Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help with popup adultcameras.info

07 Mar 2015   #1
iconxt

Windows 7 Ultimate 64
 
 
Help with popup adultcameras.info

It started 3 days ago this popup kept appearing on firefox and chrome known as adultcameras.info . I tried everything from malware bytes and spybot S&D but nothing helped. I formatted my PC yesterday but strangely the same popup appeared immediately after visiting a few websites . I didnt opened any malicious websites nor downloaded any cracked software.Can anybody tell me what's happening?


My System SpecsSystem Spec
.
07 Mar 2015   #2
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Unfortunately, but rare, there is malware that can attach itself to the MBR, and even memory of some hardware that remains in the computer after a format. Experts in this area will be here to help soon. While waiting you may want to try scanning with ADW cleaner
AdwCleaner Download
After the format, what did you do, reinstall with a DVD, an image?
When you reformatted, did you do all partitions?
Did you visit that site before the popups started?
I would appreciate it if after your problem is resolved you let us know and tell us what action was necessary to stop the problem
My System SpecsSystem Spec
07 Mar 2015   #3
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Might be a good idea to run TDSSKiller to see if you have a rootkit. Some rootkits can survive a reinstall.

Note: When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.

Remove Adultcameras.info pop-up ads (Virus Removal Guide)
My System SpecsSystem Spec
.

12 Mar 2015   #4
iconxt

Windows 7 Ultimate 64
 
 

Quote   Quote: Originally Posted by richc46 View Post
Unfortunately, but rare, there is malware that can attach itself to the MBR, and even memory of some hardware that remains in the computer after a format. Experts in this area will be here to help soon. While waiting you may want to try scanning with ADW cleaner
AdwCleaner Download
After the format, what did you do, reinstall with a DVD, an image?
When you reformatted, did you do all partitions?
Did you visit that site before the popups started?
I would appreciate it if after your problem is resolved you let us know and tell us what action was necessary to stop the problem
After the format, what did you do, reinstall with a DVD, an image? - I used bootable DVD. Formatted c:/ and reinstalled.
When you reformatted, did you do all partitions? - No, i only formatted c:/, d:/ and e:/ remained intact.
Did you visit that site before the popups started? - I am not sure of the origin of this popup. But i am pretty sure i didn't visit any such website.


Quote   Quote: Originally Posted by Borg 386 View Post
Might be a good idea to run TDSSKiller to see if you have a rootkit. Some rootkits can survive a reinstall.

Note: When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.

Remove Adultcameras.info pop-up ads (Virus Removal Guide)
I tried Tdsskiller and other steps but nothing found.

One more thing i have noticed is that this popup is not very regular. For hours it doesn't show up and then it becomes quite regular. Stays pretty much inactive during morning and noon but becomes very active during night it seems.

Below is a screen shot of process list. Anything suspicious?

My System SpecsSystem Spec
12 Mar 2015   #5
iconxt

Windows 7 Ultimate 64
 
 

I didn't use Hitman 3 Pro until now and here's the log: Sorry for missing it.


Malware _____________________________________________________________________

C:\Users\icon\Downloads\YTDSetup.exe
Size . . . . . . . : 103,896 bytes
Age . . . . . . . : 5.9 days (2015-03-06 19:28:23)
Entropy . . . . . : 7.2
SHA-256 . . . . . : D20B0AEBB6BFB8AC7496D325C9A6FA0D71A17ED6FD9FDEAF8087D3A0786B5B8A
Product . . . . . : YTD Video Downloader
Publisher . . . . : GreenTree Applications SRL
Description . . . : YTD Video Downloader stub installer
Version . . . . . : 4.8.9.7
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:HEURownloader.Win32.Generic
Fuzzy . . . . . . : 99.0
References
HKU\S-1-5-21-1560840918-2128215864-809325102-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\icon\Downloads\YTDSetup.exe


Suspicious files ____________________________________________________________

C:\Windows\SysWOW64\MSCOMCTL.OCX
Size . . . . . . . : 1,077,344 bytes
Age . . . . . . . : 5.9 days (2015-03-06 20:25:43)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 185388FD2E9FA698C6A08BB98ADEF33156B5C01FCCBD830B6A92543D051242FA
Product . . . . . : MSCOMCTL
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Common Controls ActiveX Control DLL
Version . . . . . : 6.01.9545
Copyright . . . . : Copyright 1987-2000 Microsoft Corp.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
My System SpecsSystem Spec
12 Mar 2015   #6
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Go here, run this & lets make sure the MS software is valid, please post the results.

Genuine Microsoft Software
My System SpecsSystem Spec
13 Mar 2015   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
13 Mar 2015   #8
iconxt

Windows 7 Ultimate 64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Go here, run this & lets make sure the MS software is valid, please post the results.

Genuine Microsoft Software
I recently installed windows update hoping for a secure computer, but i got a message
'this copy of windows is not genuine'. But now i have got rid of the message. I thought your asking for a validation has something to do with that. This is what i get.

Enter a genuine Windows product key.

The product key used to activate Windows on your PC is already in use on another PC or has been blocked by Microsoft. Not to worry, we can help you with that.

Yes i know it's not genuine.


Quote   Quote: Originally Posted by Jacee View Post
I have removed ytdsetup.exe and the popup haven't appeared for today. But it's inconclusive that i am virus free.
My System SpecsSystem Spec
13 Mar 2015   #9
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Posted in our Forum Rules:
4) No piracy or discussion of piracy allowed at all. Such as software, music, videos and other intellectual property violations (e.g. downloading youtube videos locally etc).

Quote:
The product key used to activate Windows on your PC is already in use on another PC or has been blocked by Microsoft. Not to worry, we can help you with that.

Yes i know it's not genuine.
We cannot help you fix your pirated OS.
My System SpecsSystem Spec
Closed Thread

 Help with popup adultcameras.info




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
NET popup - what is it?
Virtually every time I boot my computer I get a popup the reads; "setup has detected that the .NET Framework version 4.5 needs to be repaired. Do not restart your computer until setup is complete". After a few minuted, the popup goes away. Apparently setup doesn't complete because it popsup whenI...
General Discussion
Processor info is showing wrongly in system info after changing MB
Yesterday I bought a new mother board for my PC my Processor model is AMD Athlon II X3 440 Triple Core Processor, but after changing Mother Board in system information it's showing my Processor as AMD Phenom II 4 B40 four core processor. I don't know why it is showing like this. Is this dangerous...
Hardware & Devices
Application popup: rundll32.exe \ Application popup: WerFault.exe
Hello. The reason for that is XWDock 5.6 . I'm using xwindows dock 5.6 under windows 7\32bit. When start OS, I get this messages in event viewer and desktop (see screenshots). After 10-20-30 minutes or 1-2 hour again get application popups with the same errors and popups. How to fix that? Any...
BSOD Help and Support
Wht is This Popup?
This popup ( as in attached screenshot) appears randomly in my desktop.I think it appears only when I am connected to net but I am not sure. When I click it Internet explorer Opens with my homepage but there is no indication of any login. I don't know its related but my homepage is being...
Network & Sharing
Wlm popup
when i upgrade window 7 previous build to a newer build, the wlm alert will pop out when i am playing a full screen WC3 game on the right bottom corner. And in the fullscreen mode, if i hover my cursor to there and click it, it make me go to window. has anyone encountered the same problem before?
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App