1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I just experienced a new kind of browser virus :/

Discussion in 'BlackHat Lounge' started by todordonev, Jun 5, 2015.

  1. todordonev

    todordonev Jr. VIP Jr. VIP

    Nov 23, 2012
    Likes Received:
    Home Page:
    The usual old methods were not used.

    No shady processes in windows task manager or in chrome task manager.
    I have not installed new software long time ago. No PPI installed whatsoever.
    No plugins for chrome installed other than the official gmail and alerts.
    No shady/hidden folders in user/appdata. Nothing new there either
    Nothing new or "backdated" in the control panel "install/uninstall new software"
    Checked all the browser shortcuts for properties or flags - nothing
    No shady bat/dll files
    Ran every option in CCleaner to clean everything - nothing bad found except the usual windows cache/temp crap.
    No shady startup records

    AND still my browser shows some spam adverts instead of the normal adverts here on bhw.
    I have had removed PPI/adware spyware many times. But this is something new and/or very nasty..

    Restarted my chrome and everything is back to normal.

    When I first saw the shady ads I inspected the html code and couldn't find specific div ids or classes. It was looking very natural but I knew bhw is only advertising links and seo stuff etc. not "you are 100 000th visitor! You win Ipad" etc. The advertisement url was adnxs.com . Looks like some kind of adware crap.
    No idea how I got this crap but every time I restart my laptop its back again.

    Advice for you: Its not only exe dll bat that can infect your pc. RAR archives can be injected with malicious code. Double clicking the rar (not even extracting) is enough for the code to be executed.
    Be careful and have your private data on some external hdd, when you are reinstalling your windows, always wipe your whole drive(s).