Thursday, November 20, 2008

How to remove popup.adv.net and mtn5.goole.ws - Final Solution

I usually have no problem dealing with trojans and malwares but this one proved to be the hardest one yet. Because it operates in ways we don't expect. Usually trojans operate within your PC but what if the exploit is hosted somewhere else on the web.

Woah! This took a week. Thanks to the people who commented on this blog. I could not figure out this solution without all of you who bounced your ideas here.  

Anyway, lets get rid of it.

1. In the Windows menu go to Start>Run

2. Type cmd

3. This will fire up the command window

4. Type ipconfig /all

5. This will display the actual configuration of your LAN card. Pay particular attention to the DNS entry. In my PC I got three entries: 0.255.122.15 85.255.112.156 1.2.3.4 Two of these entries are not correctly formed while 85.255.112.156 is the DNS address of the exploiter. A proper DNS entry given by your ISP should look something like - 58.69.254.143

6. Type ipconfig /release

7. Then type ipconfig /renew

8. Then do an ipconfig /all again to check that your DNS settings have been corrected.

This should be okay if you are directly connected to the DSL modem but what if you are connected to a router. Then you have to correct the settings in your DSL router first before you correct the settings in your LAN card. In my case I have a Linksys router. What I did was fireup the browser based administration module of Linksys. And then I had to set all the static DNS settings to 0.0.0.0. Then I also did a DHCP release and DCHP renew there. And then I corrected the entries in my LAN card. After that you can use your browser normally. You won't be needing the NoScript add on anymore.  

So how did the attack happen?
I must have gotten a trojan from one of the websites I visited. That trojan then modified the DNS settings of my LAN card and even my DSL router. When the advertisements started popping up I did malware and trojans scans. I was able to remove them but it was already too late. My DNS settings have already been modified which was the last thing I expected a trojan would do. What happens then is that whenever I visit a website. The exploit DNS entry will direct me to popup.adv.net and mtn5.goole.ws server first before it redirects me to the website I wanted to visit originally. It then fires advertisements at random times. It is solved now.

But we all got one big problem. During the exploits we were using hosted email clients and some of you probably visited your bank or credit card sites. And during that time our traffic were being filtered by an exploit server. Ouch! Atleast now you know and you can start taking the necessary steps incase someone would try to abuse your important accounts.

Related Links:
How to Block Adwares using Firefox NoScript extension
How to Block popup.adv.net and mtn5.goole.ws

Thursday, November 13, 2008

Blocking Adware with Firefox NoScript Add On

Last time we talked about blocking popups from popup.adv.net and wtn5.goole.ws. Thankfully Firefox has already solved this problem. Update your browser to 3.0.4 version to make it go away.

But in case another malware is irritating you. You can use the NoScript add on for Firefox.

To Install:
1. Go to https://addons.mozilla.org/en-US/firefox
2. Right now NoScript is the first add on you will find there.
3. Simply click on "Add to Firefox" button to install.
4. In case you did not find it, simply do a search for "NoScript".
5 . After installing it you will need to restart your browser.

What this Add on does is to strictly block Javascript, Flash, Java, and other plugin on all web sites. You will have to right click on the NoScript bar to find several options to unblock the site you are viewing. You can find more information from NoScript's official website.

However I don't recommend this solution because - you may have blocked the adware does not mean that it is no longer there. The best solution is still to remove the problem.

Related Links:
How to Remove popup.adv.net and mtn5.goole.ws - Final Solution
How to Block popup.adv.net and mtn5.goole.ws

Sunday, November 9, 2008

How to Block popup.adv.net and wtn5.goole.ws

Hello everyone. I have finally found a way to stop this adware/malware without using any third party browser add on. You can find the article I wrote here -> The Final Solution. Please be sure to read it so you can finally rid yourself of this problem. Read also the comments on this post where others have generously shared their solutions. - Temujin

There is something terrible happening on the web today and it has gotten more rampant this week. Unfortunately Microsoft, Mozilla, Google, Opera, Apple, and Adobe has no permanent solution for it at the moment.

If you visited several legitimate website and an ad from popup.adv.net and wtn5.goole.ws keeps popping up when you click on a link or image, then you have been a victim of "Clickjacking".

No anti-adware or malware program can remove this strain because it appears that it isn't actually in your computer. In fact, I have tried using a newly formatted computer and still this illegal advertisements keep popping up. Somehow this strain exploits DHTML and CSS. What It does is inject an illegal website into a perfectly legitimate website you are visiting. And then it renders this illegal website invisible so that when you click a link in the legitimate website, you are actually clicking a link in the illegal website.  

Severity This is a very serious threat because it could make you click a link that executes a code that can steal important information from your computer or install a software without your permission or worse yet a virus. Here is an article that may explain it better.

How to Block The only way to block this exploit right now is to use the NoScript add on in Firefox 3. But the process could appear tedious to casual computer users.
On my next post, I will explain how to install and use this add on.

Related Links:

How to Remove popup.adv.net and mtn5.goole.ws - Final Solution
How to Block Adwares using Firefox NoScript extension