Undetectable malware?

Deleted member 398281

Deleted member 398281

Well-Known Member
OP
Newcomer
Level 3
Joined
Aug 15, 2016
Messages
95
Trophies
0
Location
Somewhere you don't know
XP
244
Country
Netherlands
Hi guys!
I got a little problem with my laptop. Malware. Every time I put the charger in my laptop, 3 internet pages are popping up and they bring me to just normal sites, which have nothing to do with phishing, fake prizes etc. I did a search on the internet but didn't find ANYTHING about how to solve it. I tried so many virus and malware scanners/removers but no success. Avast! Does block the sites because of detected threads, but when I run a scan of my full pc nothing was found.

By the use of Avast! Every time the pages popup the connection is reinitiated and I can see the URL that brings me to the sites:

http://www.admedialimited.com/monitize2.php?srcd=REEDADCI

I also did a search for admedia limited but the files that many sites advised me to delete, aren't on my pc.
Is there anyone who has this problem too or knows how to delete it? Thanks!

And no, I'm not that dumb to delete the system32 folder...:mellow:
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,403
Country
United Kingdom
Plugging it in is an odd one, I can see how it might happen (it is an event which can have a customised response so yeah) but it is new to me.

Anyway I am sure I could paw through the power settings and services to see how it is triggered, however that usually involves knowing what to look for and not a simple checklist type approach. If you want another thing to try, though it is quite a brute force approach, then I quite like combofix
http://www.bleepingcomputer.com/download/combofix/

It occurred to me though that I did not know the specifics of what went here and going looking for windows 7 at least https://cwl.cc/2012/02/schedule-task-when-pc-switches-from.html http://superuser.com/questions/121045/is-there-a-way-to-execute-a-program-on-power-events says simple options for it might not exist and it requires something a bit extra. To that end a more traditional going through startup or attached processes approach (I like http://www.gmer.net/#files but it is very powerful so be careful with it) should have revealed something. Maybe that changed in newer versions, I have no idea at this point and going through windows 8/10 power API changes is not my idea of a good Saturday afternoon.
 
Deleted member 398281

Deleted member 398281

Well-Known Member
OP
Newcomer
Level 3
Joined
Aug 15, 2016
Messages
95
Trophies
0
Location
Somewhere you don't know
XP
244
Country
Netherlands
Not needed, I did a look at combofix and I saw something about task scheduler and so I did a look at the registry files and task scheduler itself. Now, in task scheduler, there were 3 tasks, Ulta1, Ulta2 and Ulta3 which all had the task to open an internet page (the page I said) and they are triggered if: the power cable is plugged in, or if the pc is not in use for 1 hour (what I also experienced sometimes.) I restarted my laptop and now it isn't opening random pages anymore!:yay:
 
  • Like
Reactions: Deleted User, Tizm and Dominator211
FaTaL_ErRoR

FaTaL_ErRoR

AKA ŦƕƎ ƠṀƐƝ
Member
Level 4
Joined
Mar 9, 2014
Messages
491
Trophies
0
XP
443
Country
United States
My first question would have been is avast paid or free version?
Most of the paid antivirus programs use adware to pay for the program they gave you for free and to make you feel like downloading was a good choice.
When you plug in the laptop there is a setting that is different to the one when it is not. Somewhere in your performance settings you will find that.
Probably they keyring for wake up as you are having this happen when coming back from idle.
That is when the sites are opened and blocked by your antivirus. usually it's where they promt you to pay for the full version to get rid of this "horrible virus". I swear to you 90% of what you download has no virus or adware. Antivirus programs constantly push the unsafe world by injecting their own "virus" to make you think you must have one installed to be safe.
Track down those three tasks and find out what program is triggering them. I will bet you will find that avast is the culprit.
Simple logic if avast can detect those sites as not being good and blocking them then it can also detect the trigger.. That is unless it is coded to ignore it. Stop getting this crap av software that say they have free versions but also have paid versions.
Go open source. (it even works for windows)
http://www.clamav.net/
 
Deleted member 398281

Deleted member 398281

Well-Known Member
OP
Newcomer
Level 3
Joined
Aug 15, 2016
Messages
95
Trophies
0
Location
Somewhere you don't know
XP
244
Country
Netherlands
FaTaL_ErRoR said:
My first question would have been is avast paid or free version?
Most of the paid antivirus programs use adware to pay for the program they gave you for free and to make you feel like downloading was a good choice.
When you plug in the laptop there is a setting that is different to the one when it is not. Somewhere in your performance settings you will find that.
Probably they keyring for wake up as you are having this happen when coming back from idle.
That is when the sites are opened and blocked by your antivirus. usually it's where they promt you to pay for the full version to get rid of this "horrible virus". I swear to you 90% of what you download has no virus or adware. Antivirus programs constantly push the unsafe world by injecting their own "virus" to make you think you must have one installed to be safe.
Track down those three tasks and find out what program is triggering them. I will bet you will find that avast is the culprit.
Simple logic if avast can detect those sites as not being good and blocking them then it can also detect the trigger.. That is unless it is coded to ignore it. Stop getting this crap av software that say they have free versions but also have paid versions.
Go open source. (it even works for windows)
http://www.clamav.net/
Click to expand...
It was not avast, because I have the paid version (which has ended yesterday) btw in startup programs there was a program called chromium, a sort of beta-with-limited-functions google chrome. This is pretty weird, because I never heard from it. Also, the malware was alreadt there before installing avast a year ago, but last times they were not only popping up when I plug in the charger. And, because avast has ended (I didn't really liked it anyway) I think it's a good time for testing some open source stuff. I liked linux better then windows anyway, but the stability of linux was a little bit less for me (why I got dual-boot) anyway, the problem was solved, so I'll just continue my laptop fun ig...:mellow:
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Eiyuden Chronicle Hundred Heroes SAVE FILE

What is something that You regret buying and it haunts you to this day?

Gaming  San Andreas co-op mode history?

I need help with my oculus quest 2

Is Ace Combat 7 "Unknown skies" any good?

Anti-Malware 1.75.0.1300 update database stopped working after 3-13-2024

What's the best Switch style gaming handheld?

DisplayPort dummy plug problem

General chit-chat
Help Users
  • BigOnYa @ BigOnYa:
    My biggest prob is alcohol, definitely is fattening
  • K3Nv2 @ K3Nv2:
    I know when to stop at least honestly don't get those that go and go with food
  • BigOnYa @ BigOnYa:
    Or those that order 2 big macs , large fry, ice cream sundie, then a diet coke
  • K3Nv2 @ K3Nv2:
    I might get downing two big macs but nah that's it
  • BigOnYa @ BigOnYa:
    Ok that will be $15.99, cash or charge?
  • K3Nv2 @ K3Nv2:
    My go to orders usually a mcdouble and a mcchicken and I'm happy rarely mess with fries
  • K3Nv2 @ K3Nv2:
    Pro tip ask for that clowns jizzmac sauce on your mcdouble
     +1
  • BigOnYa @ BigOnYa:
    Do they charge extra when you add sauce,etc? I know burger king used to not, but don't know nowadays
  • K3Nv2 @ K3Nv2:
    They may squrit it for free if you ask nice
     +1
  • K3Nv2 @ K3Nv2:
    Last time I got bk it was 35c per sauce fuck you king of my nutsack
     +1
  • K3Nv2 @ K3Nv2:
    I'll buy a bottle of baby rays BBQ for $2 and add it from home out of spite
     +1
  • BigOnYa @ BigOnYa:
    I like baby rays, my favorite is KC masterpiece tho. Figured all you could buy is that there.
  • K3Nv2 @ K3Nv2:
    The metro doesn't discriminate good sauce
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    Baby Rays isn't that what killed the crocodile hunter?
  • Psionic Roshambo @ Psionic Roshambo:
    If only he had done an endorsement for them....
  • Psionic Roshambo @ Psionic Roshambo:
    Oy mate don't let a bad bbq sauce kill your party! Baby Rays are killing it!! The flavor hits you right in the chest!
     +1
  • Xdqwerty @ Xdqwerty:
    My phone only has 13% battery so i don't have much time left
  • Xdqwerty @ Xdqwerty:
    Now 12%
  • BigOnYa @ BigOnYa:
    Happy birthday, btw
  • Psionic Roshambo @ Psionic Roshambo:
    Time is running out for your phone!
  • Psionic Roshambo @ Psionic Roshambo:
    Sign up with Emperor Phone plan for unlimited power!!! And minutes!!!
  • Psionic Roshambo @ Psionic Roshambo:
    https://youtu.be/aKWVCv8uWDI?si=nPoMq7Ga_-qIk09q
     +1
  • SylverReZ @ SylverReZ:
    https://www.youtube.com/watch?v=XKjjYGUi4G4
     +2
  • AdenTheThird @ AdenTheThird:
    https://youtu.be/JmSqorj-EC0?si=vYqR8D7FZeO4N-TH
    At 1 AM, this video is the funniest thing in the world
     +1
  • K3Nv2 @ K3Nv2:
    Notes on Android got some cool new features like dropping a image in
    K3Nv2 @ K3Nv2: Notes on Android got some cool new features like dropping a image in