As for the problem itself it just seemed to come up from nowhere. Maybe from down loading picsa a while back where i got a browser hijacker that i removed or disabled More likely after software updates earlier this week when all [bleep] broke loose with pop ups
Whenever I go to various sites I get pop-up box messages some times trying to tell me that something is wrong with my PC and an automatic redirection happens. other times its quick money making schemes or hard core porn sites There doesn't seem to be any sort of pattern as to what sets it off. Sometimes I'll go to the local news paper website and it'll be fine, other times a box will pop-up. So that's just the basic idea of what the issue is. I have managed to work out some of the pop ups and redirects are coming from reduxmediia, adcash , Also on a couple of sites i have spoted a transparent giff that randomly appears and tends to want to link hXXp://t.cttrsv. c o m i have a feeling its a flash or java exploit.
As to what I have done so far:
I did do a fix on the host file using MicrosoftFixit50267 as it had been changed to various sites of a dubious nature this slowed the pop up down but didnt stop them.
I've googled various fixes for it but none of the steps seem to really match anything I can do/find. For example, they say to go into settings and delete extensions and have screenshots of what you should see when you go there, but when i do that there is nothing listed in the extensions at all. Likewise they say to start off by going into control panel and/or task manager and deleting certain files or stop certain programs running, but there doesn't seem to be any sort of variation of the files/programs they are telling me to delete which is in my add/remove program or task manager.
I have downloaded various any virus/malware programs malwarebytes, Ccleaner JRT adaware , emisoft antimalware farbar minitool many of which have found things when I run them but after doing a clean out nothing seems to change.I have tried resetting my router also. In short, I don't really know what exactly I am looking for on my computer to delete and any guides I find tell me to delete things which just aren't present where they say they should be on my PC.
I have reset all browsers
Programs used
r kill
malawarebytes anti malware
malawarebytes ant root kit
malaware anti exploit is running
Emsisoft Antimalaware
adwcleaner
Junkware removal tool
Farb mini tool
I can alleviate my problem running Adblock pro with pop up addon and a java script blocker in fire fox I also use IE and chrome bt dont have the script blocker installed
My son is having similar problems with his lap top also. So i guess i will have 2 machines to sort out and we could be dealing with a router being hacked Aswell . Lets deal with one issue at a time
edit
I have uninstalled java 7 and installed java 8
uninstalled MSE and installed avast anti virus.
Desk top is flahing at times and PC labouring. .
curently running java script blocker and Add block pro in Fire fox.
IE has pop ups blocked and now specifically blocking sites im being redirected to by adding them to blocking filters.
Although i am unable to find processes of the malware in task manager.
this is supposed to be a fix for t.cttsrv
Stop processes of this malware:
Open Task Manager to stop processes.
Remove associated registry settings:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook
HKEY_LOCAL_MACHINE\software\classes\urlsearchhook.toolbarurlsearchhook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions,
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run .exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings WarnonBadCertRecving = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallPaper = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments SaveZoneInformation = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr = 1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download CheckExeSignatures = no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Use FormSuggest = yes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden = 0
Delete t.cttsrv.com infected files:
%Profile%\Local Settings\Temp\
have run ccleaner today and came across some enreries that disable registery tools and task manager i quarantined them.
Attached Files
Edited by Nullarbor, 24 October 2014 - 06:11 PM.