Skip to main content

How to remove popup.adv.net and mtn5.goole.ws - Final Solution

I usually have no problem dealing with trojans and malwares but this one proved to be the hardest one yet. Because it operates in ways we don't expect. Usually trojans operate within your PC but what if the exploit is hosted somewhere else on the web.

Woah! This took a week. Thanks to the people who commented on this blog. I could not figure out this solution without all of you who bounced your ideas here.  

Anyway, lets get rid of it.

1. In the Windows menu go to Start>Run

2. Type cmd

3. This will fire up the command window

4. Type ipconfig /all

5. This will display the actual configuration of your LAN card. Pay particular attention to the DNS entry. In my PC I got three entries: 0.255.122.15 85.255.112.156 1.2.3.4 Two of these entries are not correctly formed while 85.255.112.156 is the DNS address of the exploiter. A proper DNS entry given by your ISP should look something like - 58.69.254.143

6. Type ipconfig /release

7. Then type ipconfig /renew

8. Then do an ipconfig /all again to check that your DNS settings have been corrected.

This should be okay if you are directly connected to the DSL modem but what if you are connected to a router. Then you have to correct the settings in your DSL router first before you correct the settings in your LAN card. In my case I have a Linksys router. What I did was fireup the browser based administration module of Linksys. And then I had to set all the static DNS settings to 0.0.0.0. Then I also did a DHCP release and DCHP renew there. And then I corrected the entries in my LAN card. After that you can use your browser normally. You won't be needing the NoScript add on anymore.  

So how did the attack happen?
I must have gotten a trojan from one of the websites I visited. That trojan then modified the DNS settings of my LAN card and even my DSL router. When the advertisements started popping up I did malware and trojans scans. I was able to remove them but it was already too late. My DNS settings have already been modified which was the last thing I expected a trojan would do. What happens then is that whenever I visit a website. The exploit DNS entry will direct me to popup.adv.net and mtn5.goole.ws server first before it redirects me to the website I wanted to visit originally. It then fires advertisements at random times. It is solved now.

But we all got one big problem. During the exploits we were using hosted email clients and some of you probably visited your bank or credit card sites. And during that time our traffic were being filtered by an exploit server. Ouch! Atleast now you know and you can start taking the necessary steps incase someone would try to abuse your important accounts.

Related Links:
How to Block Adwares using Firefox NoScript extension
How to Block popup.adv.net and mtn5.goole.ws

Comments

PB said…
I'm afraid this did not work for me (no router).

It might be better that people
(1)actually open the internet-connection adapter and go to TCP/IP properties and manually remowe the hijacked DNS server address, then

(2) execute the netsh command that was suggested in the blog entry where this blog entry comes from (the original post)

Cheers:

P.
Unknown said…
Finally.. someone with a clear answer to this problem. I'm going to try all this asap. I'm VERY concerned when you mentioned the possible compromising situation we might be in with financial sites. How / what exactly can these things scrape from one's browsing sessions?
Unknown said…
i used the cmd ipconfig /flushdns
because i could find anything weird in my router. now im finaly free from these spammers!
I checked the dns setting in tcp/ip properties and it was set to some unknown tcp servers. I manually set the tab to automatic and things are fine now
Anonymous said…
I've tried this but it doesn't work. When I open the ipconfig again, the DNS servers are the same. I've downloaded Malwarebytes but it takes so damn long to do even a quick scan. Could my problem be worse?
Unknown said…
Hello everyone,

I had the same problem for the last few days and yesterday I finally fixed it.
I was unable to update any antivirus or antispyware program including Windows Update. And just after I would close Windows Update I would get this pop-up window with mtn5.goole.ws in the title. Pretty annoying.
What I did yesterday is that I disconnected from Internet, shut down my router and reset it.
Then I run Malwarebytes’ Anti-Malware which found 14 entries. Most of them had name Trojan.DNShijacker and Trojan.Vundo.
I removed all of them successfully, reboot the system, scan it again, reboot again and then turn on the router and connect on Internet again.
Finally I was able to update my antivirus and Windows Update and hopefully it means I cleaned my PC from this problem.
Unknown said…
thanks, the solution of changing DNS entry worked.
Bonjour,

thanks for your help. Your solution work.

A bientôt
Temujin said…
Your welcome guys. I'm always glad to help.
Anonymous said…
How to remove mtn5.goole.ws and popup.adv.net Malware

http://www.tips29.com/2008/11/how-to-remove-mtn5goolews-and.html

Popular posts from this blog

How to Backup Your Blogger/Blogspot Blog

There has been a lot of times when my entries here magically disappeared costing me several months of work. Fortunately, there is now an easy way to backup Blogspot blogs. In your blog's control panel, if you look under the Settings tab, you will see Blog Tools section. Beside it you will see an option to Import Blog, Export Blog, and Delete Blog. Export Blog will allow you to save the contents of your blog in your hard disk. Import Blog will allow you to restore a previously saved copy. Related Link: To Begin Again

GIMP: How to Enable Wacom Pen Tablet

If you are doing digital graphics in Gimp, whether painting or simply drawing, it is best to use a pen tablet. Wacom is a recognized brand when it comes to pen tablets. Gimp does support it but it is not enabled by default. How to Enable Pen Tablet Support 1. Launch Gimp using your pen tablet. Don't use the mouse to launch Gimp. If you do, Gimp won't detect it. 2. In the menu click Edit>Preference. 3. On the list click "Input Devices". 4. Click "Configure Extended Input Decives". Here is where Gimp gets weird. If you started Gimp for the first time using a mouse, it will say there are no available input device. But if you launched it using the pen tablet, you will see "Wacom Tablet Pressure Stylus" and "Wacom Tablet Eraser" . 5. Click the Close Button 6. Click "Save Input Device Settings Now" so that the pen tablet will still be supported when you launch Gimp next time.

LED Monitor Review: LG FLATRON E2041

My Old AOC CRT Monitor began to show signs of dying. It would occasionally black out for a few seconds. Sometimes lightning streaks  would run across the screen. I bought that monitor way back in 2006. It served me well for 5 years. It was very durable and AOC is a good brand. And so I had no choice but to buy myself a new monitor. I would have preferred another CRT Monitor but they were no longer available. Even the more recent LCD screens are being phased out in favor a the newer LED monitors. LG FLATRON E2041 (This was not my first choice but it was the next best thing available in the computer store I visited). 1600 X 900 Resolution (16:9 Aspect Ratio) Contrast Ratio: 5,000,000:1 Brightness: 250 Cd/m2 Dimensions W/Stand (WHD): 17.44" X 13.78" X 6.54" My Feedback This monitor comes with two connectors VGA and DVI. It comes with a CD that is supposed to contain the manual and monitor drivers. However, when you install the monitor driver contain