Breaking News

Thursday, December 1, 2016

Malware removal: liveadexchange,, smartnewtab, cpmofferconvert

Keywords: removal, removal, removal, removal, removal, removal


Web browser randomly (almost on every mouse click) being redirected to a different site. When infected with this mal(ad)ware, advertising banners are injected with advertisement hyperlinks, browser popups appear which recommend fake updates, AdBlocker(plus) or other addons does not work.

Took me a while (~an hour) but finally nailed it.

Quick steps (if in a hurry, and tired of looking around!)

  1. Start-->run-->Regedit (admin mode) 
  2. File menu-->Edit-->Find 
  3. Find what: 
  4. Look at (checkbox): Data 
  5. Click on Find next button (or F3) 
  6. Delete whatever you find; I found 4/5 locations. 
Once done, under internet options (control panel)-->connections tab, remove all proxy/settings.

Interesting detail

  1. Its hidden in hex so you wouldn’t really (usually) look at that. 
  2. Keys to look at: 
  • DefaultConnectionSettings, 
  • SavedLegacySettings 
  • Folder: ManualProxies 
  • AutoConfigProxy 
  • AutoConfigUrl 
  • Value: 0 (Did you notice, that url starts with a zero?) 
  1. Popular redirects 
  • a. 
  • b. http://get.easyvpn. biz/jdmnXmaN8QM%2Bkr1eeMy/JnzjvCMv8eo%3D 
  • c. http://www.smartnewtab. com/watch?key=0cdb16b7667982280fbb05007a35eb39 
  • d. http://cpmofferconvert. com/out?zoneId=968177&htatb=1 
  • e. http://trk.servedbytrackingdesk. om/579722c14a90a4640e4b6e7d/go?t=01580d5b47e8088f01000001&


Have a happy day!

1 comment:

  1. Needed to compose one little word yet thanks again for the suggestions that you are contributed here...
    Best Online Software Training Institute | Salesforce CRM Training


Designed By Published.. Blogger Templates