Mysterious Website Popping Up Randomly

[RandomRestore]

So I'm not sure if this is the correct forum or even website to ask this, but this website's been popping up randomly from now to when I built my PC.

 

Here's the link: http://sh.st/AeotZ

 

and after clicking the "Skip this ad" button, it takes me to this page: http://www.symantec.com/connect/blogs/download-insight-sep-121

 

Any next steps? Thanks.

[Windows7ge]

I'd run a anti-virus scan. Malware scan too just to be safe.

[RandomRestore]

1 minute ago, Windows7ge said:

I'd run a anti-virus scan. Malware scan too just to be safe.

Ran Avast full system scan, says no threat detected.

[Windows7ge]

10 minutes ago, RandomRestore said:

Ran Avast full system scan, says no threat detected.

When does it happen exactly? When idling at desktop? In a browser? Does it happen when you click on links?

[BrinkGG]

2 minutes ago, RandomRestore said:

Ran Avast full system scan, says no threat detected.

Run malwarebytes. might find something. 

Also, if using chrome, check your extensions. Some of them bring adware with them. 

 

[RandomRestore]

2 minutes ago, Windows7ge said:

When does it happen exactly? When idling at desktop? In a browser? Does it happen when you click on links?

It just happens randomly, but not frequently. Like probably just once a day.

[RandomRestore]

2 minutes ago, Brink2Three said:

Run malwarebytes. might find something. 

Also, if using chrome, check your extensions. Some of them bring adware with them. 

 

 

Alright, I will. Do I run threat or full system scan?

[TheAmazingCookieFromSquare]

Malawarebytes

 

Most anti-virus don't pick up malaware unless you pay for one of those $90 ones but who pays $90 when you have Malawarebytes for free

[Windows7ge]

1 minute ago, RandomRestore said:

Alright, I will. Do I run threat or full system scan?

I'd do full system.

[BrinkGG]

1 minute ago, Windows7ge said:

I'd do full system.

Yep That

 

[RandomRestore]

13 minutes ago, Brink2Three said:

Yep That

 

 

Alright thanks, I will run it overnight and try to get results first thing tomorrow.

[RandomRestore]

Scan finished. Found a few PUP registry values. Removed them, restarted my computer, and if any strange website pops up, I'll let you guys know.

[RandomRestore]

No strange websites have popped up in the past two days, quite good news. Everything seems to be working quite nicely. If you guys can still see this, thank you!

 

However, two-days is a somewhat short period of time, so if an mysterious website pops up again, I will require further assistance, but you guys have still done a lot for me so I'm very thankful anyways. Have a good day!

[VeganPirate]

Just signed up to say I have the same issue (just downloaded Malwarebytes!), and have noticed that the issue is related to plugging my laptop in to charge!
 Each night when my battery gets low, I plug it in, then Hello! There's a new tab open.

[minibois]

29 minutes ago, VeganPirate said:

Just signed up to say I have the same issue (just downloaded Malwarebytes!), and have noticed that the issue is related to plugging my laptop in to charge!
 Each night when my battery gets low, I plug it in, then Hello! There's a new tab open.

Try all the steps mentioned here (Anti virus, malwarebytes) and you can also check your Chrome (or FireFox) extensions, maybe there is something malicious there.

[RandomRestore]

On June 30, 2016 at 5:54 AM, VeganPirate said:

Just signed up to say I have the same issue (just downloaded Malwarebytes!), and have noticed that the issue is related to plugging my laptop in to charge!
 Each night when my battery gets low, I plug it in, then Hello! There's a new tab open.

Might be related to bloatware that your PC came with, try using PCDecrapifier, a self-contained program that scans and removes bloat and crapware pre installed by the manufacturer of your PC.

 

https://www.pcdecrapifier.com

 

If this doesn't work, run a full system scan with malwarebytes and remove anything that shows up, unless you trust any of the results and know that it is a false positive.

 

Your last resort would probably be to go to a malware removal forum and ask there.

 

I don't really have too much experience with malware, but hey, welcome to the LTT forums. You will notice that the members of this forum are anything but toxic, and are pretty helpful guys. Hope you enjoy it here!

[manfred_exz]

I have the same problem, and manage to solve it . Here's the solution.

check if you have the following folder:  C:\ProgramData\Bonanza\

delete it.

under computer management - task scheduler

check if you have the following item "rundll", it runs every hour, disable it or delete it.

you should find the item "PPI Update", it's installed by KMSpico

it opens this website "http://insightlk.com/download/index.php?mn=9995"

which then jumps to "http://sh.st/AeotZ"

 

delete or disable this item

 

[imkinger]

On 7/14/2016 at 6:32 AM, manfred_exz said:

I have the same problem, and manage to solve it . Here's the solution.

check if you have the following folder:  C:\ProgramData\Bonanza\

delete it.

under computer management - task scheduler

check if you have the following item "rundll", it runs every hour, disable it or delete it.

you should find the item "PPI Update", it's installed by KMSpico

it opens this website "http://insightlk.com/download/index.php?mn=9995"

which then jumps to "http://sh.st/AeotZ"

 

delete or disable this item

 

You are quite the genius sir,Thank you for helping all the pirates in us.

[Skupples]

Yes, i'm necro because this dude has the best answer & i'd like to confirm it

 

paid malwarebytes isn't finding a damn thing (license via work don't hate) for me on win10, popup in chrome. 

On 7/13/2016 at 11:32 PM, manfred_exz said:

I have the same problem, and manage to solve it . Here's the solution.

check if you have the following folder:  C:\ProgramData\Bonanza\

delete it.

under computer management - task scheduler

check if you have the following item "rundll", it runs every hour, disable it or delete it.

you should find the item "PPI Update", it's installed by KMSpico

it opens this website "http://insightlk.com/download/index.php?mn=9995"

which then jumps to "http://sh.st/AeotZ"

 

delete or disable this item

 

this is what happens when your girl uses your windows profile. smh. 

 

in my instance the task is set to run @ 4:53 every day 

 

you'll most likely find other garbage you can delete from the task scheduler while removing this item. 

[Edwin Suen]

On 7/13/2016 at 10:32 PM, manfred_exz said:

I have the same problem, and manage to solve it . Here's the solution.

check if you have the following folder:  C:\ProgramData\Bonanza\

delete it.

under computer management - task scheduler

check if you have the following item "rundll", it runs every hour, disable it or delete it.

you should find the item "PPI Update", it's installed by KMSpico

it opens this website "http://insightlk.com/download/index.php?mn=9995"

which then jumps to "http://sh.st/AeotZ"

 

delete or disable this item

 

I specially registered to this website, just to say "thank you" to this dude. This problem is not big, but it's big enough to drive you crazy. And I just open the Scheduled Task on windows and found PPI Update, I manually run it and the pop up happened. So I'm nearly 100% sure that disabling it will solve this problem. 

[NotJude]

Root Kit?

[Keiji]

I stepping stone to this thread, although it is not very recent, for those who had yet to come across this problem (which is anything but uncommon)

 

JFYI, there's no need to run anti-malwares in order to remove sh.st junks.

 

Just check under C:\Windows\System32\Tasks and you have to find a task named as "PPI Update". It contains the following code:

 

    <Exec>
      <Command>C:\Windows\explorer.exe</Command>
      <Arguments>"http://insightcdn.online/download/index.php?mn=9995"</Arguments>
    </Exec>

That URL redirects to sh.st/AeotZ

 

Anyway using Malawarebytes Anti-Malware to perform a periodical scan is one of the basic rules to always keep in mind  

 

[Akolyte]

Odd how it directed to Symantec's blog, maybe they were doing it to make it seem like the malware wasn't really malware, even though that wouldn't work well.  

Glad it's fixed anyway, I would run a scan with Norton Power Eraser https://security.symantec.com/nbrt/npe.aspx  No matter what anyone says about Norton it's used widely in the enterprise, and works well, lately Symantec's signatures have been fantastic, and NPE (Norton power eraser) can scan for bootkits by loading before Windows does.  This is pretty important.  

 

While it's rare you have anything beyond this basic shitty junk on your system which was removed, A lot of malware actively downloads other malware to your PC such as this, it's possible that the malware was removed previously or that the malware was downloaded and then the executable for the downloader deleted itself and used a registry key instead of a data file or executable file which would have been more obvious and less effecient.  

 

I know this isn't much help, but I hope it.  Just look out for malwarebytes too, it's good but it's not a fully fledged antivirus, and is not a scanner that I would suggest against serious malware,  good for home use though.  

[RandomRestore]

On 24/11/2016 at 5:23 AM, Mike_The_B0ss said:

Odd how it directed to Symantec's blog, maybe they were doing it to make it seem like the malware wasn't really malware, even though that wouldn't work well.  

Glad it's fixed anyway, I would run a scan with Norton Power Eraser https://security.symantec.com/nbrt/npe.aspx  No matter what anyone says about Norton it's used widely in the enterprise, and works well, lately Symantec's signatures have been fantastic, and NPE (Norton power eraser) can scan for bootkits by loading before Windows does.  This is pretty important.  

 

While it's rare you have anything beyond this basic shitty junk on your system which was removed, A lot of malware actively downloads other malware to your PC such as this, it's possible that the malware was removed previously or that the malware was downloaded and then the executable for the downloader deleted itself and used a registry key instead of a data file or executable file which would have been more obvious and less effecient.  

 

I know this isn't much help, but I hope it.  Just look out for malwarebytes too, it's good but it's not a fully fledged antivirus, and is not a scanner that I would suggest against serious malware,  good for home use though.  

I ran a scan using NPE and did find a few files, but I'm guessing that they were false positives since I have memory of installing those applications and when I uploaded them to VirusTotal, they looked for the most part; clean. I did find a problem with a file called HOSTS in a subdirectory in the \Windows folder, but I have past memory that I edited that file to block additional IPs, since I didn't want Windows to be tracking me.

[khalidZ]

I was having this problem for a long time looking for a solution to it, and now I found in your page and thank you to the person who placed the solution member manfred_exz he is my hero.