Can't seem to remove "Ads by discountbomb" adware virus?

[jtpetch]

Ok, so, I've been having an adware problem lately.
About a week ago, I was browsing the Minecraft forums like i do normally, and I clicked on a thread that looked (and was) legit. Chrome crashed.
I started chrome back up, and then there were these "ads by discountbomb" ads on every page, and whenever I clicked on something, sometimes it would redirect to an adware page. It also highlights some words, and when i hover over them it opens a popup.
This is very annoying, and it raises my cpu usage by a bit, which is also annoying.

I already had malwarebytes installed, so I did a scan with that, and it removed a few things. Afterwards, for a few days, it was fine. No "discountbomb" ads, all clear.
Then after a few days, it came back again. I had even stayed away from the MC forums, thinking that maybe it was virus that had infected their server and then to me
Scanned with MBAM again, removed something, same course of events.
So I went and downloaded BitDefender adware remover, had it scan, it removed a few things, and again, the same course of events.
As of now, I only have Win Defender as an AV (I had previously had Norton 360 as an AV; that i was getting free with my Comcast service, but they're having a problem with that right now, so I don't)

I'm not really sure how to get rid of this, and would appreciate any help I can get.
Thanks!

 

[Joseph DeGarmo]

Try removing the adware, then using system restore to roll back to a point before the adware was installed. If you created a backup disk image to a point earlier, roll back to it.

 

[scout_03]

2 way to complete removing http/blog.mitechmate.com/how-to-remove-ads-by-discount-bomb-completely-manual-removal/ and this http/deletemalware.blogspot.ca/2015/04/remove-ads-by-discountbomb-malware.html it is in program files and in the browser with registery key .

 

[Darkseany]

I've had this problem a number of times. The "Powered by____" is usually different every time. Conduit... coronaborealis.... lots of crap.

I remember doing everything i could think of... Finding every single file associated with it by finding weird unrecognized programs in the task manager and finding their file location...
Often to delete them I had to close them, but they'd just startup again so I used unlocker to rename them so that I could close them in task manager without them relaunching and then delete i'd them. unlocker is small, but awesome. It lets you bypass so many restrictions with just a right click. Especially "file in use issues." Usually can't delete "Access denied" though
Despite removing these (which I'll bet were just the programs adding the crap, not the crap itself) the ads remained.

searching for it in the registry and removing them... going through my appdata local and roaming and removing suspicious stuff in there too (usually looks like jumbled text like unmafg or potaarifngoe or fattayl. stuff like that) And they'd sometimes stop.. but always came back no matter what i did.

Adwcleaner killed a lot of the hidden stuff I could never find myself, particularly in system32, as going by "date modified" isn't going to help me much in there. Yet even then... many still returned.

Then I discovered that they were manually changing my DNS as well. I went into my network and sharing center -> adapter settings -> properties on my network adapter and checked the IP4 (Internet protocol version 4 [TCP/IPv4] ) And noticed it was manually set to something. Turned it back to automatic... Some of them in my experience stopped here.

But there were some that STILL CAME BACK.

And JUST NOW... I FINALLY KILLED THEM. I had jumped from 3 different browsers because of these things and I cured them all at once.

It's the Host file in C:\Windows\System32\Drivers\etc
Navigate to that folder and open the file labeled "Hosts" with notepad.

Now normally, it should either say "Localhost" followed by some spaces and then 127.0.0.1
Sometimes it will appear like this as well (same thing but with instructions):

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

NOW if you see ANYTHING beyond that point, particularly in this format:

127.0.0.1 www.somerandomaddress.com

DELETE IT. This is how it keeps getting back in.

You'll notice that after you do so and save the host file, it won't allow you to save it in that folder. So instead, save it to the desktop. MAKE SURE to keep the file in the same format, do NOT save it as a .txt file

Now go back to the old hosts file (the one you couldn't overwrite) and rename it Hosts.old
and then drag the new hosts file from your desktop into that folder. If you've nipped everything else in the butt but keep seeing the ads, THIS should be the Coup de grâce.

I hope this helps someone. And if in fact it does and I'm not just an idiot spouting off one tiny possible fix that only worked for me, spread it around; copy/paste it! because google is FLOODED with websites loaded with garbage advice about all these issues claiming to be "pcfixhelp sites" and they all are just garbage trying to make you download "spyhunter" or some other feeble anti-adware crap to keep the market technologically vulnerable and ignorant.

I say.. be your own anti-virus program.

 

[LukeFatwalker]

It sounds like you don't have a solid backup plan here, but more on that in a sec.

This adware is in fact one that you can actually just find in the registries. So in terms of malicious content being added to the computer, this one is farther down the list in terms of stress.

You should start looking at a backup. You don't specify if you have a disk imager or a snapshot program but you should consider even freeware solutions like Macrium Reflect Free or Rollback Rx Home. While this adware is easy to fix, this should be a bit of a refresher as to the need for a solid backup.