AdFly Malware Removal - Help please

Hi

My PC has a virus or spyware called Adfly or AdF.ly (note the placement of the dot in the alternate name). Has anyone had experience with it? With this infection, Firefox will occasionally interrupt my browsing and pop up another window/tab to go to a link that is usually an advertisement. Near the top of most of these new pages is the word "AdF.ly", hence the name of the malware. I've attached a screenshot of a typical adfly page.

When it's not popping up ads, it runs in the background, often making my HD grind and tying up significant system resources. Sometimes it closes all my windows except for the ad. I did a google search, and it seems that it may be a program that some people intentionally use to generate revenue as an URL shortener? or something based on advertising. I stress that I never tried to use it, nor intended for it to get on my PC. I got my machine infected by visiting a site which came up on google image search. I admit I was not running anti-malware protection. :-o

I've tried removing it with Spybot S&D, Avast Antivirus, Hijackthis, SuperAntiSpyware, and even Windows Defender, all to no avail.
I also looked at the info and tried the tips here, but the info is perhaps too outdated:
http://virus-list-info.blogspot.com/2008/09/adfly-adware.html
If someone knows of more updated files/registry keys to try with that method, I am game.

Does anyone know of a freeware program that WILL catch and remove this? Apparently, there's a program called Exterminate-It that purports to do the job, but that one isn't really freeware/shareware. Any help or recommendations would be appreciated, thanks. :confused

My OS: Windows XP Pro.

 

I don't get any hits on Google for malware and Adfly.

My suggestion would be to download Autoruns. Click on the menu item Options, Hide Microsoft and Windows entries. Press the refresh toolbar button and then click on the tabs and see if you see anything suspicious.

Also make sure it didn't install a Firefox extensions.

I don't run any anti malware of any type also and never have any issues. What I do do is make sure Windows, Flash, Java, etc are always patched to the latest versions. Very few 0-days then that can get you.

 

It is a website that shortens urls. Here is the main page

Code:

http://adf.ly/

It is like tinyurl http://tinyurl.com/ or snip http://snipurl.com/site/index

 

READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

 

I had this and found the following:

In my startup, I had an entry that read 'Adobe Reader' and pointed to the following file:
%appdata*\microsoft\windows\reader_sl.exe

So I clicked start, run and entered %appdata*\microsoft\windows\
to get into the folder
In that folder, there were two suspicious files:
reader_sl.exe - it's icon was the icon used for .dll files
update.exe

Both of these checked as a trojan with 4/40 antivirus engines on virustotal (not a lot).
As long as the reader_sl.exe remained in memory, my browser would shut down as soon as I tried to open the ad aware page (for download) or this page. When I terminated the process, I was able to get around and do as I pleased.

I have now manually added ad.fly to my hosts file to point to 127.0.0.1.

Hope this helped someone.

 

Can't seem to edit my post - that sucks. Just to add, it's adf.ly and not ad.fly. Also, the home page of my browser had been hijacked and set to:
q00qlle.com (not q's and not g's as well as an additional l).

 

You have an infection and you should follow Just Playin's advice. Good luck!

 

Thanks for the replies, but this happened almost a year ago and I tried the Malware Removal Guide mentioned, twice, to no avail. I've long since resorted to the nuclear option (DoD overwrite + format). Maybe this thread will be useful for someone else in future.

 

I suggest you try the Malware Removal Guide again and then post to that forum so the wizards there can help you. I'm pretty confident they can get to the bottom of it. Malware is constantly changing. You may have originally gotten an early version of a bug that the Malware Removal Guide then didn't address because the bug wasn't prevalent. Whatever it is, I'm sure the wizards can find it but you first have to ask them by submitting a post.

PS I can't swear to this, but it's my understanding that some 'viruses' can persist through a reformat, so bear that in mind, too.