Is my PC infected?

kirkofski

I've had the following two pages popup whilst viewing Gumtree. It only happens on Gumtree and has come up at least 10 times now.


I tried running the malicious software removal tool but it found nothing.

somersethillbilly

Check that Flash Player is up to date.

http://helpx.adobe.com/flash-player.html

Download and run Malwarebytes Anti-Malware, do not select the trial when installing.

esuhl

That doesn't look like a genuine message.

Try scanning with MB Anti-Malware: http://www.malwarebytes.org/

And then adwCleaner: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

maas

The adverts are fake, just make sure you dont install the dodgy program masquerading as an Adobe Update.

You can get those adverts from time to time from general web browsing, but if you find they are popping up all the time (like every day) then you'll have something on your computer running triggering them.

Kendall80

I'd run ccleaner too and its inbuilt registry cleaning tool.


'Hijack this' is an effective old classic that'll display all running processes, startup items, safe zone sites, BHO - browser helper (read hijacking) objects etc.


Update your flash direct from the flash site. General rule of thumb is if anything pops up asking you to click/download, be suspicious.


I fell victim to the ransomware worm/virus a few months back. That was a nuisance. Pop up telling me to pay £200 to unlock my computer. After wiping out that annoyance I significantly upped my security settings - nothing gets in here now without my say-so. Makes applying for accounts and credit cards frustrating sometimes if I don't add the site to the safe zone first. Worth it though. I've not detected a single piece of malware since despite almost daily checks.

Strider590

Gumtree makes money from selling targeted advertising space, a dodgy ad is creating those popup messages.

borse2008

Thats malware or spyware and not genuine firstly run your AV scan fully. Also reset IE in internet options.

nick-nick

esuhl wrote: »

That doesn't look like a genuine message.

Try scanning with MB Anti-Malware: http://www.malwarebytes.org/

And then adwCleaner: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Second this, I would also run ccleaner (it will delete your cache, history, cookies etc) You can get it here https://www.piriform.com/ccleaner/download

WorkerB

Just to complicate matters further, it might just be your router which has been compromised, rather than your computer.

Just over six months ago, a number of router makes had their traffic routed via servers mostly in the USA, and this normally manifested itself as warnings to update Flash Player. The update warning was simply an attempt to get users to download virus/malware. I didn't - I was suspicious and noticed a couple of spelling mistakes also.

My router, made by TP-Link (very many TP-Link routers are/were vulnerable as well as other makes), was compromised and other family machines using my network (including an ipad) had unexpected update messages, suggesting that it was the network rather than my machine which was compromised. I had gone through all of the normal malware checks on our machines first, without finding anything amiss.

I then undertook a number of internet searches which confirmed my suspicion that my router had been compromised. Here are a couple:

***.bleepingcomputer.com/forums/t/526875/flash-update-virus-damaged-router/

***.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html

Replace all * with w - newcomer here and not allowed to post direct links.

Essentially, it seems that many routers can be compromised in a similar way to the newspaper 'phone hacking - it depends on the admin password still being at its default which means that the router traffic can be redirected by a third party. Even though nothing had been downloaded and installed to my laptop, I still felt very exposed that my traffic was going via servers presumably controlled by hackers and thieves.

The solution in my own case was a hard reset (unplugged and then a reset was done when it was plugged back in - both together are probably a bit overkill, but belt and braces....) and changing the admin password. If you suspect that this might have happened to you then your router manufacturer is probably the best place to go for advice.

That uncomfortable, not quite secure, feeling remains with me despite following TP-Link's advice, and even now, seven months later, I regularly check my router settings using 'IP address lookup' to ensure that my traffic is going through 'expected' UK servers (in my case Tiscali/talk talk).

Complicated but I hope that you manage to sort this out. If the malware scans don't find anything, then suspect your router. It may be that this vulnerability is still being exploited.

Laz123

Also run MBAN.

esuhl

WorkerB wrote: »

Just to complicate matters further, it might just be your router which has been compromised, rather than your computer.

Avast has a component that lets you scan your network for compromised routers. I don't know how effective it is, but my network was given the all clear.

Is the main vulnerability in routers due to having UPnP enabled? That has always seemed a risky option (and is enabled by default on most home routers). I have it disabled and use port-forwarding for the odd occasions I want a device to respond to an incoming connection.

https://nakedsecurity.sophos.com/2013/02/05/upnp-flaws-turn-millions-of-firewalls-into-doorstops/
http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/
http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/