Infection on the Site

sayarsan's picture

I've noticed that advertisements have begun appearing at the top of the page and in blue letters similar to the font used on the site spriuking for the 'US Powerball Lottery', 'How to take part if you're not in the USA', 'Learn how to safely update windows' etc. It could be an infection in my browser (Chrome).

 

I have looked at the site on IE and all seems fine which points the blame at Chrome. I was blocked from using it by a warning about which I can't recall. I did manage to install a nnew Chrome browser (Ithink) but it is infected with same stuff. Ran it through AVG (with licence) but no threats were detected. 

 

I suppose I'll make IE my primary browser and perhaps do a system restore before this adware replicates in other areas.

 

sayarsan's picture

As the cognescenti among you probably assumed it turns out a malware/adware bug got into  my Chrome browser when I was caught in a scam which operates on a fake "Adobe Flashplayer update required" notice that appeared on ABC iView. Before long SBS On Demand was acting up with adds blocking the screen. When I noticed adds appearing on this site I wrote the above piece.

 

In the meantime I had a look on the net and found an excellent site dealing with this particular parasite; http://malwaretips.com/blogs/flash-player-update-removal/  gives a pretty detailed rundown on the nature of the beast, a free download link for Revo Uninstaller and the instructions for disenfecting the various browsers i.e. IE, Chrome, Firefox.

 

It goes on to instruct the reader to install AdwCleaner, Malwarebytes Antimalware, and finally Hitman Pro to scan and thoroughly clean my computer. All the downloads are free but since things seem okay for now I've decided to see if the problem has been properly solved before I go for more of these programs. I payed for a yearly licence to AVG and am a bit pissed that this got in anyway and didn't notice it when I ran a full scan and scanned Chrome's folders individually  with no threat detected. Here's hoping. Unfortunately I haven't noticed a method which enables the user to avoid picking it up in the first place.

 

I am relieved that there are no more unwanted intrusions to this site any more but when I go to my 'Timeline' for methadone I get a warning referring to "array_count_values". There is also a need to adjust the layout of 'Your Usage' page so that the two pie graphs 'All Usage' and 'Your Usage' don't obscure two columns containing data from December 2011 to May 2013.

felix's picture

Yes it's a bit of marketing shadiness when AVG sell you an 'anti-virus' app then say 'well you got infected because that infection was malware not a virus'.

I guess the differentiation would lie along the lines of 'malware is installed with the user's permission and approval, viruses are installed covertly and without express approval'.

What constitutes approval can be tricky, and what is installed with your knowledge can also be fishy as often you are installing what you believe is one thing but it turns out to be something else.

I was interested to hear that Malwarebytes is still being suggested as a cleaning tool - I have used it for years but didn't realise it was still a 'best of' tool. SuperAntiSpyware, although horribly named, is anotehr I keep in my stable.

Anyway, never just click-through installs as often reputable apps come 'bundled' with a handful of apps you'd never dream of installing.

Malware should, in my mind, be visible through Add/Remove Programs (Programs & Features in W7 and above) and entirely removable with that Windows built-in tool.

The good news is these three things:

   1. You realised you had a problem

   2. You correctly diagnosed the source of the issue (browser not website)

   3. You sourced tools and utilised them to remove the problem.

With those three steps you've pretty much graduated to a world of pc maintenance that covers most aspects.

I should also say something about backing up - with DropBox/SkyDrive all the others  available, there should be no excuse for an inability to have all your personal data stored in a location other than your local hard drive (HDD). Either manually copy your MyDox (or MyPix, whichever is unique for you) to Dropbox every few days, or actually work off DropBox (I think W8 has SkyDrive/OneDrive set up this way by default, so your 'My xx' folders are all pointing to cyberspace.

Anyway, enough pc talk. Good to hear you resolved it .

g

felix's picture

In the course of reading your article, I checked my 'Programs' panel and found a 'FilesFrog Update Checker' that I'd let slip in bundled with something - I am currently uninstalling it, but thanks for the reminder!

Sorting by the 'Installed On' date, I was able to see that it must have come bundled with a  free DVD creating application, 'DVD Styler v 2.7.2', which I had downloaded in order to create a mountable DVD file - instead of buying Nero Vision, which I used to use for such a task.

sayarsan's picture

Mine came in, as far as I can deduce, when I wanted to watch a show on SBS 'On Demand'. When I clkd on the show I wanted the screen was blocked by a 'notive stating I needed to install an update of Adobe Flash Player'. It looked legit so I clkd on it and the damage was done.

 

IE didn't last long as my default browser since it's default search engine is Google which presumably provided a route for the malware to follow into another program.

randomness