0

My PC has been infected with a malware that opens pop-up to some ads, mostly in my native language (Persian) but from (wonderlandads.com), when I click on a link or in an input box in StackExchange websites. Interestingly, it just occurs for these websites and no other website! It occurs in both Firefox and IE

I scanned my computer with NOD32 7.0.2 , and some freeware malware scanner (kaspersky tools,...), but they couldn't find it. I reinstalled the Firefox and disabled startups but couldn't fix it.

What is the cause? and what can I do?

How it can hide itself from powerful antiviruses and anti-malware?

==============

Update It seems I could handle it by killing running processes and refreshing the firefox.

Ahmad
  • 307
  • 1
  • 3
  • 19
  • Are you sure that your PC is infected? It might be your router instead. See http://www.pcworld.com/article/2926312/large-scale-attack-hijacks-routers-through-users-browsers.html or http://www.darkreading.com/attacks-breaches/home-routers-being-targeted-in-dns-hijacking-attack-trend-micro-says/d/d-id/1320634 – Steffen Ullrich Dec 13 '15 at 11:04
  • @SteffenUllrich I use ADSL in two cities, I have different modems and connect to different ISPs, but in both places, I have this problem, then it must be in PC, In addition recently I tried to install some cracker and key generators programs for Sony Vegas, and I think they are the source of problem – Ahmad Dec 13 '15 at 11:10
  • Your question doesn't seem to be about information security, but just about your malware problem – Beat Dec 13 '15 at 11:25
  • 1
    You should buy software instead of using cracks, they are often infected and have backdoors. You get what you pay for. Scan your PC with some Live CDs and from safemode eg with Malwarebytes and others. You also did not provide enough information like the name of the process of the malware. –  Dec 13 '15 at 11:28
  • 2
    I cannot understand the trust you have into cracked software. It is more likely that this is the source of your problem than the cure. – Steffen Ullrich Dec 13 '15 at 11:28
  • @SteffenUllrich I have no payment method to buy such software as I am in Iran, however there are trusted local (Iranian) websites which offer cracked version or key-generators for them. I have many of them with no problem, but I downloaded a key-generator from an international suspicious website, which caused the problem. – Ahmad Dec 13 '15 at 16:24
  • @Beat You can consider this question as a question about why a malware is not detected by antiviruses. – Ahmad Dec 13 '15 at 16:28

1 Answers1

0

In this link, you can find the details about removing Wonderlandads pop-up malvare.

Briefly:

  • Kill running process by task manager (especially suspicious ones)
  • Uninstall recently installed programs (especially cracked and suspicious ones)
  • Disable suspicious programs from start up.
  • Reset your web browser.

As this pop-ups occurs only for the websites of StackExchange, I cleared the cache items related to *.stackexchage.com as it is in How can I clear a single site from the cache in Firefox?. Now the problem has been resolved without any restart or killing a process. Then I guess some client-side scripts were infected and by removing them you can solve the problem.

Community
  • 1
Ahmad
  • 307
  • 1
  • 3
  • 19