Telkom Mobile - Malware / Adware Question

yaseent

Active Member
Joined
Jul 13, 2008
Messages
53
Hi,

a few days my PC started randomly popping up an internet explorer session to a website called wartune r2games.

MalwareBytes, and AdwCleaner did not remove this little thing.

I decided to format given it's easy for me as all my data is structurally simple. A full format that is, so no MBR data remained.

After formatting, I re-installed all my apps, using newly downloaded sources.

And yet, the popups continued. I re-did my router's firmware in case the vulnerability lie there.

And still, pop ups.

I'm starting to wonder if the issue is with Telkom, is this even possible? Anyone having this issue? How does adware persist after a clean format, clean re-install, and a new MBR.
 

pinball wizard

Honorary Master
Joined
Feb 9, 2010
Messages
15,544
How does adware persist after a clean format, clean re-install, and a new MBR.
It is technically possible.

Depends on what you consider to be "a clean install".

Besides what D.W. mentioned, some stuff could remain in for example "System Volume Information" and/or recycler directories (system restore and recycle bin directories) on any additional partitions you might have. That could easily reactivate on a fresh Windows installation but it most probably won't work on Ubuntu. Anyway, if all these other partitions do not get desinfected, it means there still might be some malware somewhere in these directories - probably not doing anything, just waiting for better days, for Windows to get reinstalled ]:-> but still there.. What I would suggest you do after installing Ubuntu is installing clamav, updating it and rescaning everything you have..
http://security.stackexchange.com/questions/7204/is-making-a-clean-install-enough-to-remove-potential-malware

But in essence, definitely not a Telkom (or any other service provider) issue.
 

yaseent

Active Member
Joined
Jul 13, 2008
Messages
53
Hi simm_card,

thanks for reply.

Just did another format and re-install. You know how...you get to that point...where you've formatted so often...that you know your Windows serial key off by heart? Yeah :/

Anyways, my installed stuff is simple:

1. AVG Free Edition (never used an Anti-Virus once I got Windows 7...with this issue I decided to return to the fold).
2. Firefox 64bit downloaded directly.
3. VLC 64bit downloaded directly.
4. Winamp....I'm old school - downloaded directly from Winamp's forums posted by one of the developers.
5. iTunes 64bit downloaded directly.
6. MetroStudio by Synfusion downloaded directly. Been using this for years.
7. InkScape 64bit, downloaded directly.
8. Microsoft Expression Web 4 downloaded directly. Microsoft Application for basic wysiwyg html.
9. IrfanView 64bit - downloaded archive directly, not from third-party installers like CNET.
10. Uniform Server downloaded directly. PHP/Apache server utility for local development.
11. TeamViewer, downloaded directly.
12. Samsung printer drivers, downloaded directly.
13. FileZilla, downloaded via SourceForge. AVG picked it up, false positive, but I'm skeptical here.
14. WinRar downloaded directly.
15. ImageMagick, downloaded directly. ImageMagick is what most web hosts these days use to allow php websites to manipulate images via PHP.
16. Two things I still need to install, when I need them: a. Adobe Reader b. Google Chrome.

There are two pieces of software I held off on installing this time round. A 2003 version of Microsoft FrontPage that I got off the internet years ago, and FreeDownloadManager.

I've been using FreeDownloadManager for years - over a decade I might say. Most lightweight download manager I've come across. But I'm starting to think this may have been the cause... I can't be sure, if newer versions have been compromised.

So far no popup on todays re-install.
 

simm_card

Expert Member
Joined
Aug 4, 2011
Messages
3,345
Thanks man!

I have a colleague who have been in IT for a while. He came to me the other day after I've cleaned his laptop with some trojan with Malwarebytes.

He said he installed Malwarebytes on his dad's laptop and its asking for a license now...

I knew he didn't take note when installing the correct version. I believe this is the case here, maybe?

If you allow something to install it is more difficult to remove.


Edit: "directly" doesn't mean safe/all good. These apps include adware during installation and sometimes we miss them... and just click next/ok.
 
Last edited:

yaseent

Active Member
Joined
Jul 13, 2008
Messages
53
Hi,

I used the free version of MalwareByes. I've used MalwareByes (definitely the free version) in the past as well, only to be prompted after a while to register the product or something. I'm not sure what the issue is with MalwareBytes but I think it's more like freemium rather than free.

Yes that's right, a direct download doesn't always mean safe. I use custom installations all the time to ensure additional junk doesn't get installed, unless it is from a known trusted source, like Microsoft or VideoLan for example.

Thanks man!

I have a colleague who have been in IT for a while. He came to me the other day after I've cleaned his laptop with some trojan with Malwarebytes.

He said he installed Malwarebytes on his dad's laptop and its asking for a license now...

I knew he didn't take note when installing the correct version. I believe this is the case here, maybe?

If you allow something to install it is more difficult to remove.


Edit: "directly" doesn't mean safe/all good. These apps include adware during installation and sometimes we miss them... and just click next/ok.
 
Top