Adware is the Worst: Part II

I think whatever adware or malware or phantom was ailing my PC is not gone. Since Sunday night there have been a number of trials and tribulations before arriving at the current juncture. I feel like issues like this take as much patience as skills. It seemed like I could trace every little detail about my PC and home network and there was nothing I could do. In the end though, I don't think even installing a clean OS would've helped.

Later Sunday night, I opened up my laptop to find that it was afflicted with the same problems that were plaguing my desktop. Ads were constantly overlaying things like linked YouTube videos, linked Tweets, and other forms of in page linked media. Once a page loaded ads the never stopped. The ads were being injected into the pages from a number of JavaScript files that looked like they were coming from a Google domain. The files were analytics.js, overlay.js, scr.js, and ga.js. These files had replaced the typical Google analytics scripts and were feeding me an endless supply of ads. So now there I was with two PCs to fix.

Here's a shot that shows the fake Google link that was spitting out the ads.

Here's a shot from my desktop where an ad is injected over my Twitter feed. That's the best feature of the site!

The next step I took was to installed the Microsoft ProcessMonitor tool. This tool can be used to show what all is running on your Windows PC. I was interested in what DLLs any of my browsers had open. I examined each DLL but none of them were responsible for producing the ads…

I attempted to use a couple more malware removal tools that didn't help. The tools I tried were HitmanPro and HijackThis. I think they both caught and removed some cached files but nothing changed following that. Once those both failed, I was almost ready to take a break when I realized, it's on both machines! What if it's something on my router? Sure enough, I looked in my router settings and the DNS Settings had been changed to enable manual DNS assignment. I don't recall what the IP address was set but I removed it and rebooted the router. Once that was complete no more overlay ads were being served on either machine. For good measure, I restored the router to factory settings late last night and reset it up. Everything has been running smoothly since.

After all this time spent trying to track down the cause of the issue all I can do is trace it to my router. I wish I would've just checked it first. Rather than assuming there was some form of software that was installed on my PC, I could've checked the router settings and been done. From now on I'm going to save a copy of my router's configuration and periodically verify it's in line with the expected settings. In addition to these configuration checks, I'm going to stay vigilant about not visiting sites that could be less than trustworthy. As for where I got the malware, my guess is that I picked it up from a YouTube to MP3 converter that I tried on a whim. It didn't even produce the sound from the video I wanted. It definitely wasn't worth it, I'm sure the lessons will be.

Published on 4/12/2016 8:22:38 PM