Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, Washington, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to remove Ads by CheckMeUp?

    Yesterday I began getting inundated with ads from a service called Ads by CheckMeUp. Its affected firefox and chrome. All my searching for a removal tool has been in vain. It seems like there are a ton of websites offering to remove it for a fee but all these websites, no matter their name, point to one of a few services. I tried Malware Bytes but that doesn't work. Right now, my browsers are almost useless.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    See what AdwCleaner can do for you http://www.bleepingcomputer.com/download/adwcleaner/

    Click on Scan and it may list some items in the lower window which you can uncheck if you want to keep.

    When the scan has completed click on Report and it will show you what it has found - if you're happy with what it will then delete, close the report and click on Clean.

    It will produce another report after the reboot.

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  4. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,798
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Detailed removal steps can be found here:
    http://malwaretips.com/blogs/checkmeup-removal/

    Jerry

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, Washington, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the ideas. However, none of them worked. Still getting lots of adds coming through. Any other advice?
    2014-12-08_13-52-17.jpg

  6. #6
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,798
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Did you follow all the steps in my link including cleaning up the browser settings? Also try a system restore to a date prior to the infection.


    Jerry

  7. #7
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    Did any of the tools you used pick up any CheckMeUp items ?

    Do you still get the ads when you boot IE without add-ons ?

    Try a scan with ESET Free Online Scanner and use IE to download it. http://www.eset.com/us/online-scanner/

    Click on Advanced and check all of the boxes except the proxy one - check the box to auto uninstall when done then disable your AV immediately before you hit the Scan button.

    This will take a while to run but it's thorough.

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, Washington, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've tried them all. Just keeps coming back. Interesting, I keep getting the following popup about every five minutes or so.2014-12-08_16-24-01.jpg

  9. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,798
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Try running in a clean boot environment with the exception of any Malwarebytes entries and see if you still get the popups.
    http://support.microsoft.com/kb/929135

    Jerry

  10. #10
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    As it's Outbound, looks like something is phoning home - give ESET a run.

    Stick 5.153.38.134 in http://ip-lookup.net/ for more info by clicking on the lower links on the web page.

  11. #11
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Charlotte, NC
    Posts
    132
    Thanks
    1
    Thanked 19 Times in 18 Posts
    Click exclude website when you that MalwareBytes popup.

  12. #12
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,157
    Thanks
    31
    Thanked 307 Times in 267 Posts
    Quote Originally Posted by cederwall View Post
    ...I keep getting the following popup about every five minutes or so...
    WHOIS lookup of 5.153.38.134 - screenshot of results webpage:
    WHOIS.jpg
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  13. #13
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,157
    Thanks
    31
    Thanked 307 Times in 267 Posts
    Quote Originally Posted by Sudo15 View Post
    As it's Outbound, looks like something is phoning home...
    Sorry Sudo15, I didn't notice your #10 post until after I submitted my #12 post.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  14. #14
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,157
    Thanks
    31
    Thanked 307 Times in 267 Posts
    Quote Originally Posted by cederwall View Post
    I've tried them all. Just keeps coming back...
    Sounds to me like you have a "rootkit virus" infection.

    Especially during the past six months or so I am seeing more-and-more customers' computers that are infected with the same kind of unwelcome guest(s).

    I usually run a series of scans with MBAM, Spybot, ADWcleaner, and (maybe) HitmanPro. If those don't evict the unwelcome guests then I resort to ComboFix.

    The procedure I use is:

    1. Uninstall any resident AV/AS programs (ComboFix might not be able to do its job properly if there are AV/AS programs installed, even when CF is run in Safe Mode).

    2. Download ComboFix and Old Timer Cleanup to your Desktop.

    3. Reboot to "Safe Mode with Networking".

    4. Double-click ComboFix.exe to run it. Follow its prompts carefully (don't try to shortcut it). The scan might take anywhere from ten to 30 minutes, sometimes more, and ComboFix will probably reboot the computer automatically; don't interfere, just let CF do its thing. Once CF has finished its logfile fill be displayed in Notepad; advise you to save the log somewhere for later reference; the section of interest is the uppermost "other deletions" section - often there will be three to 20 or more entries for rootkit files/entries that have been deleted.

    5. Run OTC (Old Timer Cleanup as in 2. above) to clean up after ComboFix (ComboFix has an uninstall switch but OTC is much easier). OTC will ask to restart (choose yes), and the computer will restart to Normal Mode.

    6. Run follow-up scans with MBAM, Spybot, ADWcleaner, etc., to remove any residues.

    7. Check your browsers' settings (homepage, add-ons/extensions, etc.. Once you are confident the unwelcome guest(s) have departed, re-install your security programs.
    Last edited by Coochin; 2014-12-09 at 02:51. Reason: minor corrections
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  15. #15
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    I'd be wary of using ComboFix as it's a professional disinfection tool and you need to know if it is safe to remove what it finds.

    I ran it once just to give it a try and it snagged one file which I gave it the go ahead to delete, just to find it was a system file and there were quite a few complaints from others from Googling the file albeit too late and I needed to restore from a system image.

    I would advise using ESET Online Scanner for an in depth scan.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •