For the last few weeks I've had the following happening, using Windows 8.1 and Firefox V44. The only active add-ons are Adblock Plus, Flashblock and Norton Identity Safe:
- First, Norton Internet Security (which assures me that all is green ticked and hunky dory in security-land) alerts me that there is a large amount of outbound traffic detected. It asks me if I want to run Power Eraser. I did this twice. Power Eraser's total contribution to safety and security is to get its knickers in a twist over the old Office.exe tool (left over from circa Office 2000, which I allowed it to remove) and the Registry setting that allows profiles to be loaded in Powershell. I haven't bothered using it again since.
- Edit: As an infuriating aside I tried to run a full scan with Norton, but it refused to. I selected Full Scan, selected Go, and nothing happened. Nor could I bring up its options. In the end I ran Norton's diagostics and found that it recommended reinstalling the thing. Great, it shows me oceans of "All OK Here" green, and it didn't even know that it wasn't running properly.
- Suddenly Firefox will start alerting me that some obscene number of pop-up windows have been blocked.
- Some will still sneak through, typically alerting me (complete with details of my network connection) that I "have pop-up windows enabled!" and that I should contact people who will "help" me with this. Others are supposedly site surveys from the site that I'm on which, oddly, all look the same even when relating to completely different web sites.
This seems to be an order of magnitude worse when looking at one particular site; smh.com.au.
I suspect, but am not certain, that the pop-ups that slip through have something to do with this Flash element pointing to //partners.cmptch dot com that has introduced itself onto the page:
Throughout the page I find that certain words have become clickable, always "powered by DNS Unlocker", like so:
Frequently, the browser will lick up running scripts pointing to Akamai:
The following is, in detail, the part of my question that is different to the "How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?" one.
Here's the ridiculous part. Somebody, somewhere, must know how this thing is doing what it does. But I can't find that information. Every web search yields links on how to "fix" adware. Invariably these turn out to be links to download "The World's Best Anti-Adware Software, Ever!" which will magically fix this for you. On the occasions that there is a so-called "manual" fix it involves removing search engine entries (of which I have no non-standard ones) or the home page (which is still set to the Firefox default) or resetting the browser (which I have already done, setting Firefox back to its factory defaults before adding back the two add-ons mentioned above.)
In desperation I finally succumbed to using an anti-adware tool which was recommended by a number of PC magazines; AdwCleaner v5.032.
This is what it did:
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\SysWOW64\vers
...
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\.bdcm
[-] Key Deleted : HKLM\SOFTWARE\Classes\.bdcr
And the result of that? Absolutely nothing, as soon as I opened Firefox and went back to the SMH site, the whole business began again.
So in further desperation, I'm now here hoping that someone whose knowledge of servers and browsers and HTML and such is vastly greater than mine can give me some idea of how this is happening, and what I can do to drive a wooden stake through its heart once and for all.
To be completely clear... A link is inserted into the body text of a web page... How? A Flash component is inserted into such a page (assuming that that's what's happening here)... how? A script that may not be part of the real page content is run... how? In short, what is the mechanism by which these infections occur? It's for certain that it isn't just the wastes of protoplasms who spread viruses who know this kind of thing. People who fight those viruses must have put in some effort to understanding the mechanisms, and therefore how to defend against them and defeat them, as well.
