1. Windows Central Question's Avatar
    So I've got a problem, as a house of computer users we have quite a few computers. 3 Days ago my computer (Dell Studio XPS 16 running Windows 7 SP1) randomly started re-directing me to Russian websites... it seemed a random point to start; I had walked away from the computer for a couple hours to do something else and when I came back it was immediately redirecting me. I had no active downloads and nobody else knows my password so the computer was unused during that point. AVG picked up on this and informed me each time that I was redirected that it was a HTML Framer that was redirecting me and that it had protected me - regardless I was still being redirected every 5 webpages or so. In the end a mix of AVG and Malwarebytes Anti-Malware seemed to get rid of the problem and the computer has been unaffected since.

    However the story sadly didn't end there... Being an *****(!) I emailed my parents my Christmas list whilst waiting for the virus scans to complete. One day later - poof home computer (Windows 7 SP1 as well) has said HTML Framer which not a huge problem, that of course, I can fix. The problem comes from the fact that my Windows phone (Nokia Lumia 630 running Windows Phone 8.1) is displaying exactly the same symptoms. The browser is being redirected to a stupid website. Great. My immediate reaction is that this must be an infected router or some huge ISP issue. However with 3 other laptops going unaffected as well as two iPads an iPhone and another Lumia 520 (Windows Phone 8.0) unaffected I can't see that being the case. One important note is that my Nokia 630 has access to my emails so all that I can think is that I received an infected email and then emailing it on I sent to my parents??? Does anyone else have any suggestions before I hard-reset my Phone because I'd really love to be able to keep all my stuff on my phone even if it is having a few other troubles at the moment (won't download apps).

    Other Info

    - Every time the Lumia is redirected the phone asks me if I will allow an app to be downloaded

    - Website I'm almost always directed to on my phone is adfoc. us/serve/id=25497651290185 which is a website that pays for redirecting people to adverts.... Possibly the HTML Framer is not running perfectly and can't redirect me as wished to get the payment on the end for the creator?

    - As far as I'm aware I'm up to date with all software (Windows, Flash, AVG, Malwarebytes, Thunderbird) on all of the computers and the Phone that have been infected.

    Help?
    12-07-2014 09:15 AM
  2. civic06's Avatar
    I managed to fix my problem so I've come back to explain how I did it! First off, in the end the Adfocus virus came back on all of the computers in the house so the first task was to get the virus off those computers for good. For that I'd really suggest reading through this thread on Techguy - (WELL I CAN'T POST LINKS! GREAT! Instead just google "Techguy Adfocus virus" and read the threat titled "Solved: adfoc.us redirect virus") and running almost all of the programs recommended. For me Combofix seemed to be the final nail in the coffin (although I then had to reset all of the browsers on each computer and also ran the Anvi Browser repair tool). If you can't find the thread, the programs I ran were, in order: AVG Free, Kaspersky Internet Security 2015, MalwareBytes Anti-Malware, Adwcleaner, Systemlook (Pretty sure this helped find the files that were hosting on the main infected computer), TDSSKiller, Combofix (Ensure you read the Combofix disclaimer stating that it is a tool for professional use and they take no responsibility for any damage that may come to your computer whilst using Combofix unsupervised - you may want to request assistance on any computer forum before running Combofix), and Anvi Browser Repair Tool.

    After that I reset my router which flushed the Windows phone (You do NOT need to hard reset your phone like I (stupidly) did) and since that point I've had no problems.

    The virus itself, from what I understand, inserts the adverts by changing your default DNS settings and redirecting all of your web traffic. You may be able to see this in action by - go into Control panel -- Search 'adapters' -- click "View Network connections" -- right click your connection -- click properties -- (for most people) click Internet Protocol 4 -- click properties -- and then check if your DNS is being sourced automatically, or if a new one has been added... If it has been changed, try setting it to "Obtain DNS server address automatically" if it is already on that setting, change it to "Use the following DNS server addresses" and then enter "8.8.8.8" (Google's DNS) in the preferred DNS server spot.

    This is remarkably adaptable virus so while what I've suggested above may seem like overkill when you first look at how many programs you'll have to run to kill it I'd suggest just taking the time and just doing it. I half arsed the job twice and the virus reinstalled itself and avoided detection much better the second and third time around, whilst also wasting a lot of my own time. Do yourself a favor, sit down take 4-5 hours, and get rid of this horrible thing in one go.

    Good Luck guys!
    12-21-2014 06:25 PM

Similar Threads

  1. Replies: 5
    Last Post: 12-20-2014, 11:06 PM
  2. Can blue stacks be downloaded on Surface 2?
    By WPCentral Question in forum Ask a Question
    Replies: 1
    Last Post: 12-07-2014, 10:22 AM
  3. L920 2nd mic problem!
    By KVeskus in forum Nokia Lumia 920
    Replies: 0
    Last Post: 12-07-2014, 09:03 AM
  4. Save an entire 50% today on these anti-glare screen protectors for HTC One M8!
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 12-07-2014, 08:11 AM
  5. Modern apps problem
    By imscythe in forum Windows 8
    Replies: 0
    Last Post: 12-07-2014, 07:50 AM
LINK TO POST COPIED TO CLIPBOARD