Undetectable malware?

Deleted member 398281

Deleted member 398281

Well-Known Member
OP
Newcomer
Level 3
Joined
Aug 15, 2016
Messages
95
Trophies
0
Location
Somewhere you don't know
XP
244
Country
Netherlands
Hi guys!
I got a little problem with my laptop. Malware. Every time I put the charger in my laptop, 3 internet pages are popping up and they bring me to just normal sites, which have nothing to do with phishing, fake prizes etc. I did a search on the internet but didn't find ANYTHING about how to solve it. I tried so many virus and malware scanners/removers but no success. Avast! Does block the sites because of detected threads, but when I run a scan of my full pc nothing was found.

By the use of Avast! Every time the pages popup the connection is reinitiated and I can see the URL that brings me to the sites:

http://www.admedialimited.com/monitize2.php?srcd=REEDADCI

I also did a search for admedia limited but the files that many sites advised me to delete, aren't on my pc.
Is there anyone who has this problem too or knows how to delete it? Thanks!

And no, I'm not that dumb to delete the system32 folder...:mellow:
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,348
Country
United Kingdom
Plugging it in is an odd one, I can see how it might happen (it is an event which can have a customised response so yeah) but it is new to me.

Anyway I am sure I could paw through the power settings and services to see how it is triggered, however that usually involves knowing what to look for and not a simple checklist type approach. If you want another thing to try, though it is quite a brute force approach, then I quite like combofix
http://www.bleepingcomputer.com/download/combofix/

It occurred to me though that I did not know the specifics of what went here and going looking for windows 7 at least https://cwl.cc/2012/02/schedule-task-when-pc-switches-from.html http://superuser.com/questions/121045/is-there-a-way-to-execute-a-program-on-power-events says simple options for it might not exist and it requires something a bit extra. To that end a more traditional going through startup or attached processes approach (I like http://www.gmer.net/#files but it is very powerful so be careful with it) should have revealed something. Maybe that changed in newer versions, I have no idea at this point and going through windows 8/10 power API changes is not my idea of a good Saturday afternoon.
 
Deleted member 398281

Deleted member 398281

Well-Known Member
OP
Newcomer
Level 3
Joined
Aug 15, 2016
Messages
95
Trophies
0
Location
Somewhere you don't know
XP
244
Country
Netherlands
Not needed, I did a look at combofix and I saw something about task scheduler and so I did a look at the registry files and task scheduler itself. Now, in task scheduler, there were 3 tasks, Ulta1, Ulta2 and Ulta3 which all had the task to open an internet page (the page I said) and they are triggered if: the power cable is plugged in, or if the pc is not in use for 1 hour (what I also experienced sometimes.) I restarted my laptop and now it isn't opening random pages anymore!:yay:
 
  • Like
Reactions: Deleted User, Tizm and Dominator211
FaTaL_ErRoR

FaTaL_ErRoR

AKA ŦƕƎ ƠṀƐƝ
Member
Level 4
Joined
Mar 9, 2014
Messages
491
Trophies
0
XP
443
Country
United States
My first question would have been is avast paid or free version?
Most of the paid antivirus programs use adware to pay for the program they gave you for free and to make you feel like downloading was a good choice.
When you plug in the laptop there is a setting that is different to the one when it is not. Somewhere in your performance settings you will find that.
Probably they keyring for wake up as you are having this happen when coming back from idle.
That is when the sites are opened and blocked by your antivirus. usually it's where they promt you to pay for the full version to get rid of this "horrible virus". I swear to you 90% of what you download has no virus or adware. Antivirus programs constantly push the unsafe world by injecting their own "virus" to make you think you must have one installed to be safe.
Track down those three tasks and find out what program is triggering them. I will bet you will find that avast is the culprit.
Simple logic if avast can detect those sites as not being good and blocking them then it can also detect the trigger.. That is unless it is coded to ignore it. Stop getting this crap av software that say they have free versions but also have paid versions.
Go open source. (it even works for windows)
http://www.clamav.net/
 
Deleted member 398281

Deleted member 398281

Well-Known Member
OP
Newcomer
Level 3
Joined
Aug 15, 2016
Messages
95
Trophies
0
Location
Somewhere you don't know
XP
244
Country
Netherlands
FaTaL_ErRoR said:
My first question would have been is avast paid or free version?
Most of the paid antivirus programs use adware to pay for the program they gave you for free and to make you feel like downloading was a good choice.
When you plug in the laptop there is a setting that is different to the one when it is not. Somewhere in your performance settings you will find that.
Probably they keyring for wake up as you are having this happen when coming back from idle.
That is when the sites are opened and blocked by your antivirus. usually it's where they promt you to pay for the full version to get rid of this "horrible virus". I swear to you 90% of what you download has no virus or adware. Antivirus programs constantly push the unsafe world by injecting their own "virus" to make you think you must have one installed to be safe.
Track down those three tasks and find out what program is triggering them. I will bet you will find that avast is the culprit.
Simple logic if avast can detect those sites as not being good and blocking them then it can also detect the trigger.. That is unless it is coded to ignore it. Stop getting this crap av software that say they have free versions but also have paid versions.
Go open source. (it even works for windows)
http://www.clamav.net/
Click to expand...
It was not avast, because I have the paid version (which has ended yesterday) btw in startup programs there was a program called chromium, a sort of beta-with-limited-functions google chrome. This is pretty weird, because I never heard from it. Also, the malware was alreadt there before installing avast a year ago, but last times they were not only popping up when I plug in the charger. And, because avast has ended (I didn't really liked it anyway) I think it's a good time for testing some open source stuff. I liked linux better then windows anyway, but the stability of linux was a little bit less for me (why I got dual-boot) anyway, the problem was solved, so I'll just continue my laptop fun ig...:mellow:
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Eiyuden Chronicle Hundred Heroes SAVE FILE

"New Windows driver blocks software from changing default web browser"

Windows 11 might not update if you have these popular apps installed

Still no Windows 11 minimum requirements HELP

What is something that You regret buying and it haunts you to this day?

Misc  So I have a bunch of empty DVD-R discs. What should I do with them?

VirtualBox - "Failed to create Medium Storage"

Do I have any free options to merge these two partitions?

General chit-chat
Help Users
  • No one is chatting at the moment.
    Materia_tofu @ Materia_tofu: this is true! i learned how to make soundfont remixes from a friend back in 2021 +1