How to get rid of ib.adnxs popup

Topic

New Reply

Only on Firefox do I get ib.adnxs.com pop up It comes as a blank white screen with that address. I run windows 7 64 bit. How do I get rid of this nuisance from constantly popping up Is there a way to remove it?

thanks for any help

Reply | Quote

Replies

Schonman,

Try clearing your cache. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

This appears to be an advertising pop up. Perhaps there is something that snuck into your FF installation. Check the extensions and plug-ins.

31859-FFAdd-ons

Reply | Quote

I have deleted and reinstalled Firefox and also checked the plugins and add-ons , I have also cleared the cache and it still keeps returning. Is there anything else I can do????

Thanks for your replies before

Reply | Quote

Try creating a new Firefox profile and run with that:
https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles

Jerry

Reply | Quote

Block the domain in your hosts file (how-to):

I’m trying to block ib.adnxs.com from loading on my browser (Firefox) and I’m just about going crazy. Any suggestions?

Bruce

Reply | Quote

thanks to everyone but i still have the problem

Reply | Quote

Try installing the Adblock plus add-on it may block it from launching or if does not there may be a tab with block on it which tells Adblock to block it.

Reply | Quote

installed adblock and that worked thanks

Reply | Quote

I hope I’m not too late to this thread, but all the advice up to this point is dead wrong.

It’s a virus. This article describes it and does not offer much hope of completely removing it. Bleeping Computer has This Thread on the infection. It comes from an infected website or Facebook Page. And it is very difficult to remove, as it changes itself at least once a day. But you might try a frequently updated antivirus program in portable form, in Windows Safe Mode. Otherwise, you may be headed toward a Windows reinstall. Don’t trust any recent backup images.

AdBlock may only be masking a deeper infection, and these types of viruses tend to download other stuff every time you go online. Don’t just paper it over — remove it.

-- rc primak

Reply | Quote

I hope I’m not too late to this thread, but all the advice up to this point is dead wrong.

It’s a virus. This article describes it and does not offer much hope of completely removing it. Bleeping Computer has This Thread on the infection. It comes from an infected website or Facebook Page. And it is very difficult to remove, as it changes itself at least once a day. But you might try a frequently updated antivirus program in portable form, in Windows Safe Mode. Otherwise, you may be headed toward a Windows reinstall. Don’t trust any recent backup images.

AdBlock may only be masking a deeper infection, and these types of viruses tend to download other stuff every time you go online. Don’t just paper it over — remove it.

Many amateur sites like the one you found would like you to think it’s a virus because they want your money to remove it. It’s really an AppNexus adserver.

Bruce

Reply | Quote

Many amateur sites like the one you found would like you to think it’s a virus because they want your money to remove it. It’s really an AppNexus adserver.

Bruce

You may have been confused by a Google or Who Is link which leads here. This is NOT what we are talking about in this thread.

In most cases like this one, I’d agree totally with your post, Bruce. BUT… in this case:

Spybot S&D’s Forum says MSE doesn’t flag this adware as malicious, but Spybot and ESET do. This means that at least some legitimate antispyware programs consider this to be more than simple adware. The Spybot Forum did not immediately advise to buy and use Spybot S&D (which has a free version as well) to remove this adware.

Facebook has a posted Note on removing this malware. So even they are taking this as more than just simple adware. They even offer their own removal tool. To the best of my knowledge, this is an official Facebook Note.

It seems that legitimate antispyware programs and Facebook itself have been flagging this as more than just adware. Apparently, they seem to think it’s a Trojan Horse, which morphs frequently and may be capable of downloading other malicious components. And it is a bit worrisome that this unwanted adware may be installed as a drive-by download, without user interactions. That’s a red flag right there. Removal may not be as difficult as the Bleeping Computer site says, but there could be more going on here than meets the eye.

Bleeping Computer is NOT an amateur site — they have been in the business of helping users remove unwanted software for longer than practically anyone, and the site has a great deal of respect here in The Lounge. They DO NOT charge money to remove anything, and usually only recommend free removal tools when there are adequate free tools available.

I would sooner trust Bleeping Computer’s researched answers when backed up by several security companies and Facebook itself, than an undocumented personal opinion posting here in The Lounge — no personal disrespect intended.

Zimbio.com does push a paid product, so I only took the description from there. I only believe such descriptions at advertising websites when a legitimate and unbiased site like Bleeping Computer confirms the threat and offers free advice on how to use free methods to remove the threat. My only issue with Bleeping Computer is that they often advise manual methods when effective automated removal is possible with free or paid commercial products.

This may be the case here, but I would still advise complete removal of this adware. And that requires more than uninstalling something or using an ad blocker. I would think that in spite of its variability, this adware can be removed completely with Malwarebytes or Super Antispyware, which may contradict my previous post. Follow up with a simple cleanup operation (CCleaner), but do discard any System Restore Points which might have been created while the adware was present. The same goes for System Images which may include the adware.

Both Zimbio and Bleeping Computer tend to be alarmist and tend to offer advice not to use automated removal methods. That type of advice is simply ridiculous in most cases. Not amateurish, but self-serving if you ask me. But I repeat, Bleeping Computer does NOT charge for its services. Both sites do know better than what they advise, in my opinion.

-- rc primak

Reply | Quote

You may have been confused by a Google or Who Is link which leads here. This is NOT what we are talking about in this thread.

No confusion. That IS what we are talking about in this thread.

In most cases like this one, I’d agree totally with your post, Bruce. BUT… in this case:

Spybot S&D’s Forum says MSE doesn’t flag this adware as malicious, but Spybot and ESET do. This means that at least some legitimate antispyware programs consider this to be more than simple adware. The Spybot Forum did not immediately advise to buy and use Spybot S&D (which has a free version as well) to remove this adware.

Well, at least you’ve switched to calling it adware instead of a virus. But please read carefully; no one at Spybot S&D’s Forum confirmed anything about ib.adnxs.com at all.

Facebook has a posted Note on removing this malware. So even they are taking this as more than just simple adware. They even offer their own removal tool. To the best of my knowledge, this is an official Facebook Note.

You must try to differentiate between “Facebook” and “some person using Facebook”. That’s just another link to a scam site and nothing official whatsoever.

It seems that legitimate antispyware programs and Facebook itself have been flagging this as more than just adware. Apparently, they seem to think it’s a Trojan Horse, which morphs frequently and may be capable of downloading other malicious components. And it is a bit worrisome that this unwanted adware may be installed as a drive-by download, without user interactions. That’s a red flag right there.

That’s all from scam sites. No info from any legitimate sites.

Removal may not be as difficult as the Bleeping Computer site says, but there could be more going on here than meets the eye.

No one there said it was difficult. They ran Combofix and reset Firefox. “Gringo” didn’t even say what had been removed.

Bleeping Computer is NOT an amateur site — they have been in the business of helping users remove unwanted software for longer than practically anyone, and the site has a great deal of respect here in The Lounge. They DO NOT charge money to remove anything, and usually only recommend free removal tools when there are adequate free tools available.

I was referring to the Zimbio article as being amateur, but the virus-busters at Bleeping Computer aren’t professionals either, are they?

I would sooner trust Bleeping Computer’s researched answers when backed up by several security companies and Facebook itself, than an undocumented personal opinion posting here in The Lounge — no personal disrespect intended.

What makes you think Bleeping Computer researched anything in this case? Please show me some backup from several security companies. The Facebook entry is a scam.

Zimbio.com does push a paid product, so I only took the description from there. I only believe such descriptions at advertising websites when a legitimate and unbiased site like Bleeping Computer confirms the threat and offers free advice on how to use free methods to remove the threat. My only issue with Bleeping Computer is that they often advise manual methods when effective automated removal is possible with free or paid commercial products.

Bleeping Computer didn’t confirm any threat. They may have removed something, but no one knows what (because they did use automated methods).

This may be the case here, but I would still advise complete removal of this adware. And that requires more than uninstalling something or using an ad blocker.

How do you know that?

I would think that in spite of its variability, this adware can be removed completely with Malwarebytes or Super Antispyware, which may contradict my previous post. Follow up with a simple cleanup operation (CCleaner), but do discard any System Restore Points which might have been created while the adware was present. The same goes for System Images which may include the adware..

Variability based on a scam site?

Both Zimbio and Bleeping Computer tend to be alarmist and tend to offer advice not to use automated removal methods. That type of advice is simply ridiculous in most cases. Not amateurish, but self-serving if you ask me.

Zimbio is an entertainment news site: http://www.Zimbio.com

But I repeat, Bleeping Computer does NOT charge for its services. Both sites do know better than what they advise, in my opinion.

Which makes them amateur.

Bruce

Reply | Quote

@BruceR — All I see in your Post #13 is continued undocumented name-calling. You have a habit in The Lounge of using name-calling as a last resort when you cannot prove your points. I will not respond further to this sort of behavior.

You still take the easy way out instead of presenting verifiable facts and valid, relevant web references.

The Facebook Note does not have anyone’s username on it. It is official.

The adware in question is in fact a Trojan Horse which is a virus, and it originates as a drive-by download at places not limited to Facebook. Facebook does offer a removal tool. The mere fact that the popup also involves a browser redirect should be taken as a sign of the truth of these claims.

Threads like this one at the Mozilla Forums are not helpful in this case. No one in that thread actually researched the issue to determine why the redirect was occurring.

According to this thread, there was at least a Toolbar found which had to be removed using a special (free) script. This was apparently the equivalent of editing the Windows Registry, so there definitely was more in there than merely an ad or a cookie. And yes, this is yet another “amatuer” website. It appears no one was paid for the advice nor for the script or the ESET online scan (often used at that site, but maybe not in this particular thread).

Whatever people do in this case, a full system scan with two or more antispyware applications would not be a bad idea. Nor a waste of time. If anything shows up, it should be removed with the program which did the scan. Malwarebytes and Super Antispyware are two such scanners.

But I must add that in several help threads at various forums, many times the most popular AV/AS programs did not catch this virus. I don’t have an easy answer to that mystery, except that this is reported to be a variable virus (it morphs itself).

-- rc primak

Reply | Quote

@BruceR — All I see in your Post #13 is continued undocumented name-calling. You have a habit in The Lounge of using name-calling as a last resort when you cannot prove your points. I will not respond further to this sort of behavior.

ALL you see? Are you referring to the single word “amateur” as applied to people who don’t charge for their services?

You still take the easy way out instead of presenting verifiable facts and valid, relevant web references.

There are no valid, relevant web references on this virus/trojan because it doesn’t exist.

The Facebook Note does not have anyone’s username on it. It is official.

It says “by Delete Spyware” right under the title. Click on the username Delete Spyware and you can review 10 more posts by that user all using scare tactics to direct traffic to his site http://www.delete-spyware.com where they would like to sell you their magic cure-all.

The adware in question is in fact a Trojan Horse which is a virus, and it originates as a drive-by download at places not limited to Facebook. Facebook does offer a removal tool. The mere fact that the popup also involves a browser redirect should be taken as a sign of the truth of these claims.

In fact, you’re basing this on the statements of one guy on Facebook with an ulterior motive.

Threads like this one at the Mozilla Forums are not helpful in this case. No one in that thread actually researched the issue to determine why the redirect was occurring.

Not helpful in supporting the existence of a virus perhaps. But three people there solved all their issues with adblock.

According to this thread, there was at least a Toolbar found which had to be removed using a special (free) script. This was apparently the equivalent of editing the Windows Registry, so there definitely was more in there than merely an ad or a cookie. And yes, this is yet another “amatuer” website. It appears no one was paid for the advice nor for the script or the ESET online scan (often used at that site, but maybe not in this particular thread).

What was actually removed which is relevant to this issue?

Whatever people do in this case, a full system scan with two or more antispyware applications would not be a bad idea. Nor a waste of time. If anything shows up, it should be removed with the program which did the scan. Malwarebytes and Super Antispyware are two such scanners.

Never a bad idea, but possibly a waste of time in this case if the problem has been solved by adblock.

But I must add that in several help threads at various forums, many times the most popular AV/AS programs did not catch this virus. I don’t have an easy answer to that mystery, except that this is reported to be a variable virus (it morphs itself).

No mystery. It’s not a virus, if you only believe reputable sources.

Bruce

Reply | Quote

This thread has had no contributions except by myself and BruceR for awhile. Unless anyone else posts here, I’m done.

-- rc primak

Reply | Quote

Thanks. Enjoyed talking to you too.

Bruce

P.S. Do you know of ANY virus identified by a .com address (or any other URL)? Think about it.

Reply | Quote

Thanks. Enjoyed talking to you too.

Bruce

P.S. Do you know of ANY virus identified by a .com address (or any other URL)? Think about it.

Just to this specific point — that .com address could just be one visible sign. There could be other things not visible to the user happening at or through a browser redirect. Like additional downloads. Generally, cookies, Home Page redirects and page redirects do not by themselves generate persistent popups, no matter where the popups are coming from. (So-called “super-cookies” or LSOs could do this, I suppose. And LSOs can be removed, and their sources can be blocked.) Otherwise, something persistent must be generating the popups, must it not? Or perhaps just something in the browser cache (or elsewhere in Temporary Files or LSO locations)?

Maybe the problem was resolved in this case (or maybe not), but just blocking the originating URL may not be enough to prevent other things from happening which the user would never see until it’s too late. I’m just saying…

If we really want to get into a longer discussion about this sub-topic, maybe a new thread should be opened elsewhere in The Lounge. Personally, I’d like to wrap this up as quickly as possible.

-- rc primak

Reply | Quote

I came upon this thread tonight because for the last 48 hours I have been fighting this – I am going to call it virus – as I believe that is what it is. Yes I tried Adblock with Chrome and what I was witnessing disappeared from websites that were showing ads on pages which I know should not be displaying ads. Mozilla is still showing the problem with sites, but I get no problem with this issue in IE.
I am convinced this is a deep rooted piece of malware and I am on the side of Bob Primak. The issue is which site to totally trust that will fix the problem and I am still looking. Right now I have windows in safe mode and have run Anvi Smart defender and it found nothing. Now running malware bytes on a full scan and waiting on a result from that.
There is a lot of forums saying that this virus has all the big names beaten, I.e Norton, Avg, McAfee etc. so my question remains who really is the trusted force that has the correct steps to fix this? What I have found today is that it appears this virus is stuck to my user profile. I created another profile on the PC and the problems were not showing up in the browsers affected. But in my mind that is not the answer to this problem either i.e just setting up another profile. If this virus is residing in the system files then no matter how many new profiles you create this thing is still worming its way through the PC.

Reply | Quote

So Adblock solved it for Chrome and there is no problem with IE. Didi you install Adblock for Firefox too?

Bruce

Reply | Quote

Admittedly I have not yet applied the fix for Firefox and my reason has been that on reading the various threads today, I don’t think this fix is the answer. Because all you are doing is blocking the problem in these browsers. But, my understanding is this virus is much deeper rooted in the user profile files and possibly the system files.

Reply | Quote

The only sites that say it’s a virus are those (unknown/untraceable) trying to sell you a solution you don’t need.

Bruce

Reply | Quote

Bruce
You ‘may’ be right, but everything I have read suggests that this is for real and that it is one of the worse viruses seen.

I think I must have used every known brand of AV software today and like I said earlier downloaded Adblock that fixed the issue in Chrome. Tonight I may well download the Mozilla version, but have I really solved the problem? I think not unless you and others can convince me there is not a bigger problem here and what we are reading is all scare mongering.

Reply | Quote