Google 'Ads' problem on clients laptop

[Kitten Kong]

Hi everyone, I have a clients laptop which came in for a virus removal and tune up - Both of which successfully completed.

However when the client uses any browser (ie, ff, gc), and searches for anything, ie Ford, and when attempts to click on the first 'ad', ie ads related to X, he gets an error message of

Oops! Google Chrome could not connect to srch.atdmt.com

Or a search for jaguar brings up

Oops! Google Chrome could not connect to bs.serving-sys.com

All cookies have been removed complete, GC, IE, and FF have been put back to literally factory settings.

I have installed adblock + on ie, and ff.

It's only when he clicks on the ad links, ie google ads. All other searches function correctly.

Can anyone throw any light on this please?, I have googled till my eyeballs have literally popped, and am still stuck.

Many thanks

 

[PBComputer]

What happens if you disable Adbock. I've seen a a few odd issues with it on my system

 

[Kitten Kong]

It was doing this prior to the install of Adblock Paul. I thought Adblock would of cured it. Obviously not.

 

[nlinecomputers]

Obviously still infected. Need to review your virus clean up procedures because it didn't work. Need to check for proxy servers or hooks in your TCP/IP stack. A careful examination with process explorer running may give you a clue as to what file is trying to access the network.

 

[SilverLeaf]

I know some of the adblocking hosts files, like MVPS, block Google ads by default.

 

[nlinecomputers]

srch.atdmt.com is a known malware source.

Clicking on a google ad shouldn't be trying to access this. THe system MUST still have part of a redirection browser hijacker running that is being blocked by something else, presumably the AV program.

THIS SYSTEM IS NOT CLEAN.

 

[Kitten Kong]

Kaspersky and mbam pro are both installed, aspart of the removal/tune up.
It did have norton 360 installed, which was removed using their removal tool.

I've got the machine back in the workshop tonight, so will double check it first thing in the morning.

Scans ran include mbam, hmp, adw, comobofix, jrt, auto runs and manual checks. I would of thought that that combination would of cleansed any and all malware traces.

Only thing I can run now are otl. Poss dds.

 

[AndyM]

Don't recommend this very often, but I would run HiJackThis on the system. See what the search domains are set at, and then correct it from there.

Andy

 

[PBComputer]

Don't recommend this very often, but I would run HiJackThis on the system. See what the search domains are set at, and then correct it from there.

Andy

Yeah worth running hijack this. Can be a powerful tool.

 

[affinity07]

Hi

Check the MBR for an infection use ASWMBR and clean the MBR

 

[tf76]

Rkill before running scans?
Also run kaspersky live outside of os.

Regards,

 

[mraikes]

Well as long as we're tossing out scanner ideas, if you're fairly confident there are no more viruses or rootkits present, ADWCleaner can often mop up lingering browser related issues.