I've been trying to remove some form of adware from my PC all day. It has been the worst Sunday of 2016 thus far outside of the Cubs 7 to 3 victory over the Diamondbacks. This software is posing as a google domain and then running JavaScript to inject ads on every page I visit. For instance, if a page has an embedded YouTube video the adware will convert the video into ads. I've attacked it with everything I've got, and right now it is winning.
The first line of defense was to look for extensions and browser plug-ins. I checked Chrome, Firefox, and Internet Explorer and there were no extensions unexplained extensions to be found. Then, for good measure, I even went ahead and uninstalled all of the ones I intentionally installed within all browsers. This provided no respite.
After checking the extensions, the next logical step was to delete all local browser data. Cookies, browsing history, cache, you name it, I deleted it. No effect! Since that did nothing, I thought, "uninstall Chrome and Firefox?" It couldn't hurt to try, so I uninstalled both of them. The only change this made was now I'm relegated to using either Internet Explorer or Edge. Both are pretty weak in my opinion.
Down to my trusty Microsoft browsers, it was then time to look for recently installed programs. Outside of installing Visual Studio 2015 Update 2 on 4/3/2016, I had nothing for over a month. Removing a program wasn't going to get me out of this mess. So I scoured over the running programs in the Task Manager tool. I did this three times and have not yet found anything that would be helpful.
I've searched the net for trustworthy virus/malware tools and have tried a number of them. The first tool I tried was Malwarebytes Anti-Malware. This tool found some "detected objects" but none of them were relevant to my problem. It detected some minor registry issues. Then I decided to by a subscription to McAfee. It was on sale and it can be installed on all my devices so I gave it a shot. It has yet to find a single issue.
The whole time I've been troubleshooting the adware's behavior using the in-browser development tools. Chrome offers the best experience. Using the dev tools, I've been able to log some of the ad services the adware is using and block them in my hosts file. This causes the injects to look like an errant local host page. The ads services the software is using are: atomx, p.ato.mx, x.ato.mx, pipelinemg.com, jwpsrv.com, multioptik.com, 1997c.com, p.jwpcdn.com, redir.adap.tv, advinapps.com. My guess is that this list is non-exhaustive but at least I know these. The dev tools have also been helpful to just see what kind of code I'm up against.
So far, I've had no success with finding a way to make the issue go away. Searching the web has been unhelpful so far as well. I've reinstalled Firefox with AdBlock Plus and it is getting me by but the videos or images on a page are still overlaid and the pages aren't delivered as intended. My guess is I might have to spend some quality time putting a new operating system on my development machine in the coming days. It may be time to dive head first into Linux and stay there. Hopefully I can track it down though, this isn't fun.
Published on 4/10/2016 9:36:50 PM