What is this new filth? Frikken ad on my desktop

Anyone seen this? I wake up my Win7 machine, nothing in the taskbar, but there’s this fucking ad that seems to have hijacked the pop-up notice from the tray. WTF?

I could use a bit of help coming up with search terms here; I dunno what to call this shit.

Is the system otherwise normal?

Have you had a look in control panel/programs and features/? It might show up there, if so, it should easy to find if you sort by install date. My google-fu falls short without more info
What product is the ad for?
You might also be able to identify the process in taskmanager by monitoring cpu/mem usage in the processes tab, might have to click the ad though.
Or if all else fail, google every running executable listed in processes :smiley:

1 Like

It could be a tad more sluggish than normal, as for the other stuff, I’ll have to check when I get back to my machine (on my phone now).

The ad was for Los Angeles tourism or something, it was weird. When I clicked on it my browser went through a domain called beap.something before landing on the ad’s site.

Do you have a screenshot or shots? I could probably help coming up with the right term for a given flavor of notification bubble(if OS provided, if merely designed to look like it, anything goes).

Running Wireshark on the affected machine to look for chatter could also be instructive, and possibly pull up some known scummy domains to look up.

That said, though, it sounds like you have strong evidence that the system itself is compromised (it doesn’t sound like you just had a webpage using pop-ups to spoof system dialogs, since you said freshly booted); at least enough to be running reasonably subtle programs with user permissions, quite possibly more thoroughly than that.

Under those circumstances, forensic investigation can still be useful; but you should seriously be considering taking Ripley’s advice, rather than trying to clean the thing. Gathering data can be valuable; but then head for the dropship and get the nukes ready.

6 Likes

I would scan for malware post haste.

3 Likes

Time to switch to GNU. No ads! No malware! Except in your browser… :smiley:

As @TobinL indicated, there’s a very good chance you have malware. Third party malware removal tools are very hit or miss, may actually infect the computer with more, and predominately serve to separate you from your money. Windows Defender should already be installed with Windows 7. You can use it to scan for malware.

Either right before or right after you scan your machine, back up any and all your personal data not stored in the cloud to an external drive. I’d back it up even if it’s stored in the cloud, but that’s just me. You don’t want to lose your data if the malware tries to install something like ransomware.

https://www.microsoft.com/en-us/safety/pc-security/windows-defender.aspx

It may or may not find it and you may or may not be able to remove it. All malware can be removed, but unless you know exactly what you’re doing there’s a very good chance of breaking your Windows install in the process. If you can’t get rid of it using Defender, you’re best bet it to do a clean install of Windows. Before doing so, make sure you have your installation key, go to your manufacturer’s website, find the support section and download your drivers. If you have a graphics card, you may need to get the drivers for that from the graphics card manufacture’s website.

There’s a small possibility that a program you installed is simply generating pop-ups, so you can try removing any software you recently installed.

But even if you do nothing else, back up your personal data ASAP.

4 Likes

5 Likes

I’ve never had a system tray ad, ever. But I did once have a browser extension one of the you tube managers that had a really really inappropriate sense of boundaries.

1 Like

My Windows Defender got nuked by a root kit (infected ad on tvtropes) a few years back. There’s an Antivirus company called ESET that allows you to scan your computer via their site:

Their tech support helped me get rid of the rootkit, so I’d say they’re pretty good.

3 Likes

Aha. It’s WPS Office.

https://store.wps.com/?event=bubble_remove&distsrc=00022.00000105&lang=&version=10.2.0.5965&access=bubble_remove

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.