Pop-up windows and messages (popandery) in all browsers

By | 24.04.2016

Pop-up ads on all sites in the browser — a virus!

More recently, Internet users began to pursue a new kind of virus — a pop-up advertising on all sites, including on Yandex, mail and other popular and not very sites.

It looks as follows: after opening any site, for example, Yandex, Maila, VKontakte, Odnoklassniki, etc. after a short time pops up ads. Often this ad quite obscene. Examples are shown below.

virus - advertising in Yandex

a new virus - pop-up advertisements on all sites

It should be noted that the advertisement pops up on all sites and not just on social networking sites and search engines. What does this mean? The fact that the problem is not in the hosts file . If you scan your computer Antivirus, and in this case, nothing will change. Often, advertising and messages displayed in browsers on all computers in your home network, including tablets and MacBooks.

Anyone who is faced with such a virus for the first time will be very puzzled. So I spread the instructions to remove.

The operating principle of the virus

The principle of the emergence of advertising banners and messages in the browser is simple. Initially, the infected computer runs a Trojan that changes the DNS-server address on the computer and the router to the «viral». In the future, when you try to go to any site, you get to the «viral» proxy site, where content is added to the pop-ups and advertisements. As prescribed in the wrong DNS router, the ads on the websites appears on all devices connected to the Internet through it.

Often Trojan remains in the infected computer system. This leads to the fact that when you migrate a router from this machine an incorrect DNS-server address automatically re-registers in it.

How to remove a virus «pop-up ads»

Actually remove the virus is not so difficult. The main thing to know what and in what sequence to do. The virus is spread through the network, rather propisavaetsya the router. MacBook and tablets often do not require any additional actions other than reconfiguring the router, but the computer-peddler infection based on Windows requires cleaning.

To work need a free virus scanner DrWEB CureIt and curing utility the AVZ . You must first download the utility on the flash drive on an uninfected computer. Let’s get started.


1. Cleaning systems.

First of all, the system must be cleaned of debris and check for viruses. To do this, boot the system in safe mode and run the AVZ utility as administrator (right click -> Run as administrator ). The AVZ menu, select the menu FileSearch Wizard and troubleshoot problems .

In the window that appears in the menu category of problems , select the System Cleaning , SeverityAll problems . Now click Start to search for problems.

In the list that appears, select the items: Clear TEMP folder, Adobe Flash player — Cleaning of temporary files, Macromedia Flash Player — cleaning caches, cleaning baskets, cleaning temp system folder, as well as clearing the cache of presence in the browser list (Internet Explorer, Google Chrome, Opera etc.). Now you need to click Fix problems noted . You may need to reboot to complete the cleaning (this will be discussed in the report). We need to boot back into safe mode.

Now you need to run a quick scan utility CureIt.

After scanning and disinfection of detected threats must start the computer in normal mode.

2. DNS settings on the computer Check

Click on the icon of the local network in the right side of the taskbar, and click Network and Sharing Center.

In the new window, click Change adapter settings .

Right-click on the icon Local Area Connection and select the context menu Properties .

Select Internet Protocol Version 4 (TCP / IPv4) and click Properties.

If the computer is connected directly to the cable provider and provides manual adjustment of the IP address, you should verify the DNS-server values provided by your ISP settings.

If the manual setting is not available or your computer is connected to the router, check Get DNS-server address automatically .

The figure shows the changes made by the virus. DNS-server installed address redirects the browser to sites with banner ads.

After changing the settings, click OK. Now you need to check the settings for a wireless connection (if any) in the same way.

3. Reset the DNS cache

Go to the Start menu and in line   Search programs and files , type the cmd . Right-click on Command Prompt icon and select Run as administrator .

In the command prompt window, type ipconfig / flushdns and press Enter. Then close the window.

4. Disconnect the browser add-ons

Disconnect the computer from the local network. Now disconnect all unknown add-in browser and check the home page. Do this in all browsers installed. Now reconnect the computer to the network.


5. Setting up the router

Reset the Router Reset button on the back of the router. Typically, this should hold it for 7 seconds. After loading the router to re-configure it in accordance with the provider’s settings.

Now check the operation of browsers. Sometimes it is necessary to re-install Opera, so that it is no longer a pop-up advertising. To do this, you need to remove it via the Task Panel — Programs and Features. When removing a tick should be put on the item Delete user data .

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *