Hey there ,
my office computer got infected with some sort of adware evil thing ,
Once or twice a day , when browsing to a website (no matter which) I get an iFrame with an overlay saying : "sponsored by [url I'm browsing to] and then it redirects me to some kind of an full page ad for some sort of naughty online gaming (I forgot the name but next time it happens I'll update here).
Anyway , this is the iframe html :
HTML:
<div class="asgds_content"><div class="asgds_header"><button class="asgds_close">x</button><h4 class="asgds_title">Sponsored by google.com </h4></div><div class="asgds_body"><iframe src="https://extsgo.com/view/teasers?id=191753" style="height: 873px; width: 100%;"></iframe></div><div class="asgds_footer"><button class="asgds_close_text">Close</button></div></div>
searching google for extsgo.com/view/teasers gives me nothing...
using chrome 53.0.2785.143 m on Windows 8.1
Who can help me with removing this stupid thing?
Thanks a lot.
Full Screen Flash might be the culprit?
I've had the same problem. I noticed when I uninstalled Full Screen Flash that it redirected me to extsgo.com as well... given some of the reviews intermittently complaining of advertising redirects, I think it's a distinctly possible culprit. Do you have that extension installed?
For what it's worth, this happened on both my home and work machines and Chrome is the only thing really shared between them. Home has MalwareBytes and McAfee, work has Trend Micro. No malware hits on either end, so I'm quite certain that some Chrome extension or another is responsible.
i had full screen flash shut it off and it solved the problem
well ,
it must be something else , since I never heard about this chrome extension...
Would appreciate more ideas about this issue.
Thanks
Hey ,
I think I got the name of this adware , it's called adnow , any reliable removal tool / guide?
Thanks
Me too
I have managed to end up with this thing too. I've seen it injected into both a site I'm hosting locally and sites across the web (both in Chrome; not seeing it injected when I'm in Firefox). I did not notice it until recently, as I typically use EFF's Privacy Badger, which blocks the actual injection script from loading. I've seen it block requests to extsgo.com and st.adxxx.com, neither of which is related to the local build of the project I'm working on where I see it injected.
It's definitely something (presumably an extension) that is getting synced via Chrome sync as I've noticed it in a Windows 10 installation on one machine and within a Linux VM inside a Windows 7 host OS on a different machine. All software fully up to date.
I see nothing I'm not expecting in terms of extensions and I do not have the "Full screen Flash" extension. Windows Defender has not found anything on the Win 10 install, nor on the Windows 7 one.
Is it perhaps another extension that got hijacked? I know sometimes developers sell extensions and malware makers acquire them for the instantly-installed userbase. Everything in the Chrome Web Store is supposedly scanned, of course, so who knows.
Anyone have any other ideas?
Thanks!
~tw
---------- Post added at 02:13 PM ---------- Previous post was at 01:19 PM ----------
Insert jQuery (not including link; you'll know if you have it) appears to have been the culprit extension. The behaviour I was seeing is consistent with this description: gist.github.com/jimbo1qaz/bc73a2491f0c39b7f206359f089dd79c complete with the redirection to a shady fake magazine URL when I uninstalled Insert jQuery, the issues went away. So this is consistent with a rash of extensions getting updated with updates that include new malware. I originally intended to install that extension....several years ago. I've been using it occasionally ever since.
(My) case closed.
This just happened to me as well. Exactly once on my work computer, then once on my home computer a few hours later, different sites. Both chrome, but different accounts and mostly different extensions. I'll compare extension lists and post the common ones when I get back to my work computer tomorrow. But I don't have either of the mentioned extensions installed.
This thread was the only google result for the url.
Edit: googling the id of the modal div, "asgds_modal", leads to a reddit thread with a few people complaining. They pointed out two new extensions, "http headers" and "w3schools hider". I'm guessing my culprit is the http headers one, as it is on both my computers.
I figured it out.
Live HTTP Headers extension is the culprit. A couple of days ago I checked that it was giving a 404 error for the JS script it was requesting from an AWS server. I thought some one would buy it. And the same thing happened I guess. The chrome web store page is not working for that extension. Most probably because it is removed. But, you people should uninstall that from your chrome browsers.
ant96 said:
Live HTTP Headers extension is the culprit. A couple of days ago I checked that it was giving a 404 error for the JS script it was requesting from an AWS server. I thought some one would buy it. And the same thing happened I guess. The chrome web store page is not working for that extension. Most probably because it is removed. But, you people should uninstall that from your chrome browsers.
Click to expand...
Click to collapse
Thank you man, you're my hero.
Hi guys!
I really need your help here please
I seem to have encountered a similar problem as you but i don't have the header http extension you all talked about
it's happen to me only on chrome in different sites, i get this "sponsored by adnow" ads
and i'm not sure what to do, it's on the exact same place where outbrain or taboola show their ads, and its cover it.
i think but not sure that the div id is sc_tblock_319318 and from what i understand it's block the original ad(by outbrain in this case and then it recreate a new one
Is there anyone here who could help me please? really i tried almost every thing...
sorry if my english is not perfect
and thanks in advance!
Related
I just upgraded to Titanium Backup Pro and after exiting the program my Browser pops up with this page advertising HotMusic for the Android with a sexy female photo. I exit the browser, and immediately my phone starts downloading the above app. I then get the message that HotMusic application was stopped from loading as it wasn’t from the Android Market. I checked ASTRO File Manager and under downloads I find aMusic201011_3.apk sitting there (with the female thumbnail photo), so I delete it, and run a Lookout malware scan. I’ve searched online as well as on the boards and don’t find any mention of this application or the site. My questions are, is this malware, and has any one else had this problem? Also, if I update to a different ROM will I still have the protection of some unwanted software being able to sideload onto my phone.
Thanks
tahoeflyer said:
I just upgraded to Titanium Backup Pro and after exiting the program my Browser pops up with this page advertising HotMusic for the Android with a sexy female photo. I exit the browser, and immediately my phone starts downloading the above app. I then get the message that HotMusic application was stopped from loading as it wasn’t from the Android Market. I checked ASTRO File Manager and under downloads I find aMusic201011_3.apk sitting there (with the female thumbnail photo), so I delete it, and run a Lookout malware scan. I’ve searched online as well as on the boards and don’t find any mention of this application or the site. My questions are, is this malware, and has any one else had this problem? Also, if I update to a different ROM will I still have the protection of some unwanted software being able to sideload onto my phone.
Thanks
Click to expand...
Click to collapse
I don't have Titanium Pro, but are there ads in it? Possible you clicked one?
In my experience with computers (ie: people using IE calling me to fix their malware), these sort of things often intentionally don't manifest themselves until a bit after their initial infestation.. My guess is so it's harder to determine where they came from.
What other programs have you installed recently? Honestly I still am not that quick to believe that there is malware going on, rather some accidental click or selection, but..
I'm surprised as well, but have come across hijacked respectable websites in the past, so I feel anything is possible. I did not have the browser open when the event took place, nor was it running in the background. I find it hard to believe that the developers of the Titanium package intentionally placed this package on it.
Is this possibly a new malware package or vulnerability exploit of the Android system (or am I just the lucky one)?
Do you still have the "aMusic201011_3.apk" which was downloaded? Might make to easier to figure out
khaytsus said:
I don't have Titanium Pro, but are there ads in it? Possible you clicked one?
In my experience with computers (ie: people using IE calling me to fix their malware), these sort of things often intentionally don't manifest themselves until a bit after their initial infestation.. My guess is so it's harder to determine where they came from.
What other programs have you installed recently? Honestly I still am not that quick to believe that there is malware going on, rather some accidental click or selection, but..
Click to expand...
Click to collapse
Joel doesn't include ads in his app. It's all ad-free and purely run off donations, which I'm sure he receives a lot of.
But I agree with you that OP probably mis-tapped something and thats what caused all this.
Thanks, maybe it was a faulty thumb
Thank you for your responses. It's possible that my thumb hit an ad, it happened very quickly after paying for the pro/premium version. My first inclination was to stop the browser, and then delete the program, so unfortunately I did not keep a copy.
There has not been any further problems with the phone, so consider this post finished. Thanks
Since upgrading to ICS several days ago, two websites that I frequently visit on my tab are malfunctioning - seems to be javascript-related and somewhat browser independent. The sites are pcworld.com and nbcnews.com. In general, on pcworld.com, links don't work. Nothing happens when I tap them (they do highlight in light blue - that's all). On nbcnews.com, which forces the mobile site using some browsers, the links to stories and the down arrow to "show more stories" don't work. Both of these situations (pcworld and nbcnews) exist for the stock browser, Dolphin, and Chrome (also installed and tried Maxthon and Skyfire just to check - same issue there), but both sites work fine in Firefox and Opera. However, if I disable javascript in Dolphin, pcworld.com works fine, and I can link to stories on nbcnews. The "show more stories" in nbcnews.com still doesn't work but the screen behaves a bit differently when I tap it. Chrome, by the way, pretty much goes non-functional if I disable javascript in it - none of the browser control buttons such as bookmarks, recent sites, etc. work at all.
Pcworld was definitely working before going to ICS. I think nbcnews had gotten a little squirrelly. My conclusion that it's a javascript issue is based on the fact that disabling javascript restores link function to pcworld and at least to the nbcnews.com stories. Any thoughts?
polonium101 said:
Since upgrading to ICS several days ago, two websites that I frequently visit on my tab are malfunctioning - seems to be javascript-related and somewhat browser independent. The sites are pcworld.com and nbcnews.com. In general, on pcworld.com, links don't work. Nothing happens when I tap them (they do highlight in light blue - that's all). On nbcnews.com, which forces the mobile site using some browsers, the links to stories and the down arrow to "show more stories" don't work. Both of these situations (pcworld and nbcnews) exist for the stock browser, Dolphin, and Chrome (also installed and tried Maxthon and Skyfire just to check - same issue there), but both sites work fine in Firefox and Opera. However, if I disable javascript in Dolphin, pcworld.com works fine, and I can link to stories on nbcnews. The "show more stories" in nbcnews.com still doesn't work but the screen behaves a bit differently when I tap it. Chrome, by the way, pretty much goes non-functional if I disable javascript in it - none of the browser control buttons such as bookmarks, recent sites, etc. work at all.
Pcworld was definitely working before going to ICS. I think nbcnews had gotten a little squirrelly. My conclusion that it's a javascript issue is based on the fact that disabling javascript restores link function to pcworld and at least to the nbcnews.com stories. Any thoughts?
Click to expand...
Click to collapse
Could someone with ICS on a 7.7 tab, preferably Verizon, try to navigate either of these sites and let me know if the problem is unique to my device? Thanks.
i dont have verizon tab... just a normal usual 7.7... but still both site show problem like the one you post.
edan1979 said:
i dont have verizon tab... just a normal usual 7.7... but still both site show problem like the one you post.
Click to expand...
Click to collapse
Thanks for checking. You are running ICS, right?
yup.. one of my device running on pure stock ics and another running on PA2.5
polonium101 said:
Since upgrading to ICS several days ago, two websites that I frequently visit on my tab are malfunctioning - seems to be javascript-related and somewhat browser independent. The sites are pcworld.com and nbcnews.com. In general, on pcworld.com, links don't work. Nothing happens when I tap them (they do highlight in light blue - that's all). On nbcnews.com, which forces the mobile site using some browsers, the links to stories and the down arrow to "show more stories" don't work. Both of these situations (pcworld and nbcnews) exist for the stock browser, Dolphin, and Chrome (also installed and tried Maxthon and Skyfire just to check - same issue there), but both sites work fine in Firefox and Opera. However, if I disable javascript in Dolphin, pcworld.com works fine, and I can link to stories on nbcnews. The "show more stories" in nbcnews.com still doesn't work but the screen behaves a bit differently when I tap it. Chrome, by the way, pretty much goes non-functional if I disable javascript in it - none of the browser control buttons such as bookmarks, recent sites, etc. work at all.
Pcworld was definitely working before going to ICS. I think nbcnews had gotten a little squirrelly. My conclusion that it's a javascript issue is based on the fact that disabling javascript restores link function to pcworld and at least to the nbcnews.com stories. Any thoughts?
Click to expand...
Click to collapse
I am currentlyon stock ICS DDLP5. it works fine with the stock browser. Also works with dolphin, firefox chrome and opera. No issues.
So now some people are actually getting the update from Verizon, and these websites seem to be working fine for them. I upgraded per Electron73's post. What might be different about my tab now than those who are getting upgraded by Verizon that would cause this issue?
Is it possible that the problem is that Electron73's instructions by which I upgraded to ICS result in a rooted device? I'm totally ignorant of this stuff and have no idea what possible problems could arise from being rooted. If that could be the problem, how can I unroot? I have no need to be rooted.
rooting only opening an acces to the device with administrator account... it only put 2 files to your device... one is a program to govern the root... superuser or supersu and another one is system/xbin/su binary files. that's it... to fully unroot you just need to delete this 2 files from your device.
edan1979 said:
rooting only opening an acces to the device with administrator account... it only put 2 files to your device... one is a program to govern the root... superuser or supersu and another one is system/xbin/su binary files. that's it... to fully unroot you just need to delete this 2 files from your device.
Click to expand...
Click to collapse
Thanks. I've done that now. I didn't really think that would fix my problem, and it didn't.
I've read that people who got their tab updated by Verizon / Samsung (many by sending them in) have i815.07 V.LP10 / I815LP10 (note the .07) vs. the .04 that I have installed. Possible issue?
polonium101 said:
Thanks. I've done that now. I didn't really think that would fix my problem, and it didn't.
I've read that people who got their tab updated by Verizon / Samsung (many by sending them in) have i815.07 V.LP10 / I815LP10 (note the .07) vs. the .04 that I have installed. Possible issue?
Click to expand...
Click to collapse
That's what I'm thinking. I wish electron could get an updated version. My wife is tired of seeing some elements on some of her favorite websites just not show up (images, links, etc). No way I'm unrooting until Verizon/Samsung get their OTA mess sorted out though.
As I mentioned, the websites that aren't working for me are failing in the stock browser, dolphin, chrome, and every other browser I've tried except Firefox, Opera, and now Puffin. Tonight I stumbled upon how to view the javascript console in the stock browser. When I view the javascript console after attempting to follow a link to an article on pcworld.com, I see a long ULR (with static.ak.facebook.com in the middle), followed by the console message "Given URL is now allowed in the Application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains." there is a different message about Viewport argument value "device-width;" when I try to navigate the mobile nbcnews.com website. Pcworld works fine if I disable javascript; on the nbcnews mobile site, I can link to articles with javascript disabled but I still can't "Show more stories." Wierdly, about every 1000 tries or so (literally), a link or "Show more stories" will randomly work with javascript enabled, but only for one try.
Any ideas??
Yet another issue - hitting the back button in the stock browser, Dolphin, etc., usually doesn't take me to the previous visited webpage; it just reloads the current page (with some exceptions). If not for Opera and Firefox, my tab would basically be useless for web browsing. (Interestingly, Chrome does not have this issue even though it shares the stock browser and Dolphin's issue of not being able to follow links on nbcnews.com, pcworld.com, etc.) I like the device but am starting to wonder if I should give it up... Any idea if reverting to Honeycomb (!) would restore web browsing? HC was crap but at least I could use the browser.
Based on a little back and forth with Dolphin support and some deductive reasoning, it seems clear to me that any webkit-based browser is going to give me the same issues. I read this morning that Opera is getting ready to abandon its in-house web engine in favor of webkit. That will leave me with just Firefox and Puffin (which some say is insecure and in any case lacks a lot of basic features), neither of which I really like using.
So something seems inherently broken in webkit in the i815.04 V.LP10 version of ICS I have installed. I suppose many don't use their tablets extensively for web browsing so maybe this isn't an issue for most users, but I do browse a lot with it and now feel like my tab is "broken" (sort of the way I felt with Honeycomb that prompted me not to wait for Verizon to fix its failed update). I went so far as to buy a Nexus 7 yesterday morning, but I really didn't like the display and returned it in the afternoon.
I think in Electron73's post there was a link to a download that could be applied to return the tab to Honeycomb. Is that true, and if so has anyone tried reverting and then getting ICS through the OTA update? (It seems that people who have v.07 instead of .04 don't have the browsing problems I've been posting about.) If I reverted to Honeycomb (assuming that's possible) and couldn't get the update OTA, would Verizon / Samsung detect that it had been modified if I tried to get the update by sending it in as so many have had to do? Any other thoughts on possible fixes? Obviously I am pretty ignorant...
polonium101 said:
Based on a little back and forth with Dolphin support and some deductive reasoning, it seems clear to me that any webkit-based browser is going to give me the same issues. I read this morning that Opera is getting ready to abandon its in-house web engine in favor of webkit. That will leave me with just Firefox and Puffin (which some say is insecure and in any case lacks a lot of basic features), neither of which I really like using.
So something seems inherently broken in webkit in the i815.04 V.LP10 version of ICS I have installed. I suppose many don't use their tablets extensively for web browsing so maybe this isn't an issue for most users, but I do browse a lot with it and now feel like my tab is "broken" (sort of the way I felt with Honeycomb that prompted me not to wait for Verizon to fix its failed update). I went so far as to buy a Nexus 7 yesterday morning, but I really didn't like the display and returned it in the afternoon.
I think in Electron73's post there was a link to a download that could be applied to return the tab to Honeycomb. Is that true, and if so has anyone tried reverting and then getting ICS through the OTA update? (It seems that people who have v.07 instead of .04 don't have the browsing problems I've been posting about.) If I reverted to Honeycomb (assuming that's possible) and couldn't get the update OTA, would Verizon / Samsung detect that it had been modified if I tried to get the update by sending it in as so many have had to do? Any other thoughts on possible fixes? Obviously I am pretty ignorant...
Click to expand...
Click to collapse
It seems as if my browsing issues may not be similar to what you're experiencing. What I was seeing on my wife's was images not showing up on certain shopping websites (no matter what browser she used) , and sponsored links not working in Google searches. I discovered the problem: the hosts file is NOT stock, and is set to block a lot of sites, or elements within them. I removed every entry in the file except for 127.0.0.1 localhost, and EVERY problem she was having has disappeared!
PookiePrancer said:
It seems as if my browsing issues may not be similar to what you're experiencing. What I was seeing on my wife's was images not showing up on certain shopping websites (no matter what browser she used) , and sponsored links not working in Google searches. I discovered the problem: the hosts file is NOT stock, and is set to block a lot of sites, or elements within them. I removed every entry in the file except for 127.0.0.1 localhost, and EVERY problem she was having has disappeared!
Click to expand...
Click to collapse
How did you do that?
polonium101 said:
How did you do that?
Click to expand...
Click to collapse
It was a bit of a PITA at first since none of my edits would stick. Finally found an app called Hosts Editor Pro in the Store. Soon as you open it up, it seems to replace the current file with a very basic one. Once I rebooted after that, I checked the contents of the file, and only the one entry was there.
PookiePrancer said:
It was a bit of a PITA at first since none of my edits would stick. Finally found an app called Hosts Editor Pro in the Store. Soon as you open it up, it seems to replace the current file with a very basic one. Once I rebooted after that, I checked the contents of the file, and only the one entry was there.
Click to expand...
Click to collapse
So do you happen to know if she can follow links on the sites I mentioned (nbcnews.com, pcworld.com) without any problem? And go back to the previous page by hitting the back button? I think one person replied to my original question that they could not, but I'm still trying to figure out if it's some anomaly or a universal result of updating to 4.0.4 in this manner.
polonium101 said:
So do you happen to know if she can follow links on the sites I mentioned (nbcnews.com, pcworld.com) without any problem? And go back to the previous page by hitting the back button? I think one person replied to my original question that they could not, but I'm still trying to figure out if it's some anomaly or a universal result of updating to 4.0.4 in this manner.
Click to expand...
Click to collapse
Tried both sites, and every action you described, and both sites work perfectly, pop-up ads and all.
When you flashed electrons build, did you use the wipe version, or not?
PookiePrancer said:
Tried both sites, and every action you described, and both sites work perfectly, pop-up ads and all.
When you flashed electrons build, did you use the wipe version, or not?
Click to expand...
Click to collapse
I tried to no-wipe first, but it hung for about a half hour, so I went back and did the wipe version.
I've given up on it. I'm giving the tab to my daughter, who won't care about a few browsing incoveniences. I went to Verizon today and bought a new one. I was nervous because I planned to return it if it wouldn't get ICS OTA and they said there would be a $70 restocking fee. But when they stuck the SIM card in and started setup, I could see that it already had ICS on it (the bright blue circle was spinning). The setup didn't look fresh (didn't start with the setup wizard or whatever it's called -- booted directly into the default homepage), even though the tab was sold as new and certainly appears to be. Also, Baseband is i815.04, not .07. My uneducated guess is that the've taken new ones in the warehouse that had Honeycomb and flashed ICS, then shipped them to the stores, so they won't have to deal with all the the returns.
I received an email from a family member, but it was obviously a spam/malware email not sent by them. I know not to blindly open, and click on any links, but I do research on the emails to see if I can find out where it came from, and what kind of threat it really is. It only contained a simple line of text with a link as seen below in the first screenshot. If you expand the link it points to the second screenshot which redirects to gxfox(dot)com which is flagged as a bad site by WOT, but Virustotal, Lookout, along with other anti-virus scans say it's a safe site.
I tried searching for more info, but nothing really came up, but I did see a preview of the site as a spam site for some raspberry ketone thing on a security preview site I use, so I decided to try to open it on my phone thinking what could really happen on an Android? I used my Nexus One running CM7.2 with both security exploits patched, and also Lookout with the premium package enabled. When I clicked on the link the browser opened, and it tried to redirect to the gxfox(dot)com, but instead the page just tried to load "official.androidsecuritybox.ru/securitypatch", and I only had a blank white page that never did load anything. The page never finished loading either as it was stuck on this address. I mean you know when a page finishes loading as you can click the refresh, or when it's loading you click the stop. Well I tried clicking the stop, but nothing happened, so I had to just end the browser via task manager.
Long story short I can't find any info on "official.androidsecuritybox.ru/" I did get results for some similar things that had "data" instead of "box" at the end, but no real info if this is a security feature of the Android system/browser, or from some other app/setting.
Does anyone know of this?
Never heard of it, but it probably isn't a good idea to go on the site if you think the email was sent because of a malicious program. Done a Google and I can't find anything either. Do a virus scan on your Android (AVG can do this, not sure about Lookout) and see if the site has installed anything dodgy onto your Nexus One.
Orange
OrangeFlash81 said:
Never heard of it, but it probably isn't a good idea to go on the site if you think the email was sent because of a malicious program. Done a Google and I can't find anything either. Do a virus scan on your Android (AVG can do this, not sure about Lookout) and see if the site has installed anything dodgy onto your Nexus One.
Orange
Click to expand...
Click to collapse
Nothing was installed. I did multiple scans with AV, and searched with file explorers to see if any folders have been changed. Nothing happened. I took it a step more, and tried to open the address in a regular browser on a PC that is safe guarded, and it wouldn't open there either. I used Chrome, and all that returned was the white blank page saying the address couldn't be reached. I'm really thinking it's the Android Security doing it's job by blocking what would have been a phishing/malware site, and then Chrome just didn't know what to do with the address because it's really not a website. I'm just one of those people who don't like to rest without knowing exactly what something is. :fingers-crossed:
Hey guys!
This is my first post here, and I come with a problem that affects 2/3 android devices and possibly one desktop PC (Windows).
The problem:
I have malware on my devices and said malware redirects my current page to a russian advertising one. Most of the time i'm redirected to one that activates the vibration, knows the device i'm currenty using and says that I should run a virus scan with AVG.
If I hit return, the page just reloads, If I hit it enough times, I lose the page I was visiting as if I hadn't visited it in the first place.
Here
Code:
imgur.com/a/5dvVR
are some of the URLs I'm redirected to and sometimes, I happen to suffer the problem on the last page, where an ad sits in the middle of the page I'm visiting and If I close it, another tab opens and leads me to the addresses above.
Symptoms:
This problem happens with Google Chrome, Mozilla Firefox and the built-in browser of "Reddit is fun".
This problem happens with and without a WiFi connection. It is more common to happen while on WiFi vs on mobile.
Sites like knowyourmeme.com, foxtrotalfa.jalopnik.com and albums on imgur.com can trigger the malware.
Devices:
Definitively affected:
Lg G2 D-802 , Android 4.4.2
Galaxy Tab S 10.5" SM-T800, Android 5.0.2
Probably affected but not 100% proven:
Huawei Y600 (another carrier, but the problem happened on my GF's WiFi rarely on mobile), workphone
A desktop PC (the ad blocking the page happened just once)
Networks
This desktop PC is my GF's. It's in her WiFi signal that I usually connect and update the apps on my devices. In my house's WiFi the problem seems to happen as well on my devices but not on my Desktop PC (or perhaps it does, but I have ublock origin on my browsers).
However, I can trigger this problem on my G2's carrier Movistar and not on the Huawei's Carrier Telcel.
Working on the problem:
Disabling scripts
The very first thing I did was testing disabling scripts (as suggested by one page I found on google), It did work, to some extent. However, I knew that this wasn't a solution but a workaround.
Suspicious APPs
I know that apps are the main entrance for malware and since the problem DID happened on both devices (G2 and Galaxy Tab) It.HAD to be a common app, so I made a list of common apps and started by the less trustworthy.
I uninstalled and tested Advice animal creator, BS player free, zooper pro, Days counter widget, Disk Usage,electrodroid, ****ing weather, Google tasks organizer lite, GPS test, meme generator, system info for android,reddit is fun , add watermark and Think.
Keep in mind that these apps fill the criteria in which both are present on the phone and tablet and are suspicious to me (a very ambiguous term), however, I'm not stating that any of these have malware on them.
Sadly, after uninstalling and testing on the phone, the problem persisted.
G2's Factory restoration (Through options menu, not recovery menu)
After going through a factory restoration on the phone, the problem persisted. The only things I had installed were Reddit is fun, facebook and whatsapp.My request to you guys:
After all ofthis wall of text (in which I show the symptoms, what I've done, etc) , here comes my request.
Can you guys point me to the right direction?
I just don't want to wipe my devices without knowing what is the problem, how to eliminate it and, MOST IMPORTANTLY, how to prevent it.
What I want to discard is if the problem comes from my GF's network (If that is the case, a factory-through-recovery restoration would be useless), an app or just random malvertising.
I would hate to wipe my cellphone and tablet everytime I jump into this problem and that is not practical for me, I prefer a head-on approach.
Thanks in advance guys!
Hi!
First, here is a little info on avoiding Malware, http://forum.xda-developers.com/general/general/guide-simple-steps-to-avoid-installing-t3000682
And another, http://forum.xda-developers.com/nexus-6/general/guide-little-guide-to-security-privacy-t3042460
As far as Malware you already have....there are malware removal tools on the Play Store...many of them to try.
And if all else fails, here are the device sections or the mobile devices you have.....you could ask for help in the Q&A sections...
http://forum.xda-developers.com/lg-g2
http://forum.xda-developers.com/galaxy-tab-s
Now, if you want to ask about all in one, and the PC....you could try asking or help here...http://forum.xda-developers.com/android/help
Good luck!
Darth said:
Hi!
First, here is a little info on avoiding Malware, http://forum.xda-developers.com/general/general/guide-simple-steps-to-avoid-installing-t3000682
And another, http://forum.xda-developers.com/nexus-6/general/guide-little-guide-to-security-privacy-t3042460
As far as Malware you already have....there are malware removal tools on the Play Store...many of them to try.
And if all else fails, here are the device sections or the mobile devices you have.....you could ask for help in the Q&A sections...
http://forum.xda-developers.com/lg-g2
http://forum.xda-developers.com/galaxy-tab-s
Now, if you want to ask about all in one, and the PC....you could try asking or help here...http://forum.xda-developers.com/android/help
Good luck!
Click to expand...
Click to collapse
Thanks Darth!
But as I said, I tried several apps and didn't find anything wrong.
However, I switched my focus to the possibility of a router infection, and oh surprise it seems to be the rootcause.
Here are some links that report being redirected on several devices to ads pages (I use code since I can't post links in a new account), in this case adsmatte.com:
Code:
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/how-to-get-rid-of-adsmattecom-adware-opening/06b20667-586a-4ebd-9876-6d28c8528a1f?page=1
https://discussions.apple.com/thread/7052365
http://forums.androidcentral.com/moto-g-2014/528571-adware-redirects-most-websites-how-can-i-get-rid.html
http://www.asus.com/zentalk/forum.php?mod=viewthread&tid=8189&extra=&page=1
Then I tried searching for the page I get redirected to, somethingsomething.epara.ru, so I searched that last common part epara.ru (I thought I had done this before ):
Code:
http://forum.kaspersky.com/index.php?showtopic=334600
https://warosu.org/g/thread/S50749199
http://www.xataka.com/respuestas/malware-adware-en-todos-mis-dispositivos (SPANISH)
What is VERY suspicious is that many of the results, suggest downloading "Spy hunter".
Here are some examples:
Code:
http://solvepcproblem.com/remove-359198-epara-ru/
http://removevirusvideo.com/stop-epara-ru-from-redirecting-epara-ru-removal-tips/
Now, how do you solve it?
Simple:
Disconnect from any WiFi, clear your browser's cache (and even your OS's). CCleaner does a pretty good job for this.
Then go to your suspicious router and factory reset it (or ask your ISP to do that remotely) and update its firmware. After all thosesteps, you can connect again.
What the malware does is change your DNS towards a malicious one.
I haven't done that reset to my GF's router, but that should solve the problem.
Thansk for everything, and I hope this works for somebody else!
Glad you got it sorted. If you want to find further help on anything, use the links I suggested... And if you want to post info to help others, you could post here, http://forum.xda-developers.com/general/general
I'll close this thread now.
:good:
I am unable to remove annoying pop coming from any web browser I tried to install and use on my new Xperia Premium XZ including Chrome and Firefox. It looks like my phone gets DNS hijacked and randomly few times a day it pops this message - see attached screenshots.
I tried to Google solution, none I found worked including clearing data and cache of these apps, completely reinstalling them.
I tried premium Adware Malwarebytes and it does not detect anything wrong with the phone.
I also activated premium version of AVG but full scan has not discovered any issues.
At this point I ran out of options.
I can't believe there is no clear explanation anywhere about this so called Four Virus neither reference about it with respect to Oreo 8.0.0.
Am I the only Oreo user which has this issue?
Reseting my phone to factory defaults is last thing I would want but could do. Just trying to see other options before executing such drastic solution.
Any ideas are very appreciated.
Hi there
You caught a simple flu, but u probably need Safe Mode to remove it. Follow instructions here => https://forums.androidcentral.com/a...30081-guide-malware-adware-popup-removal.html
Good luck, and keep us posted,
Van
This is well-known problem, widely described on the Net. There's nothing wrong with your phone. There's no malware on the phone itself, which is why the anti-malware tools do not find anything.
What you see is a result of a server-side problem. Either the web page you were trying to visit got hijacked, or an ad provider that displays ads on that page got hijacked, or some DNS entry got hijacked. They used some kind of server-side exploit to redirect your browser to the above fake page. It is ordinary scareware, trying to scare you into purchasing a piece of software you don't really need (and it is useless crap anyway). If you were visiting a legitimate web site at the time this popup appeared, the site owners are most likely already aware of the problem. They will fix it shortly and the problem will go away.
At this time, just to make sure noting is cached on our phone after they fix the issue, a good idea might be to find your browser app in the app list and as Android to clear app data.