Goadvs.com malware removal

Posted on Posted in Small Business

Why I concluded that Goadvs.com malware may be connected to Sitementer.com

Last week I found that I was affected (but not necessarily “infected”) with a browser hijacking malware. Occasionally I’ve found that published documentation of a computer bug is inadequate and so, for that reason alone, I am publishing details of my experience here. This post might be useful to others but I make no implications that I have any skills or am offering any service in this field.

The Problem

When I type a domain it redirects me to another junk advertising site within a few seconds. It renders the browser useless.

My observations:

– The malware affected multiple browsers (Chrome, Edge, Internet Explorer).

  • The malware affected both of my PCs. It did not affect my iPad running Chrome browser.
  • The malware affects all of my 20+/- web sites but does not affect other web sites. (I was unsure of the reason but realized that either it was something on my server side sites or the cact that they are 100% html and other sited I checked for comparison were not).

Initial Steps with Eset

I re-ran Eset SmartSuite (supposedly one of the best of its class) and it detected no problem

I put in a service request to Eset and was prepared to pay them for removal assistance. But Eset did not respond within one business day as promised, perhaps due to a staff shortage before the Christmas holiday.

As I write this on December 27, I have still not heard back from Eset. Holiday or not, three days is a long time to wrestle with an essential PC problem. I now know that I can’t count on this service 100% of the time.

Mirosoft help

I got advice from Microsoft site http://answers.microsoft.com from

Bruce Hagen

MVP: 2004 ~ 2010

2014 ~ Present

Imperial Beach, CA

From <http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/i-have-a-redirect-virus-gogoadvscom/069e9522-3b94-4eb0-9f59-766156616da2?msgId=6288eb28-9922-4c4b-882b-ebe2d3b20539>

STEP 1: Remove Go.goadvs.com adware with AdwCleaner

Downloaded and ran this program. It found no problems.

It said:

Machine generated alternative text: o  If you have been brought to use AdwCleaner, it's probably because your  PC contained potentially unwanted programs or  Potentially unwanted programs are Often proposed during the  installation Of software. They may be present in form Of toolbars that  sometimes change the home page Of the browser and slow internet  browsing  TO avoid the installation Of these programs polluting the computer, it is  essential to follow these tips:  - Always download a program from the official link or a trusted site  - When installing a program do not click too fast (Next) without paying  attention to Terms Of Use and third-party programs available  - If third-party programs are available (toolbar% etc. uncheck all  checkboxes about him.  - Enable detection Of PUPS in your antivirus.

Screen clipping taken: 12/25/2015 4:31 AM

The program saved a log file C:AdwCleanerAdwCleaner[C1].txt

The log file did not detect that any malware problems were found.

STEP 2: Remove Go.goadvs.com browser hijacker Junkware Removal Tool

This is a program run at the command prompt level program that did not discover any problem. It saved a text file of the log on my PC.

STEP 3: Remove Go.goadvs.com virus with Malwarebytes Anti-Malware

I downloaded, installed and ran the free version. The scan took about 2 hours but found no malware.

STEP 4: Double-check for Go.goadvs.com malware with HitmanPro

Downloaded and installed the free version of 64 bit Hitmanpro and ran a cone-time scan. The scan took about 90 minutes.

(OPTIONAL) STEP 5: Remove Go.goadvs.com redirect from Internet Explorer, Firefox and Google Chrome

I followed the steps to seset the settings to remove any trace of the malware from Chrome, Internet Explorer and Edge.

“Your computer should now be free of the Go.goadvs.com adware infection.”

Unforunately, I still had the problem.

“If you are still experiencing problems while trying to remove Go.goadvs.com pop-up ads from your machine, please do one of the following:

From <https://malwaretips.com/blogs/remove-go-goadvs-com/>

My suspicions

I did not do these last two steps above. Instead, I followed my own hunch.

I concluded that since the programs found no installed malware but removal of all cookies corrected the problem, that the goadvs.com problem is launched either on the server side or solely by cookies or possibly by some trigger combining an otherwise innocent cookie or user trigger with something hidden in hosted software.

Sitemeter removal

I removed Sitemeter code on all my web sites. It used to be valuable a decade ago but has none down hill dramatically and I no longer use it anyway.

Since the removal of Sitementer code on the server side, I no longer notice any Goadvs.com problem.

Leave a Reply

Your email address will not be published. Required fields are marked *