat I am getting recently does Nginx has something to do with it?
2nklz4x.jpg
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
Nginx and cloudflare are both legit services for websites. The next step would be to boot into safe mode and disable any AV and run http://www.adlice.com/softwares/roguekiller/ and then run http://www.superantispyware.com/ along with Ccleaner once it finishes. Most who tell others to run these don't know how to run them themselves, but you need to disable av and run all 3 of these in safe mode. Once they finish enable your AV again, then change your password on all of the accounts that you have. Then go to http://passwordsgenerator.net/ and generate a new password for your windows login. Set the length to 16 check all the boxes but the last two, generate your password, write it down or take a picture of it but don't share it, then change it and reboot your system. Also forgot to mention while you are in safe mode reset all of your browsers to their factory default settings, even if you don't use them.
 

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
Ok I did the exact you said. I booted my os in Safe Mode disabled my AV Ran Rogue Killer then ran Superantispyware and the ran CCleaner after all was done I I actually reinstalled OS to Win7 so it stays clean after I did everything. It seemed to be fixed for a while but later that evening this thing started again.
 

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
So I am thinking it is something with my ISP. What I did was I took my CPU to a friend of mine and reinstalled my OS there and tried to recreate this adware problem there. by Opening an insecure website that doesn't has the lock kind of thing. Opening Tomshardware as it is where I get the most from that adware. Then I assumed it might be my ISP for sure but to recheck I brought back my CPU to my house and plugged in the lan cable and bam those websites are opening again. So I want to know is that am I right that my ISP might be the culprit? What can I do? Should I change my ISP? BTW My ISP is actually a Semi-Govt. ISP in our country that is MTNL.
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
If you read through the other posts you would know that OP mentioned he doesn't have a router only a modem. The ISP you listed has been under the microscope for years for working with the government in your country on spying on people use them as an ISP. So I would just get a new ISP, deban your drive, reinstall everything once you get your new modem and that from your new isp and I bet your problem will be solved. Also if you want tor read the paper that listed your ISP in doing this you can read it here. http://www.livemint.com/Politics/rpWFiDJroLgpLQ6yKdR3pJ/Telcos-to-soon-link-with-government-monitoring-system.html there are more up to date papers confirming this but this one should give you a general idea. The paper is mostly talking about mobile but this also has had impact for internet service providers.
 

Greyfalcon

Estimable
May 10, 2015
8
0
4,510


Hi,
I'm facing the same problem since last week. Whenever I click anywhere on the page of any website I open, another tab opens in which these sites like bonjovi-fc.info and others open up and they redirect me to some adult websites. You said that it might be because of the ISP. But my ISP is BSNL....not MTNL. Are you sure it is because of the ISP? And does that mean that two of India's major internet service providers (BSNL and MTNL) are infected with this and nobody knows about it??? What if I switch to another ISP and the same problem appears again? I can't keep jumping to new ISP's every month here in India :'(

 

Sumit Das

Estimable
Mar 17, 2014
14
0
4,570
I have applied for I will let you know when I get my new connection set in some days. I would also like you to tell me if you live near Delhi or NCR. When did this start to happen. How did this happen if you remember. This will help us to may be find the cause and this can be prevented in future.
 
Status
Not open for further replies.