VideoHelp Forum


Try DVDFab Video Downloader and rip Netflix video! Or Try DVDFab and copy Blu-rays! or rip iTunes movies!
+ Reply to Thread
Page 1 of 2
1 2 LastLast
Results 1 to 30 of 31
Thread
  1. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    When visiting a specific website with internet explorer (any version) a second website tries to open with a link something like this (I suggest you do not try to open):

    http://ams1-ib.adnxs.com/it?e=wqT_3QLeBPBEXgIAAAMA1gAFAQi-1O68BRCSpu2G2JfahgoYh_KvvpyM...TYABo0J0VePrtA

    I have blocked the above website as antivirus and adware/malware removal utilities do not detect anything suspicious.

    The above link does not seem to open when using a different browser on the same website so it seems to be related to internet explorer only.

    I have asked others using the specific website and they do not have this issue.

    Can anyone offer any advice?
    Quote Quote  
  2. Member hech54's Avatar
    Join Date
    Jul 2001
    Location
    Yank in Europe
    Search Comp PM
    Just Google "ams1 popup", tons of info.
    Quote Quote  
  3. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    I have tried following the steps on some websites to remove this manually but I find nothing related to it.
    Last edited by kyrcy; 29th Jul 2016 at 15:07.
    Quote Quote  
  4. Member hech54's Avatar
    Join Date
    Jul 2001
    Location
    Yank in Europe
    Search Comp PM
    Originally Posted by kyrcy View Post
    I have tried following the steps on some websites to remove this manually but I find nothing related to it.
    In 7 minutes?
    Quote Quote  
  5. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    No, I searched google before and found the information, searched hard disk, registry, internet explorer add-ons. Nothing suspicious found and still the links open.
    Quote Quote  
  6. Member hech54's Avatar
    Join Date
    Jul 2001
    Location
    Yank in Europe
    Search Comp PM
    No "one software" is going to get rid of that thing. Follow the procedures laid out in the instructions.
    If the link keeps opening, it's(the infection, virus, malware, hijacker, etc etc) still there.
    Quote Quote  
  7. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    I find no traces of the infection by searching manually and every removal tool I tried did not find any trace either. Thinking about formattng and re-installing windows now.
    Quote Quote  
  8. Member Cornucopia's Avatar
    Join Date
    Oct 2001
    Location
    Deep in the Heart of Texas
    Search PM
    1. Backup your important data files (docs, pix, flix, tunes, ebooks, favorites/bookmarks, email...)
    2. Try booting in safe mode with the various tools & methods.
    3. If that doesn't work, boot from a different drive (CD/DVD live rescue disc, USB stick, external HDD/SSD...). If it never gets loaded into memory, it can be "active" and so becomes more visible & vulnerable. Then try using the various tools & methods.
    4. If that doesn't work, THEN reformat & reinstall.

    Scott
    Quote Quote  
  9. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Originally Posted by kyrcy View Post
    When visiting a specific website with internet explorer (any version) a second website tries to open with a link something like this (I suggest you do not try to open):

    http://ams1-ib.adnxs.com/it?e=wqT_3QLeBPBEXgIAAAMA1gAFAQi-1O68BRCSpu2G2JfahgoYh_KvvpyM...TYABo0J0VePrtA

    I have blocked the above website as antivirus and adware/malware removal utilities do not detect anything suspicious.

    The above link does not seem to open when using a different browser on the same website so it seems to be related to internet explorer only.

    I have asked others using the specific website and they do not have this issue.

    Can anyone offer any advice?
    did you try clearing your Internet history & cookies ??
    Quote Quote  
  10. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by october262 View Post
    did you try clearing your Internet history & cookies ??
    Yes.
    Quote Quote  
  11. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    On your keyboard, press control - alt - delete and when task manager shows, click on
    Processes tab, see if anything suspicious is running.
    Quote Quote  
  12. I'm a Super Moderator johns0's Avatar
    Join Date
    Jun 2002
    Location
    canada
    Search Comp PM
    Also check internet explorer addons for any suspicious ones.
    I think,therefore i am a hamster.
    Quote Quote  
  13. aBigMeanie aedipuss's Avatar
    Join Date
    Oct 2005
    Location
    666th portal
    Search Comp PM
    unfortunately even re-formatting isn't enough in some cases these days. there is malware that reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.
    --
    "a lot of people are better dead" - prisoner KSC2-303
    Quote Quote  
  14. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by october262 View Post
    On your keyboard, press control - alt - delete and when task manager shows, click on
    Processes tab, see if anything suspicious is running.
    Nothing suspicious is running.

    Originally Posted by johns0 View Post
    Also check internet explorer addons for any suspicious ones.
    Already checked and no suspicious ones.

    Originally Posted by aedipuss View Post
    unfortunately even re-formatting isn't enough in some cases these days. there is malware that reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.
    I did a new windows installation and I tried internet explorer without installing any updates (only Ethernet drivers) and the problem still insists. Could the infection be on the specific website and not on my PC?
    Last edited by kyrcy; 30th Jul 2016 at 09:30.
    Quote Quote  
  15. locotus
    Join Date
    May 2011
    Location
    Cypress, Tx.
    Search Comp PM
    Perhaps one these may get rid of your browserhacker: Adwcleaner, JRT(Junk Removal Tool) or the old Spybot Search and Destroy.
    Quote Quote  
  16. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by locotus View Post
    Perhaps one these may get rid of your browserhacker: Adwcleaner, JRT(Junk Removal Tool) or the old Spybot Search and Destroy.
    Nothing suspicious is found.
    Quote Quote  
  17. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    You could try this - https://youtu.be/9HgslhFDeeQ
    Last edited by october262; 30th Jul 2016 at 11:03.
    Quote Quote  
  18. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by october262 View Post
    You could try this - https://youtu.be/9HgslhFDeeQ
    I try uninstalling and installing internet explorer with no luck.
    Quote Quote  
  19. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Does it do this on Firefox or Chrome ??
    What version of Internet Explorer do you have ?
    Quote Quote  
  20. aBigMeanie aedipuss's Avatar
    Join Date
    Oct 2005
    Location
    666th portal
    Search Comp PM
    I did a new windows installation and I tried internet explorer without installing any updates (only Ethernet drivers) and the problem still insists. Could the infection be on the specific website and not on my PC?


    sure of course a specific website can be infected themselves and host malware they try to install whenever someone visits. if it doesn't happen anywhere else that's what i would assume is going on.
    --
    "a lot of people are better dead" - prisoner KSC2-303
    Quote Quote  
  21. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by october262 View Post
    Does it do this on Firefox or Chrome ??
    What version of Internet Explorer do you have ?
    The problem happens with a flash website and only with (all versions of) internet explorer.
    Quote Quote  
  22. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Originally Posted by kyrcy View Post
    Originally Posted by october262 View Post
    Does it do this on Firefox or Chrome ??
    What version of Internet Explorer do you have ?
    The problem happens with a flash website and only with (all versions of) internet explorer.
    update your adobe flash player.
    Quote Quote  
  23. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by october262 View Post
    Originally Posted by kyrcy View Post
    Originally Posted by october262 View Post
    Does it do this on Firefox or Chrome ??
    What version of Internet Explorer do you have ?
    The problem happens with a flash website and only with (all versions of) internet explorer.
    update your adobe flash player.
    Did that too.
    Quote Quote  
  24. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Try running Internet Explorer in safe mode.
    Quote Quote  
  25. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    Originally Posted by october262 View Post
    Try running Internet Explorer in safe mode.
    I am unable to enter safe mode with networking or without. Windows reboot at safe mode login screen. Windows repair finds no problems. This seems to be an unrelated problem, but still a problem that needs to be solved.
    Last edited by kyrcy; 3rd Aug 2016 at 06:01.
    Quote Quote  
  26. joollyjohn jollyjohn's Avatar
    Join Date
    Mar 2005
    Location
    Sydney Australia
    Search Comp PM
    Reformat
    Quote Quote  
  27. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    This is a new windows installation and I spent days applying patches. The windows reboot at safe mode login screen seem to be a known issue (other posts exist about it) but I did not find a solution yet.
    Quote Quote  
  28. Member ranchhand's Avatar
    Join Date
    Oct 2005
    Location
    USA-midwest
    Search Comp PM
    There is one program that you haven't used yet- Combofix. To be honest, I hesitate to recommend it, not because it is ineffective, but you really have to be careful because you can brick your operating system if you don't follow directions exactly. Been there, done that.
    Rather than type lengthy instructions, I will post the instructions courtesy of Broni, an expert AV removal tech at Suggest-A-Fix. I will just add a couple of things that I have experienced (for emphasis).
    > Once Combofix is running, do not move the mouse, touch the keyboard or stop it. It can stall, and that could cause damage to the OS.
    > Disable any antivirus program or tool you might have running; if Combofix messages you that it detects a certain program is running and it will interfere, take it seriously. If you must, totally delete any program it messages you about. If you force it to run anyway, you can damage your OS or even brick it. I had that happen once.
    > Combofix will appear like it is doing nothing sometimes; do not get impatient, it is working. This is not a fast fix, it takes time. Rather than sit and stare at it, go do something else and come back
    I strongly suggest that you make an image backup of your partition before doing this; at least if disaster strikes you can re-image and be back to square one.

    Ok, that being said, here is the post:

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.


    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

    Make sure, you re-enable your security programs, when you're done with Combofix.


    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingc...ad/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingc...ad/rkill/dl/11/

    Restart computer in safe mode
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
    Quote Quote  
  29. Member
    Join Date
    Aug 2005
    Location
    Europe
    Search PM
    I tried Combofix but nothing was found.
    Last edited by kyrcy; 4th Aug 2016 at 11:06.
    Quote Quote  
  30. Member
    Join Date
    Feb 2006
    Location
    United States
    Search Comp PM
    Originally Posted by kyrcy View Post
    This is a new windows installation and I spent days applying patches. The windows reboot at safe mode login screen seem to be a known issue (other posts exist about it) but I did not find a solution yet.
    Try this- turn off computer- unplug power cord - open computer
    And remove the button cell battery on the motherboard and wait an hour, replace battery
    and retry rebooting in safe mode.
    Quote Quote  



Similar Threads