Ad links and search pop up

Discussion in 'Malware Help (A Specialist Will Reply)' started by surdidymus, May 26, 2013.

  1. surdidymus

    surdidymus Private E-2

    I am currently getting a lot of the pop up ads/links. I am also getting a pop up from, I believe, hotsearch.com when I use my search engine. It doesn't stop my search it just also opens a window with this website. I'm also getting a huge amount of ads within the websites I'm viewing that have never been there before. The am usually very cautious about downloading anything, however, my children use the same laptop under their own user name and I think they may have downloaded a game from a not so trustworthy website. :(

    I have run all of the "start here" programs and followed the instructions to the best of my ability. I think I have attached all of the requested logs as instructed. Any help is appreciated!

    Thank you!
    Tiffany
     

    Attached Files:

    surdidymus, May 26, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Does the problem only happen with Chrome? Please do not say "I only use Chrome"! Test Internet Explorer too. May times these problems occur only in Chrome or Firefox which are very susceptible to issues like this. Chrome does not have a simple reset to defaults like other browers which makes a reinstall become necessary at times. But let's try the below to see what happens.


    Uninstall the below old versions of Java:
    Java(TM) 6 Update 22
    Java(TM) 6 Update 31

    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

 
:Files
C:\Windows\TEMP\*.*
C:\Users\Tiffany\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_USERS\S-1-5-21-1224467934-964427927-47444117-1001\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}]
[-HKEY_USERS\S-1-5-21-1224467934-964427927-47444117-1001\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D}]
[-HKEY_USERS\S-1-5-21-1224467934-964427927-47444117-1001\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8232785C-5C98-4A6E-B7B4-911FFBED7582}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 26, 2013
    #2
  3. surdidymus

    surdidymus Private E-2

    Thank you for your help.

    I do not seem to have the ad trouble or the pop up links when using IE.

    Requests attached.
     

    Attached Files:

    surdidymus, May 27, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Okay then since your problem is really a Google Chrome problem, do the below:

    • Backup/export your bookmarks if you need them
    • Uninstall Chrome and reboot
    • After reboot, delete the below folder
      • C:\Users\Tiffany\AppData\Local\Google\Chrome
    • Redownload and reinstall Chrome using IE if you still want Chrome. You can get it here: Google Chrome 27.0.1453.94 Stable
    • Import your saved bookmarks

    Is it working okay now?
     
    chaslang, May 27, 2013
    #4
  5. surdidymus

    surdidymus Private E-2

    I have uninstalled and deleted the folder. I did reinstall because I prefer to use Chrome. I do not seem to have the problems with the on screen ads like before.

    Actually, the few websites that I went through seem to all be fixed except when I return here to the forums to respond, I am still getting the links in certain keywords. I am getting the same thing from this site while using IE. Could it just be this site? I noticed it a lot before. They were present when I would read a news article, but I just searched a few different articles and didn't see any. Then of course, like I said, I came back to respond and there they were. :( I also looked at another post on the forum to make sure it wasn't just mine or the bookmark I had to this page and I noticed on other posts as well and while using IE.

    Thanks again!
     
    surdidymus, May 28, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    These are quite common on many websites to help fray the costs of running the websites. The double underlined keywords are links to ads that popup when you move your mouse over them. There are many types of these ads. VibrantMedia ( Intellitxt ), AdSense and more. See >> http://en.wikipedia.org/wiki/IntelliTXT and http://en.wikipedia.org/wiki/AdSense
     
    chaslang, May 28, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds