KenB

CLOSED Problem With "AdChoices" Ads, UBlock Origin, Amazon.com

Recommended Posts

Problem #1: I am being inundated with adds that I am unable to close. Many of them take up a good deal of screen real estate making content difficult to read. They are identifiable by a small blue triangle with the word "AdChoices" next to it. When I click on "X" to close the ad ... the ad is replaced by the text "Ads by Google ... Report this ad ... Why this ad?". A few seconds later this is replaced by another ad.

Problem #2: uBlock Origin is blocking zero items on every webpage I visit.

Problem #3: On Amazon.com ... when reading a page describing an item to buy ... and when the mouse pointer is in the top left half of the page where product images are ... the mouse pointer drags around a blue cross hatched rectangle that magnifies everything. The magnified image is large and located on the right side of the mouse and blocks out almost all text.

While investigating the problem prior to this post EAM detected and quarantined JS:Trojan.Cryxos.3758(B) ... I don't know if it is related. Quarantining it didn't fix the problems described above.

Specs: Windows 10 v1909, FireFox v76.0.1 (64 bit)

EEK and FRST reports are attached

So ... I need help!

Thanks!

KenB

 

Addition_25-05-2020 21.37.18.txt scan_200525-212939.txt FRST_25-05-2020 21.37.18.txt

Share this post


Link to post
Share on other sites

Other than three Alternate Data Streams, you logs show no malware.  This may be a rogue FF extension.

 

Copy the below code to NotepadSave As fixlist.txt to your Desktop.

AlternateDataStreams: C:\Windows:CM_0939d09660ebff6d267be4be651447129b660d1e4c5b88f1e5a04d951976163f [74]
AlternateDataStreams: C:\Windows:CM_c83224b93665ae525a56615c7f6ec83a70075eb4452b7e0f7aee9ce9516789ef [74]
AlternateDataStreams: C:\ProgramData\PACE:E43E050BB334F242 [217]

 

Close Notepad.

 

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

 

IMPORTANT: Save all of your work, as the next step may reboot your computer.

 

Run FRST and press the Fix button just once and wait.

 

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

 

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

 

NOTE: If the tool warns you about an outdated version please download and run the updated version.

 

I would also like for you to run a third-party tool that aggressively targets Adware and Junkware.

 

 

Download AdwCleaner and save it on your Desktop.

  1. Close all open programs and Internet browsers (you may want to print out or write down these instructions first).
  2. Double click on adwcleaner.exe to run the tool.
  3. Click on the Scan button.
  4. After the scan has finished, click on the Clean button.
  5. Confirm each time with OK.
  6. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop.
  7. Attach that log file to your reply.

 

NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

 

Share this post


Link to post
Share on other sites

I've created fixlist.txt and have run FRST and AdwCleaner as requested. The logs for both are attached.

The problem has been much improved but I have a few concerns.

1. I'm still seeing a few AdChoices ads but thankfully they're not popping up all over the place like they were. I still can't close them out so I can reclaim some screen real estate. As AdChoices is a real platform how do I know that this fix worked and that the ads I'm seeing aren't due to something we missed?

2. uBlock Origin still isn't blocking a single thing. Should I now uninstall it and reinstall it?

3. The Amazon.com magnifier issue still remains. It only happens when viewing items for purchase and only in the area of pics of the item. I have no clue if it's related to this problem or not. It's an Amazon feature maybe? I've included a screen shot so ya can see what I'm seeing. In the screen shot the mouse pointer is at the center of the blue rectangle but it doesn't show in the screenshot. Yes ... my Windows magnifier is turned off.

4. If the problem was caused by a rouge FF extension ... how do we identify which one it is?

5. "Three Alternate Data Streams" ... have no clue what your talkin' about there. Could you elaborate a bit?

Thanks!

KenB

 

 

 

Screenshot (2).png
Download Image

AdwCleaner[C00].txt Fixlog.txt

Share this post


Link to post
Share on other sites

Alternate Data Streams are just that.  They are data streams that are attached to running processes.  Think of them as tiny programs that are attached to another running process.

AdChoices is a legitimate advertising network.  So, the ads may be legit.

As far as a rogue FF extension.  You would need to disable all extensions and then enable them one at a time until you find the rogue extension.

I would like for you to run another tool.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

  • Double-click on setup.exe to install RogueKiller.

 

Close all programs and disconnect any USB or external drives before running the tool.

 

  • Right-click RogueKiller.exe and select Run As Administrator to run the tool.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.

Share this post


Link to post
Share on other sites

You can go ahead and let RogueKiller delete those detections.

Share this post


Link to post
Share on other sites

RogueKiller has deleted the detection's.

I can't tell if anything has changed since the previous scans.

Thankfully there aren't any AdChoices adds popping up all over the place and taking up screen real estate.

The negative is that uBlock Origin is still not blocking a single thing and the Amazon.com magnifier still remains.

Except for uBlock Origin and the magnifier everything seems to be running smoothly.

Is it safe to uninstall uBlock Origin and reinstall it?

Thanks!

KenB

 

as_83D7.tmp.txt

Share this post


Link to post
Share on other sites

Go ahead and uninstall uBlock Origin.  Close the browser session and then reinstall uBlock Origin.

Share this post


Link to post
Share on other sites

I uninstalled uBlock Origin, closed FireFox, restarted the computer and reinstalled uBlock Origin ... it's still not blocking anything. The dashboard also indicates no filters and absolutely zero other information.

The amazon.com magnifier thing ... a couple of my friends say they have it ... so I assume it's an Amazon.com feature and isn't related to our work.

Thanks!

KenB

 

Screenshot (4) Smaller.jpg
Download Image

Screenshot (3) Smaller.jpg
Download Image

Share this post


Link to post
Share on other sites

Ken,

Disable the "I don't care about cookies" extension.  What difference does that make?

Share this post


Link to post
Share on other sites

Hi Keven,

Disabling the "I don't care about cookies" extension didn't do a thing ... uBlock Origin is still dead.

 

Share this post


Link to post
Share on other sites

Okay.  I also noticed that there are several legacy FF extensions installed. Disable all the legacy extensions.  Any difference?

Share this post


Link to post
Share on other sites

I disabled all extensions except Emsisoft Browser Security ... uninstalled uBlock Origin ... then restarted and reinstalled uBlock Origin. UBO is still completely dead.

KenB

 

Share this post


Link to post
Share on other sites

The only other thing is to uninstall Firefox and delete the profile folder, and reinstall Firefox.

Share this post


Link to post
Share on other sites

Before I take this step ... is it safe to retain my bookmarks and reinstall them into the new installation?

Share this post


Link to post
Share on other sites

I deleted FireFox and it's profiles and reinstalled it. uBlock Origin is working and I'm setting up my FF configuration ... but everything looks pretty good so far. I think we're prolly back in business. Give me a day or two to live with it to see if anything crops up.

Thanks!

KenB

Share this post


Link to post
Share on other sites

Good to hear that everything appears to be working properly.

The thread will stay open for at least three days before we close it.

Share this post


Link to post
Share on other sites

Hi Kevin,

Everything is working fine as far as I can tell. I think you can close this thread now.

Thanks for all your help and for jumping right on it ... Emsisoft is the greatest!

Thanks!

KenB

 

Share this post


Link to post
Share on other sites

KenB,

You are welcome.

Thread Closed

Reason: Resolved

PM either Kevin, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.