0

Request: Kindly do not mark this question as a duplicate without reading the whole description. I know this sounds like any other malware-infection question, but I request you to please read the whole description first. After that, if you still think this is a duplicate, mark it so and provide a link to a similar, answered question where the answer has been accepted as the solution with adequate confirmation.

I have been struggling with a (possible) malware infection (possibly) to my system (an employer-provided laptop with licensed software only). As you can see in the image below (iFrame element and jScript name), I am getting these frequent pop-ups which keep bothering me every time I open a website. As always, the minute I try to close them (a close button appears when I hover my mouse over it), it opens up a new tab and takes me to suspicious websites. The one url that always appears before being redirected to a random malicious page is double-u double-u double-u dot tradeadexchange dot com.

Image for iFrame Element and jScript

Before I resorted to taking SU's help and reading Joel Coehoorn's answer here, I had scanned my employer-provided laptop with SpyHunter (free license) and Kaspersky Rootkit Removal Tool. I can't blindly follow Joel's suggested solutions without an unambiguous confirmation of the infection because I would have to submit it to my employer's lazy, good-for-nothing maintenance team who will assuredly take 2 weeks to do it while cutting corners and not being as thorough as Joel Coehoorn suggested. And during which I, a developer working in the IT dept, would be forced to use a substitute ancient with performance slower than Win98 on 64kb ROM.

Kaspersky Rootkit Removal tool found nothing whatsoever. On my personal laptop, I use a licensed copy of Kaspersky Internet Security, and it blocks these ads and shows me a Malicious URL blocked message every time I open a website. SpyHunter gave me the location of 3 cookie files that it identified as malware/spyware, which I promptly deleted. And, not so surprisingly, they keep popping up every now and then.

But I think the SpyHunter results are false-positives. Why? Because - and this is a curve-ball for me - I am getting these same pop-ups on other devices that use my home WiFi connection too, but which have never, ever, ever had a data-transfer with my laptop. Also, a friend of mine gets his internet connection from the same ISP, and he too is getting similar pop-ups. Now again, this does not rule out malware, his system too could have been compromised. Another important point, I don't get these ads when I connect to my office's WiFi connection. The office connection obviously has a host of professional firewalls and security measures implemented, but, and again, I don't think those measures are the reasons why I don't get the pop-ups on the office WiFi.

So, I would be very, very, very thankful if the community could help me out on this. I just need a concrete confirmation as to whether my system indeed is compromised or if it's my home router or the ISP itself. Also, is it possible that an infected system, when connected to an entirely new network, transmit sufficient details so as to compromise all systems on that network too, without the other systems doing anything whatsoever? Deep down I know this is possible, but not sure. Do clarify, please.

Community
  • 1
Meet K.
  • 101
  • 2
    Possible duplicate of [How to remove ad-type.google.com pop ups from \*\*PC\*\*? (Tradeadexchange redirection.)](http://superuser.com/questions/985890/how-to-remove-ad-type-google-com-pop-ups-from-pc-tradeadexchange-redirecti) – davidgo Jan 23 '16 at 06:05
  • Sorry, it is a Duplicate, like it or not. Its most likely your ROUTER that is compromised, not your PC. – davidgo Jan 23 '16 at 06:06
  • Also see http://security.stackexchange.com/questions/87102/can-i-have-a-virus-adware-in-my-router – davidgo Jan 23 '16 at 06:12
  • @davidgo, I don't mind the question getting marked as duplicate - I object to providing references to _original_ ones that either have no answers or are only partially answered or are stuck at the bottom of the stack (my phrase for open questions too old to show up as hot or new or featured which will never catch anyone's attention). The question you provided as a reference again has a partial solution. How do I go about changing DNS settings in my Android-based cell phones? Do I replace my router? The answer there is anything but useful. I encountered this same practice on StackOverflow. – Meet K. Jan 23 '16 at 06:19
  • I will follow up on the security.stackexchange question and see what I can do. – Meet K. Jan 23 '16 at 06:24
  • Even If no one answered the old question, a new one asking the same thing is still a duplicate. If you want better answers, on an unanswered question, participate, get some reputation, then then offer a bounty on the languishing question. Going about changing DNS settings on an Android based Cellphone is another question, and the question of whether you should replace your router depends on your router and firmware options. – davidgo Jan 23 '16 at 06:27
  • A new one asking the same thing is _*ideally*_ a duplicate. You can't apply this logic to every two similar question. Plus, marking it as duplicate is purely subjective - you don't know whether the user's query is really the same as the original question. And it's not that I haven't tried offering a bounty. I spent my hard-earned reputation on a question over on SO, without receiving any satisfactory answer, only to have half of it awarded to an irrelevant answer at the end of the bounty+grace period. – Meet K. Jan 23 '16 at 07:04
  • Anyways, I don't want to discuss this here. A better place would be Meta. Thanks for all the help. Appreciate it. – Meet K. Jan 23 '16 at 07:06
  • Since we do not offer malware removal custom (specific) answers, this question is a duplicate, there are forums where you can get specialized help with malware detection and removal, just not here. – Moab Jan 23 '16 at 13:55

0 Answers0