I have some sort of adware that isn't being detected by anything. What should I do?

This started happening a couple of days ago. It's a small and simple form of adware, but it's incredibly annoying. It linkjacks your results on google. For example, if I search for "jobs", the top result is Monster. But if I click it, I get sent to a random spammy site.

I have Microsoft Security Essentials' realtime protection on. I have run a full system scan with it, Avira, Malbytes, and Spybot. None of them pick up anything. There is nothing suspicious in my task list, and no unknown applications or services are starting up with my computer. I have no extensions for chrome running.

What can I do?

adware

ryeguy

Posted 2010-07-26T17:54:47.670

Reputation: 671

Answers

I would try running a scan for outside the OS in case u have a rootkit that could be hidding it self inside the OS. Heres a link to AVG free bootable virus scan AVG Rescue CD

You could also try flushing your DNS by running the command "ipconfig /flushdns"

if nether of the to work try a system restore.

Last case scenario Back up, format and reinstall.

djshortbus

Posted 2010-07-26T17:54:47.670

Reputation: 517

Thanks, this found a rootkit on the pci.sys driver in my system32 folder. Nothing else picked it up. – ryeguy – 2010-07-28T01:39:43.443

If you think there is a bad exe or file and not some registry setting try burning a TRK cd and doing a scan with that. If you think it is in the registry look at Hijackthis or Autoruns. No matter what you do be careful with Hijackthis and Autoruns if you are new to them, just unchecking everything could cause way more damage.

David Remy

Posted 2010-07-26T17:54:47.670

Reputation: 1 899

Also check your hosts file! Hosts is often overlooked, but if it gets edited you will be redirected. It is a native windows config so nothing fishy will show up in task manager.

Go to C:\WINDOWS\system32\drivers\etc folder. There is a file named "hosts" which is basically a list of redirects. There may be a number of them in there from AV programs as some anti-spyware and antivirus software will redirect from known bad urls to 127.0.0.1 (localhost) to prevent you from connecting.

JNK

Posted 2010-07-26T17:54:47.670

Reputation: 7 642

Check your network settings - particularly the DNS servers that you're using.

It could be a sophisticated scam that rather than simply blocking URLs uses the DNS to return the spam site rather than the true value.

Try just clearing the values in the first instance, then double check with your ISP to see what values they should be.

If this is the case, you still should run something like Malwarebtyes to see if that can remove it. Failing that it is a system restore or even reformat.

ChrisF

Posted 2010-07-26T17:54:47.670

Reputation: 39 650

You haven't mentioned which browser you're using, but if it's Firefox, then the solution might be easier than you think...

A relatively "smooth" way to hijack links would be to install an add-on in Firefox, so check your add-ons for any suspect ones.

TFM

Posted 2010-07-26T17:54:47.670

Reputation: 4 243

Check your DNS settings in the internet connection properties ensuring they are what you expect. Look for an altered hosts file in the Windows directory %SystemRoot%\system32\drivers\etc\

PMSawyer

Posted 2010-07-26T17:54:47.670

Reputation: 1

You can hard code the Google DNS servers in, this may correct the issue (if your host file isn't the issue).

Google Public DNS

Clint

Posted 2010-07-26T17:54:47.670

Reputation: 216