Pesky Ad Bug - Need Assistance Killing It!

Page 2 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.

KTreu42

Honorable
Apr 13, 2012
14
0
10,560
Hey folks, so after I've exhausted myself on any tech-related issue I always turn here and I'm never let down. So, here's what I've got...

First off for the record, I use Chrome, and I have not tested other browsers to see if the issue occurs there.

I have some sort of malware that I cannot stamp out. It is a redirecting/ad popup. After I click a link, or sometimes just click somewhere on a page, the page redirects momentarily to a blank page with the tab title "sup," and then after a moment redirects to a number of various spam websites. I apologize that I don't have any screenshots to show, but I figured it would be out there. I did lots of googling, and when I found some info on "suptab" it didn't quite seem to be what my issue is.

I've run Malwarebytes A-M many times, I've run AVG scans, and also Kaspersky antivirus. There are no visible Chrome extensions causing it, and I've fully reinstalled Chrome since the problem. Nothing has resolved the issue.

The issue MAY have begun when I copied over old files from a laptop hard drive (the last issue I was on these forums for, ironically). However, I didn't copy any system files over, and I wiped that hard drive once I had everything I needed from it. But that's just a possible issue I wanted to note.

Does anyone have ideas on what I can do next? If it would be helpful for me to run any specific diagnostics and copy the results here, I can do that.

Thanks all!
 
Solution
try adwcleaner, download it from bleepingcomputers.com, if that doesn't work you can also try roguekiller. but usually adwcleaner will get those. also, check in your program file list to make sure your bug isn't installed as a "legit" program, as well check your internet options in your control pannel, make sure you're not set to use some shady malware proxy to connect to the internet. some adware work that way too.

ingtar33

Honorable
Dec 17, 2012
249
0
10,910
it's possible you downloaded and installed some bloatware. some of that just straight up slips past virus checkers.

as i said before, you're gonna need to go through the installed program list and uninstall anything that was installed around the time this started to happen

load into safemode with networking
clean out your temp folders (c:\users\%username%\appdata\local\temp; c:\windows\temp) and delete your browser cache for all your browsers, and clean out your windows download folder
then you'll probably need to run roguekiller
run adwcleaner again
download and run malwarebytes, make it a full malwarebytes scan, the quick scan skips rootkits

reboot and make sure you're loading back into safemode each time

once all of that is done, load your browsers one at a time, and check them for "addons and extensions" remove all addons that look fishy, heck in chrome you can remove all the addons with no harm to your browser. make sure your search engine isn't hijacked (check the default search providers), make sure in internet options you're not running through a proxy...

then reboot and see if it's gone.
 

KTreu42

Honorable
Apr 13, 2012
14
0
10,560


I did everything you said, to a T. Rebooted, clicked the link in my email to this thread and first thing I see:

d8xmr.jpg


:fou:

This is so ridiculous, I can't believe that, after running that many antivirus/malware/rootkit programs in safe mode, clearing my browser, and checking programs and addons multiple times, it still happens.

I don't want to do a full OS restart, I have so many games and files that I do not want to be forced to re-download, or copy over somewhere, because of a flippin' popup bug.
 

ingtar33

Honorable
Dec 17, 2012
249
0
10,910
ok. i did a little bug specific research.

here is how you get rid of that one.

this bug hijacks 2 things. 1) your default home page, and 2) your shortcuts to your web browsers to force that default webpage.

SO for each browser you're going to have to start them up, click pass the add, until you can open the settings. manually change the start page to something else.
THEN, close the web browser and right click on EVERY SINGLE shortcut you have for that browser, and delete the command line it adds to the EXE line in the sortcut.

That should eliminate the problem. see the virus itself was already eliminated (likely), but it left behind broken shortcuts and homepages. so you'll need to fix those manually.

See if the problem goes away then

 

KTreu42

Honorable
Apr 13, 2012
14
0
10,560
I did what you suggested, ingtar. I've never had issues with the homepage doing anything weird. I use Chrome exclusively, and I have the "new tab page" as my homepage. But for now, I changed it just to be safe.

For the second part, I checked the application command line on the Chrome shortcut on my desktop. It looks pretty normal to me: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

I'll let you know if I see an ad again, haven't clicked around too much today.
 

ingtar33

Honorable
Dec 17, 2012
249
0
10,910


ok. let me know if anything else comes up. thus far nothing has popped up that makes me say "wipe and reload", but then i actually get paid to do this for a living. and there are bugs out there that is the only option. we're not there yet.