Tag Archives: ad injectors

Blog Post Shout Out: Google Chrome Cleanup and GDPR

Google have made available a clean-up tool within Google Chrome to remove threats such as adware, browser hijackers, fake system optimizers, & tracking software which may impacting your browsing experience.

This tool from ESET appears to be a revised version of the tool I discussed over 3 years ago. This blog post from Lawrence Abrams of Bleeping Computer provides more details of how to use it and what data it collects (and sends to Google who retain it for 14 days). If you are experiencing issues with Google Chrome, this tool is a good place to start your troubleshooting. If necessary a full reset can later be performed.

====================
Separately with the European General Data Protection Regulation (GDPR) (written by Dr. Jessica Barker) due to come into effect on the 25th of May; you may be receiving emails from every online service or account that you have advising of their approach to the new regulation.

Most of the emails do not ask you to take any action however some will request you to review the information they have on file/record and update it if necessary. My advice for these emails is treat them as you would any email you receive regarding an online account, with caution.

If for example you receive an email purporting to be from PayPal but you don’t have a PayPal account, delete it! For the emails you do receive; if you suspect they are fraudulent, as per past advice from SANS call the company yourself and verify they are sending such emails and what if any actions they wish you to take? Be very careful if you do click on the links and think before you provide any personal information (in almost all cases you won’t have to enter anything).

====================
I hope the above blog posts which I have provided a respectful shout out for provide a useful resolution if you are experiencing issues with Google Chrome and guidance on how to approach the large volume of email you are likely receiving.

====================
Update: 24th May 2018
====================
I received a call yesterday from one online account I hold stating they sent me an email yesterday relating to GDPR and asking me to update my preferences. While it was a genuine call (I did receive the email that very morning); I had not yet acted on it. The person even offered to call me back today to check I had updated my preferences. I explained I would update them and a call back would not be necessary.

This very much is the exception, no other online account have called me. As always; be cautious accepting calls and don’t provide any personal information to someone you do not know; they may not be who they claim to be.

Thank you.

Microsoft Updates Edge Browser To Harden Against DLL Injection

On the 12th of November Microsoft began rolling out Windows 10 Build 10586 (also known as Version 1511). This was the first major update made available for Windows 10. Included in this update was an improved version of Microsoft Edge, the default browser of Windows 10.

For most consumers, this update will be delivered automatically to their PCs. For businesses and large organizations using the new Windows Update for Business they should be able to choose a time when they wish to deploy this update more widely to the company’s employees.

What’s The Main Security Improvement in This Update?
In the updated version of Microsoft Edge, known as EdgeHTML 13, DLLs (Dynamic Link Libraries, defined) are no longer permitted to load within Edge. DLLs are loaded into a Windows application using a technique known as DLL injection. The technique of DLL injection is explained in more detail here and here. It is this technique that Edge has been hardened against to prevent it succeeding.

Why Was This Change Made?
If an unauthorized DLL is loaded into a web browser, it can do such things as displaying un-wanted adverts (such as the type previously discussed by Google) or installing unnecessary toolbars that may attempt to re-direct your web searches from your preferred search engine to another search engine in order to benefit from increased usage (and possibly increased revenue when adverts are displayed among those search results). Such unwanted adverts and/or toolbars annoy and distract users and make their web browser less user friendly.

If I’m a Microsoft Edge user, how will this benefit me?
If you like using Microsoft Edge on Windows 10, this change will mean that it will be harder for adware and malware to be loaded into your browser either for malicious purposes or to simply display adverts. This means that your web browser is more likely to work the way you prefer and you can simply concentrate on achieving what you would like to do.

I welcome this change which makes every day browsing for Microsoft Edge users safer. Thank you.

How To Protect Against Ad Injectors (Updated)

Late last week I read about a particular form of adware that Google is continuing to work to prevent it from interfering with search engine results or obscuring your view of a popular website.

These ad injectors display pop up dialog boxes on your screen obscuring the website that you wish to view and instead offer tech support scams. They can also place ads that they wish to promote over the genuine search results that you have just requested from Google (or another search engine). For more signs/symptoms to look for, this blog post provides more details.

These ad injectors come to be installed on your computer from browser extensions/plugins as well as more traditional advertising toolbars.

In order to remove and prevent such ad injectors from disrupting your browsing experience I would recommend running a quick scan with your preferred anti-malware software (run a full scan if anything is detected). If you are still seeing annoying pop up dialogs or unwanted ads (that overlay the genuine search engine results) you could also try a free scan with one or all of the tools mentioned below (that I also mentioned on my Tools and Resources page).

In addition, before installing any free browser extension, check/read the reviews of it before downloading it and research it online a little before installing it. If you begin to see unwanted ads just after installing a new browser extension, uninstall that extension. To be even more careful, consider running the scans that I mention above after installing the extension just to ensure the legitimacy of what you have just downloaded.

Please consider supporting the future development of these free scanning tools by donating via their websites (especially if they find and remove any adware for you):

Adwcleaner:
http://general-changelog-team.fr/en/tools/15-adwcleaner

Junkware Removal Tool:
http://thisisudax.org/

RogueKiller:
http://www.adlice.com/softwares/roguekiller/

Note: For the Junkware Removal Tool, I would recommend backing up your data to another external destination (e.g. an external hard drive or offsite backup, don’t have the backup accessible on your computer when running the tool) before running this tool. This is because it can delete any application installer that includes advertising toolbars as part of its installation (even if such toolbars are optional). You may not be expecting such installers e.g. Oracle Java to be deleted (without any prompts) and having a backup reduces the inconvenience of such application installers being deleted.

Update: 6th May 2015:

Since this post was originally posted Google have since provided more details on their findings from a research study detailing the extent of the ad injector ecosystem.

Google have worked to remove extensions from the Chrome Web Store that were deceptive and their Safe Browsing API continues to protect users from downloading software that is not what it appears to be. In addition changes to their AdWords policies have seen the number of Safe Browsing warnings being presented to users drop by 95% (i.e. users are no longer being manipulated into attempting to download dubious software/ad injectors and thus the warnings are not necessary).

The advice that I provided above still remains valid; however Google have since released a software removal tool to remove existing ad injector software. If you suspect that you may have such an ad injector installed, please consider running this tool. I have used this tool and it’s scan takes less than five seconds to complete (for me the scan showed no malicious results and thus no action was required).

=======================
Update: 25th September 2015:
Earlier in September Google mentioned that they have made adjustments to their online advertising system so that ads that appear as a result of the ad injectors mentioned in this post are no longer bid on and thus no revenue is generated.

Google acknowledges that this measure won’t stop all of these ads from appearing but it makes it much less profitable for those who create these unwanted ads.

Thank you.
=======================
I hope that the above page is useful to you in keeping your computer free from unwanted adware and ensuring a safe and predictable online browsing experience.

Thank you.