[SOLVED] Can't Remove Browse Ignite Adware

M

MichaelsComputerServices

Member
Reaction score
7
Has anyone ran across this adware? I've tried all of my tools- MBAM, Rogue Killer, JRT, Adwcleaner, Hitman Pro, and it's still there. Nothing in Autoruns shows up suspicious. There isn't any entries in Add/Remove programs, no services or running tasks. Revo Uninstaller doesn't show anything different than windows. This happens in Chrome and Internet Explorer. I've reset and checked extensions and addons in both browsers and it still comes back. The symptoms are it'll hyperlink certain text in the browser that shows ads (at bottom says "ads by BrowseIgnite) and when you click on certain spots in a webpage it'll open an ad. Windows 8.1 Pro. Any ideas?
 
Last edited:
Don't forget to check the shortcut's properties and make sure that there is nothing appended onto the run command.
 
The ads are the only strange behavior? What did you use to check running processes? If you haven't, try Process Explorer.

Example:
The last cleanup I did that just seemed to hang on like this, internet explorer just kept launching by itself, but there were no odd files running. Used Process Explorer to watch and noticed an extra rundll32 would start up right before the flood of iexplore.exe. Froze it in Process Explorer, then filtered it in Process Monitor. That led me to some broken javascript in a registry entry attached to the rundll.

Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645
 
You sure you don't have a rootkit that you've missed if you've done all the other stuff?

Not saying this tool is end all to end all but have you tried Rogue Killer? I second checking the control panel. If you have licenses for avast, it allows you to create a bootable usb or cd to run scans from. Think I'd consider that also.
 
Have you checked the actual registry manually yet?HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\Run

Try to run with a portable browser and see what occurs.
It seems to me to be a fake Java install issue.
Try remove Java then reinstall from legit site.
 
Last edited:
* Is iexplore running when there's no windows open?
* Chrome cleaner: https://www.google.com/chrome/srt/
* Can you export an Autoruns list?

From what I've been seeing lately, I'd be more inclined to think there's a proxy in the mix -- if both browsers are clean and the ads are being injected into the page.... Hitman Pro is pretty good at spotting proxies but have you run it in Safe Mode w/Networking?
 
Check the wireless router to see if the DNS entries are corrupted. Happened to me a couple months ago and I tore my hair out trying to remediate it. (Check my previous posts...)
 
I finally got it. There was a registry entry at HKLM/Software/Wow6432Node/Microsoft/Windows NT/CurrentVersion/Windows/Appinit_Dlls pointing to a file in C:/Program Files x86/Common Files/System/1051/biapp.dll that was causing it. Once I removed the entry and renamed the files it went away!
 
MichaelsComputerServices said:
I finally got it. There was a registry entry at HKLM/Software/Wow6432Node/Microsoft/Windows NT/CurrentVersion/Windows/Appinit_Dlls pointing to a file in C:/Program Files x86/Common Files/System/1051/biapp.dll that was causing it. Once I removed the entry and renamed the files it went away!
Click to expand...

What led you to that entry?
 
You must log in or register to reply here.

Similar threads

Appletax
[TIP] Best Program Uninstaller?
Replies
15
Views
4K
Appletax
Appletax
M
Ads by BlockandSurf
2
Replies
22
Views
3K
PaulTech
PaulTech
S
Google Chrome driving me nuts!!!
Replies
5
Views
1K
sorcerer
S
Xander
[FYI] New infection(s)
Replies
4
Views
3K
Xander
Xander
S
[SOLVED] Problems after malware removal
2
Replies
22
Views
3K
sorcerer
S
Back
Top