0

I have a Windows 7 (64) PC with Microsoft security essentials running and up to date. I have recently found that when I load certain websites which never previously contained adverts, now they do. I.e. I view the website (e.g. news.bbc.co.uk), everything looks normal, but then some ads appear inserted into the text. Clearly I have some sort of malware, but no software I have tried appears able to detect it. I have run adaware - all clear. Trend micro's housecall - all clear, Kaspersky's TDSSKiller - no threats found, malwarebytes - zilch. I have uninstalled all software that has been installed recently. The errors appear on both chrome and firefox, but not internet explorer.

I wonder if the corruption is working at some different level altogether that fundamentally cannot be detected by virus scanners.

I have a laptop connected wirelessly to the same network and no such ads appear on that.

Any ideas?

EDIT: Just noticed that there are references to "aducky" in my registry.

EDIT: also now tried both Sophos and Norton. Both say nothing found.

EDIT: Here is an example screenshot viewing a website with chrome.

bbc news viewed in chrome

EDIT: and here is process explorer...

enter image description here

Improve this question
10
  • What browser exactly did you see this appear in?
    – Simon Sheehan
    Commented May 18, 2014 at 15:17
  • 1
    try the free version of malwarebytes
    – cybernard
    Commented May 18, 2014 at 16:32
  • @cybernard: Sorry, forgot to mention I tried that too. Now edited in OP.
    – Mick
    Commented May 18, 2014 at 16:46
  • 1
    First of all, remove all extensions. Second, don't trust all that AVs you listed upper. Install a serious antivirus (even a trial version) and scan your computer (I'd recommend Kaspersky, Norton, Sophos). And TDSSKiller is a rootkit removal tool, it can't help you.
    – Jet
    Commented May 18, 2014 at 20:15
  • @jet: just tried sophos - all clear.
    – Mick
    Commented May 19, 2014 at 2:52

2 Answers 2

Reset to default
1

I wrote an answer to a case very similar to your case with the exception that the adware you experience is just with Chrome and Firefox and not with IE: Where is this error coming from

Sometimes these adverts come with a title bar. If yours does, see if it has a corresponding entry under Programs and Features.

You can use Sysinternals' Process Explorer to see if there are any suspicious child processes running under FF/Chrome. I have seen this before. If you haven't heard of this tool, it's essentially a souped-up version of Task Manager.

You can also use Sysinternals' Autoruns to check for any suspicious modifications to the operating system's autostart points. If you haven't heard of this tool it's essentially a souped-up version of msconfig's Startup tab. I suspect an autostart point may have been modified to allow the adware to startup automatically, so Autoruns should help you find this. In my other reply, I suggested it was worth it if you checked the Internet Explorer tab to check for anything suspicious. In your case, however, because it happens with Firefox/Chrome then you'll have to go through all the entries (there's a lot to go through) under the Everything tab.

Good luck.

Improve this answer
0

This sounds like you may have an extension/plug-in that uses SuperFish or its ilk. Here's a long thread on Google Groups, containing names of many extensions that secretly/blatantly added that monstrosity. (In my case, it was an extension called Smooth Gestures).

One easy way to verify that it's an extension, is to either try a different browser (as you have with IE), or try a private/incognito window in FF/Chrome.

Once you've verified that this is the cause, try turning off extensions one by one to find the culprit. Then publish its name here, and in other forums, so we'll all know to avoid it in the future.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .