Sudden popup in all browsers on some sites - How to remove?

0

Recently got infected with something where, in all browsers (IE9, FF, Cx), a 3.5" square popup appears on many sites in the lower left (or right) corners. It wants me to download something or watch videos or install plugins, or shows ads, etc. I'm looking at it right now on SuperUser.com. Doesn't show up on bing, google, ibm, facebook, etc. but get it here, stackoverflow.com, and triumph.com (for example).

  • Hosts file has 127.0.0.1 localhost and ::1 localhost.
  • Had browser DNS settings at 4.2.2.1-4 but restored to TWC.
  • Full scans in updated malwarebytes and MSE each returned 10 threats, which i've removed.
  • Kapersky TDSSKiller found one threat, and removed it.
  • Doesn't happen on another system, so probably not the router.

Must be something in my network config right? Where is this coming from and how can i kill it?

enter image description here

b w

Posted 2012-10-05T17:55:06.483

Reputation: 2 424

Are the popups on one browser or all the browsers you have on the same computer? How many user accounts are there on the machine? you may test it under another user because it can tell something. I agree with Aaron Miller. My aunt ever had such problem on her laptop but she got someone help her solve that. I think you can follow the guidance of some people to have a try. Hope you can get it solved soon. Maybe this can help you BTW. (http://www.removeviruspro.com/how-to-get-rid-of-gate-snapper-pop-up-ads/)

– leslinwaker – 2014-12-24T09:45:33.560

A screenshot may help us understand the issue better. – Ganesh R. – 2012-10-05T18:18:04.463

@GaneshR, sure, good point. I'll add one. – b w – 2012-10-05T18:34:22.107

Just a suggestion, can you download process explorer (Sysinternals) and using it find out if it is coming from the browser or a hidden application? – Ganesh R. – 2012-10-05T18:43:26.880

Have you tried following the suggestions in this question?

– Indrek – 2012-10-05T19:18:44.190

@Indrek, yes, more or less. There are a few things in the answer to that question that might help. Per Aaron below, i ran ComboFix and it eventually bluescreened after the first reboot, and now bluescreens immediately. Odd. But the good news is i think the popup is gone now. Thanks for the reference--should help in the future. – b w – 2012-10-05T19:32:32.860

Answers

2

Looks like malware to me; I've found ComboFix (http://www.bleepingcomputer.com/download/combofix/) to be extremely useful in such cases, especially with rootkits and other garbage that most virus/malware scanners can't see.

Aaron Miller

Posted 2012-10-05T17:55:06.483

Reputation: 8 849

i'm accepting your answer because i did this and now the popup is gone. However, after working for a while then rebooting itself, Combofix bluescreened. And now bluescreens immediately upon execution. Which itself is worrying. But the popup is gone, so thank you. – b w – 2012-10-05T19:34:34.357

Glad to help! What exactly do you mean when you say it "bluescreened" -- BSoD? If so, please post the error code from the BSoD and I'll try to find out why it happened; if not, please post a screenshot or som more detail on the problem and I'll see what I can come up with from that. – Aaron Miller – 2012-10-05T20:33:01.810

thanks. Yes, BSoD. But, ran again and it completed. Rebooted to finish and displayed the log. But then trying to run anything gave me "attempted operation on reg key marked for deletion" (or some such). So after yet another reboot it appears to be okay now. Very weird. – b w – 2012-10-06T20:15:03.113

The BSoD may have been unrelated. I've seen a couple since then but not when CF was running. Ugh. – b w – 2012-10-07T17:04:04.060

Asked: 2012-10-05T17:55:06.483

Viewed: 976 times

Active: 2014-12-24T09:45:33.560