Why I concluded that Goadvs.com malware may be connected to Sitementer.com
Last week I found that I was affected (but not necessarily “infected”) with a browser hijacking malware. Occasionally I’ve found that published documentation of a computer bug is inadequate and so, for that reason alone, I am publishing details of my experience here. This post might be useful to others but I make no implications that I have any skills or am offering any service in this field.
When I type a domain it redirects me to another junk advertising site within a few seconds. It renders the browser useless.
– The malware affected multiple browsers (Chrome, Edge, Internet Explorer).
- The malware affected both of my PCs. It did not affect my iPad running Chrome browser.
- The malware affects all of my 20+/- web sites but does not affect other web sites. (I was unsure of the reason but realized that either it was something on my server side sites or the cact that they are 100% html and other sited I checked for comparison were not).
Initial Steps with Eset
I re-ran Eset SmartSuite (supposedly one of the best of its class) and it detected no problem
I put in a service request to Eset and was prepared to pay them for removal assistance. But Eset did not respond within one business day as promised, perhaps due to a staff shortage before the Christmas holiday.
As I write this on December 27, I have still not heard back from Eset. Holiday or not, three days is a long time to wrestle with an essential PC problem. I now know that I can’t count on this service 100% of the time.
I got advice from Microsoft site http://answers.microsoft.com from
MVP: 2004 ~ 2010
2014 ~ Present
Imperial Beach, CA
Downloaded and ran this program. It found no problems.
Screen clipping taken: 12/25/2015 4:31 AM
The program saved a log file C:AdwCleanerAdwCleaner[C1].txt
The log file did not detect that any malware problems were found.
This is a program run at the command prompt level program that did not discover any problem. It saved a text file of the log on my PC.
I downloaded, installed and ran the free version. The scan took about 2 hours but found no malware.
Downloaded and installed the free version of 64 bit Hitmanpro and ran a cone-time scan. The scan took about 90 minutes.
I followed the steps to seset the settings to remove any trace of the malware from Chrome, Internet Explorer and Edge.
“Your computer should now be free of the Go.goadvs.com adware infection.”
Unforunately, I still had the problem.
“If you are still experiencing problems while trying to remove Go.goadvs.com pop-up ads from your machine, please do one of the following:
- Run a system scan with Zemana AntiMalware.
- Start a new thread in our Malware Removal Assistance forum.”
I did not do these last two steps above. Instead, I followed my own hunch.
I concluded that since the programs found no installed malware but removal of all cookies corrected the problem, that the goadvs.com problem is launched either on the server side or solely by cookies or possibly by some trigger combining an otherwise innocent cookie or user trigger with something hidden in hosted software.
I removed Sitemeter code on all my web sites. It used to be valuable a decade ago but has none down hill dramatically and I no longer use it anyway.
Since the removal of Sitementer code on the server side, I no longer notice any Goadvs.com problem.