LinkBucks adware - how to remove?

Hi forum friends,

Page opened up: htxp://a1b08eb4.linkbucks.com/

How to get this from your computer? Blocked it with NoScript,

polonus

Did you get this from surfing a hacked site…? http://wordpress.org/support/topic/377664
Or did you mean it opens from your pc? Check your hosts file!
Or didn’t i get your question right…?
asyn

polonus+infected pc=CONFUSED ??? ???
what is the question,or what do you mean :-\

Yes, i wonder, too. :frowning:
But it can happen to all of us unexpected…
asyn

Hi Asyn,

It appeared from a site that was apparently hacked, and the redirect would now go exclusively via the LinkBucks. I had NoScript and RequestPolicy installed in that browser, so I had an escape, and I found later that ABP+ is just being circumvented by it (I had ABP+ there too).
Sometimes one can get LinkBucks re-directs through a Conficker worm infection, but there avast would have alterted. What I did is block LinkBucks in NS and RP, also checked the SpywareBlaster snapshot. That did not find any changes to the last time the snapshot of my Vista OS settings was made, I looked for specific dll’s, nothing there, nor anything out of the ordinary seen to processes in Process Explorer. This is closest to what I experienced the Rapidshare annoyment:
http://www.technize.com/remove-waiting-time-in-rapidshare-and-other-sites/
SkipScreen, a free firefox extension, comes to help here. SkipScreen is a firefox extension that bypasses the waiting time on Rapidshare and many other sites. The list of sites is given below:

zShare
Mediafire
Sendspace
Sharebee
Rapidshare
Megaupload
DepositFiles
Linkbucks
Link-protector
This add-on is controversial Re: http://www.maximumpc.com/article/news/mediafire_not_too_happy_about_skipscreen_firefox_addon

polonus

I wish it is just an annoy made by download websites.
anyway we all get some of those from time to time

Hi superhacker,

It is annoying. Here is a removal script for those that have it on their websites:
http://userscripts.org/scripts/review/56273

polonus

thanks :wink:

Hi Superhacker,

Here you have this same code compressed:

var url=document.URL.split("url/")[1];window.location=url; 

pol

Hi D, good you could catch it early enough…!! :slight_smile:
(Malware Domains Filter Abo for AB+ http://malwaredomains.lanik.us/malwaredomains_full.txt)
asyn