Cannot Remove Ad's by 'Notification' / 'Advertising Support'

[Kyle Dressler]

This is what happens when you give a 13 year old administrator privileges. -.-

EDIT: In fact on this page the ads appear IN the posts. Not even spaced out in between them.

For clarification sake this is the site it directs me to:

advertising-support why.php?type=3&zone=372666&pid=1685&ext=Notification

That website says it's as simple as uninstalling this website's program:

coupondropdown

Which I also do not have installed.

I'd also like to note that by uninstalling the internet browser and re-installing it the ads briefly disappear. Leading me to believe the adware/malware is located elsewhere on the system, and isn't just a simple extension like all of the quick fix guides suggest.

I just noticed pop-up tabs also attempt to emerge in the browser as well.

 

[Kyle Dressler]

I browsed through a few other forum posts and think I may have found he solution. I simply reset my router, as it was a solution for 'blue highlighted text' a few posts back hopefully this is a permanent solution if not i'll be back within the week with and update.

EDIT: Nevermind -.- they came back after leaving this page.

 

[TwinHeadedEagle]

Hello,


Let's make one fix with FRST.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Kyle Dressler]

Ran the fix, what's the next step?

 

[TwinHeadedEagle]

Do you still have ads?

 

[Kyle Dressler]

Yes I do still see ads. :T

I'd also like to note that physical popup tabs have made their way through now. With the same link appearing in the bottom right to 'advertising support'

I haven't check other users for symptoms though, when running the adware scans files appeared to be found on other users. Is it possible for it to be isolated one user's account? I might login as another user to test this between now and tomorrow morning.

 

[TwinHeadedEagle]

Okay, keep me updated. I would like to see picture how that pop-ups look like.

 

[Kyle Dressler]

It's getting worse I'm getting pop-ups approximately every 20-25 web page changes or clicks, here are some examples of ads and popup attached.

I'm getting scared that this is going to get worse. It's asking me to download 'updates' or 'repairs' now, it wasn't doing that before.
When these pop-ups appeared the browser downloaded files for the one in the middle it was called: DownloadFileSetup_55MdT.exe
And the other was a blatant fake: Player-Chrome.exe
The firewall removed both immediately.

 

[TwinHeadedEagle]

Do you know how to reset your router to factory settings? I would like you to do so.

 

[Kyle Dressler]

Just by pressing and holding the router button correct? I believe i attempted this previously but i'll give it another shot. Should i shut off the computer in the meantime? Maybe remove the LAN cable as well?

 

[TwinHeadedEagle]

You can remove it if you wish. Please consult your manufacturer/model manual how to perform factory reset. I am not sure you will do the job only by holding reset button.

 

[Kyle Dressler]

Reset the router a second time no luck. Running AdwCleaner again. I feel like I'm just running troubleshooting options at this point. I'll run all the scanners and post the results from them all afterwords.

 

[Kyle Dressler]

[AdwCleaner Reports]

 

[TwinHeadedEagle]

Okay, let's scan your PC again.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Kyle Dressler]

Reran JRT, (Side note did they just recently update JRT?)
and I also reran FRST scan to see if there were any new changes.
I'd also like to note the the in site ads have reduced in frequency there used to be interspersed larger square ads in addition to the rectangle ones inside the page, the square ones have ceased to appear.

(I ran the additional scans if that's what you meant.)

 

[TwinHeadedEagle]

First, go and remove Shopop

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Kyle Dressler]

Ran the fix, also ran HitmanPro and Malwarebytes. Ads are still here though. Reran FRST scan.

In addition Norton has been locking down viruses more frequently when I am simply browsing on a static page. In the bottom left of my browser it keeps 'waiting for' the data for ads from different sources, noting that common addresses are revsci net, rlcdn com, and majuwe com. Does that help?

 

[TwinHeadedEagle]

I would like to see report from one more tool:

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
• Your machine may appear very slow and unusable after that - it's normal.
• TDSSKiller will run automaticaly. Click on Change parameters and click OK.
• Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  If Cure is not available, please choose Skip instead.
• Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

 

[Kyle Dressler]

Scanner found one thing an updater for a gaming program. It says the file size is too large to upload here are it's contents:

not good.

 

[TwinHeadedEagle]

Not good. I need whole report. Upload here

http://zippyshare.com/