My computer is telling me I’ve been infected with ad-ware, however its only “working” on one website (so far anyway, lol). I’ve had Avast Home Edition run 3 scans to 100%. Nothing has been found. Any suggestions? Also can someone tell me how you get Avast to run its scan on startup? The scan that goes b4 the accounts are shown on the computer, with the blue screen in the backround.

Hi Huntr, welcome to the forum.

My computer is telling me I've been infected with ad-ware, however its only "working" on one website (so far anyway, lol).

Do you mean that Avast is warning of adware when an attempt is made to visit the site, or (as you posted) that your computer is warning you of this? I suspect the former, and if this is indeed the case, Avast will prevent the malicious component from opening, which will probably mean the site won't open. This is the webshield component, which will scan a site prior to connecting, and if something malicious is found, will prevent it being downloaded.

I've had Avast Home Edition run 3 scans to 100%. Nothing has been found. Any suggestions?

Yes. Don't visit that site again. ;D But seriously, (assuming my guess to the first part is correct) Avast has prevented the malware from downloading. There is nothing to detect.

Also can someone tell me how you get Avast to run its scan on startup? The scan that goes b4 the accounts are shown on the computer, with the blue screen in the backround.

Open Avast by right clicking the tray icon, and selecting "Start Avast.." Once the program opens, select the menu, and about halfway down will be the option "schedule boot time scan".

Also can someone tell me how you get Avast to run its scan on startup?

Open Avast by right clicking the tray icon, and selecting "Start Avast.." Once the program opens, select the menu, and about halfway down will be the option "schedule boot time scan".

Just to make sure there is no confusion, Boot Time scan occurs when you power on your system, so before windows loads. In my case it takes a while so I suggest patience. Avast has an automated scan when you open it but this only verifies key system files.

Also, the boot up scan occurs once and then has to be scheduled again for subsequent system startups. By this I mean that if you schedule one now, reboot the system, do the scan and then reboot again, on the second reboot and any after that, there will not be a scan. (you have to go through the procedure listed by Tarq57 again)

My apologies if I repeated something already known.

The website is a gaming website and is use for a game called: Rome: Total War, the website is 100% legit with no issues. However as of lately (the past week) ads have started appearing. The window closes and a pop-up (non-avast, looks like a fake windows window) pops up and starts “scanning” saying I’ve been infected with ad-ware. The website is not the issue, trust me lol. Been using it for more then a year and this just started happening. There is something to detect because its still happening. I will have Avast run a boot scan and I’ll see what happends.
Thank You

Ah. This is not your computer telling you you are infected. This is a rogue anti-spyware application. They are common, pervasive, tend to target gamers and those with security vulnerabilities, and some can be a right prick to remove.
You have so come to the right place.
Can you tell me/us any name that might appear with this “your computer is being scanned…” message, and is there any unusual icon in the system tray?
There are tools we can get you to run that might remove this, if Avast can’t. A boot scan is a very good place to start.

I suggest you download and run MBAM.

No because its not doing it anymore, lol. Avast is running a thorough scan- cant find the boot scan. The ads are still on the website though, so I have no idea what is going on.
No T, there are not unusal icons in my tray.

Couple of pics for you to help locate the boot scan setting. (Different skins, but the principle is the same.)
MBAM (as suggested by JTaylor) has a good reputation for dealing with this type of infection.
It’s likely the site has been compromised, or you’ve been redirected to another lookalike site, a browser hijack of sorts.

pic 2
PS: Any site can be hacked and be compromised. It’s even happened here. Do let the webmaster know.

Hi Huntr,

I can only strongly recommend Tarq57’s and Jtaylor83’s suggestion to download MBAM.

Here is link directly from the company’s website: http://www.malwarebytes.org/mbam-download.php

MBAM specialises in detecting and removing spyware and malware. It is NOT a substitute for a virus scanner.

In addition I can personally recommend Superantispyware (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE).

Think about it - a full scan with MBAM only takes around 45 minutes and with SAS around 1 hour. In under 2 hours you can markedly increase the chances (and piece of mind!) that your system is not infected.

I say that in addition to the Avast scans you have already run.

Another useful tool is Hijackthis if you suspect infection (http://www.trendsecure.com/portal/en-US/_images/tools/hjt_download_exe.gif). You can post your logs in this forum or on www.hijackthis.de for analysis.

Wait for expert advice though before fixing things with HJT. The gurus on this forum will be able to better advise you.

Hope that helps!

Avastfan1

I dl’d and ran MWB, it dected nothing. After I ran the scan, the website appeared to be clean, I got back on it today and its showing again. Far as the webmaster goes I have no idea who it is or how to find out.

MWB = Nothing
Avast = Nothing
SASW = 122 Items, all “removed”…rebooted computer, went back to website and it still shows.

Can you pm me the link to the website, please.
is SASW Superantispyware?

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

My guess that these are tracking cookies ?
A minor issue and certainly not one of security.

Personally I don’t think running any of the programs would make any difference to detections on a specific website. Yes perhaps if it were every site you visited or many sites, as those tools are looking for adware on your system that would effect more than just one site.

So we really need more information as in what was asked for in the first reply.
Full details of the detection, malware name, file name, location, etc.
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

A full url and we may be able to check it out, obviously is that requires logging in, etc. then that won’t be possible. edit the url changing http to hXXP so the link isn’t active/clickable.

@ Tarq57
Huntr can’t use the PM function as he doesn’t have 20 posts.

yea, SASW is Super…
I believe they where called “adware tracking cookies”…
hxxp://shoguntotalwar.yuku.com/topic/14457?page=108 is the link I am seeing the ads on (top right corner, 1st post). As I said the website is legit and is used for the game, Rome: Total War. I doubt very much its on their end.
I dont see a “warning section”.

@Tech
1). Done this 3x.
2). How do I turn on archive scanning?
3). Used Avast, SuperAntispare and MBAM.
6). I dont use system restore, if I need to restore I just reinstall windows.
7). I have Avast, SUPER, MBAM and PCTools Firewall + that should be enough. If its not, then I have no intent on installing more untill I fix this problem so I can find something thats going to work.

Ah. :-[
OK.

Huntr, strange, which are the symptoms? Seems you’re clean…

I’ve had a look at the site. Looks good as gold; no ads etc.
Had a look through the comprehensive privacy policy, too. An excerpt:

Yuku uses cookies to store visitors’ preferences and to record session information for purposes including: ensuring that visitors are not repeatedly offered the same advertisements; to customize advertising and Web page content based on browser type and user profile information; to estimate and report our total audience size and traffic; and to conduct research to improve our content and services. We do not link the information we store in cookies to any personally identifiable information you submit while on our site. You may be able to configure your browser to accept or reject all or some cookies, or notify you when a cookie is set—each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences—however, you must enable cookies from Yuku in order to use most functions on the site.

Please note that we permit third party advertisers who present advertisements on some of our pages to set and access their cookies on your computer. Advertisers’ use of cookies is subject to their own privacy policies, not the Yuku Privacy Policy. For more information about their separate privacy policies, you should contact the third-party advertising network directly.

This is the only thing I can think of that’s causing (or allowing) the advertising.
As part of the check I allowed scripts for all on the page (which includes google ad services and googleanalytics) and still no ads. Yet.

You could consider using an ad blocker and/or script blocker. Maybe you could contact other users through the forum. I see there are already a lot of comments about ads on the forum, so you are not alone.
This is a website issue, not an adware issue.
I have no idea what was causing the “your computer is being scanned” message, which certainly mimics a rogue, but it was probably a java-based advertisement. (And possibly one for a rogue product, but I wouldn’t know.)

[PS, a minor point, Superantispyware usually abbreviates to SAS.}

I am not getting “pop-up” ads or anything. Ads are appearing in peoples posts, what I am saying. Not in every post eaither.