I got a call from my friend who has 3 PC’s and was having some problem with some naughty popups on all the computers so I thought this would be fairly simple to fix, but………
So when I get there they have AVG on all the PC’s and one of them has recently updated to 2015 internet security and the trial has run out but over where it is trying to get you to upgrade there is another advert of some cartoon porn.
I opened up firefox and was getting some adverts on that as well a yellow bar with black writing either at the top or the bottom of the screen and also this cartoon porn thing in the bottom right corner. They don’t appear on all websites, they seem to be worse on filehippo.com for some reason. These adverts appeared in Firefox on 1 PC and Chrome on the other 2, but no ads appeared with IE!!
So I ran
ccleaner
adwcleaner – found ask toolbar on all PCs
malware bytes – found nothing on 2 and some Trojans in recycle bin in the other
combofix – found a couple of folders
But the advert over AVG and in Firefox/Chrome were still kind of there. Whenever they tried to open Malwarebytes blocked them and all I saw was a big black cross where the advert used to be.
Then I noticed that all the PC’s had a strange DNS (8.8.8.8) even though they were set to automatically get the DNS from the router (and none of the anti malware programs I had run had found any DNS changers) so I thought I've found the problem. I reset and re-setup the router and all PC’s then showed they were getting the DNS from the router but still the adverts appeared over AVG and in Firefox but seem to have gone from Chrome.
Does anyone have any ideas?
What other programs can I try running?
TIA
So when I get there they have AVG on all the PC’s and one of them has recently updated to 2015 internet security and the trial has run out but over where it is trying to get you to upgrade there is another advert of some cartoon porn.
I opened up firefox and was getting some adverts on that as well a yellow bar with black writing either at the top or the bottom of the screen and also this cartoon porn thing in the bottom right corner. They don’t appear on all websites, they seem to be worse on filehippo.com for some reason. These adverts appeared in Firefox on 1 PC and Chrome on the other 2, but no ads appeared with IE!!
So I ran
ccleaner
adwcleaner – found ask toolbar on all PCs
malware bytes – found nothing on 2 and some Trojans in recycle bin in the other
combofix – found a couple of folders
But the advert over AVG and in Firefox/Chrome were still kind of there. Whenever they tried to open Malwarebytes blocked them and all I saw was a big black cross where the advert used to be.
Then I noticed that all the PC’s had a strange DNS (8.8.8.8) even though they were set to automatically get the DNS from the router (and none of the anti malware programs I had run had found any DNS changers) so I thought I've found the problem. I reset and re-setup the router and all PC’s then showed they were getting the DNS from the router but still the adverts appeared over AVG and in Firefox but seem to have gone from Chrome.
Does anyone have any ideas?
What other programs can I try running?
TIA
/www.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html
Facebook
Twitter