0
Recently got infected with something where, in all browsers (IE9, FF, Cx), a 3.5" square popup appears on many sites in the lower left (or right) corners. It wants me to download something or watch videos or install plugins, or shows ads, etc. I'm looking at it right now on SuperUser.com. Doesn't show up on bing, google, ibm, facebook, etc. but get it here, stackoverflow.com, and triumph.com (for example).
- Hosts file has 127.0.0.1 localhost and ::1 localhost.
- Had browser DNS settings at 4.2.2.1-4 but restored to TWC.
- Full scans in updated malwarebytes and MSE each returned 10 threats, which i've removed.
- Kapersky TDSSKiller found one threat, and removed it.
- Doesn't happen on another system, so probably not the router.
Must be something in my network config right? Where is this coming from and how can i kill it?
Are the popups on one browser or all the browsers you have on the same computer? How many user accounts are there on the machine? you may test it under another user because it can tell something. I agree with Aaron Miller. My aunt ever had such problem on her laptop but she got someone help her solve that. I think you can follow the guidance of some people to have a try. Hope you can get it solved soon. Maybe this can help you BTW. (http://www.removeviruspro.com/how-to-get-rid-of-gate-snapper-pop-up-ads/)
– leslinwaker – 2014-12-24T09:45:33.560A screenshot may help us understand the issue better. – Ganesh R. – 2012-10-05T18:18:04.463
@GaneshR, sure, good point. I'll add one. – b w – 2012-10-05T18:34:22.107
Just a suggestion, can you download process explorer (Sysinternals) and using it find out if it is coming from the browser or a hidden application? – Ganesh R. – 2012-10-05T18:43:26.880
Have you tried following the suggestions in this question?
– Indrek – 2012-10-05T19:18:44.190@Indrek, yes, more or less. There are a few things in the answer to that question that might help. Per Aaron below, i ran ComboFix and it eventually bluescreened after the first reboot, and now bluescreens immediately. Odd. But the good news is i think the popup is gone now. Thanks for the reference--should help in the future. – b w – 2012-10-05T19:32:32.860