1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

akamaihd.net - unwanted page

Discussion in 'Virus & Other Malware Removal' started by DKTaber, Sep 22, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. DKTaber

    DKTaber Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    2,826
    I notice that others have posted something about the subject unwanted page that pops up when I go to some site (like CNET) and click a Download button. The URL of the page is http://rvzr-a.akamaihd.net/sd/wrap-0.01.html?u=http%3A%2F%2Frvzr-a.akamaihd.net%2Fsd%2Fapps%2Ffusionx%2F0.0.3.html%3Faff%3D1700-1016. It is always blank, but pops up in front of the page I'm on. I have run Malwarebytes and SuperAntiSpyware, and they find nothing. I have HiJackThis on my laptop and can run and save a log, but per the instructions, will not do that until asked.

    I notice this only happens with Firefox, my default browser. It does not appear if I use IE, so I suspect something has altered the configuration file for Firefox.

    What is this thing and how do I stop it from appearing?
     
  2. Sponsor

  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    52,041
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


    [​IMG]
     
  4. DKTaber

    DKTaber Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    2,826
    Derek: Did as you instructed, and the program did indeed remove several programs, at least one of which was a PUP (Visualbee??). . . but the problem remains. Here's the report you requested:

    # AdwCleaner v3.005 - Report created 23/09/2013 at 07:53:31
    # Updated 22/09/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Don - DONS-PC
    # Running from : C:\Users\Don\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\visualbee
    Folder Deleted : C:\Program Files (x86)\visualbee
    Folder Deleted : C:\Program Files (x86)\WebConnect
    Folder Deleted : C:\Users\Don\AppData\Local\visualbeeexe
    File Deleted : C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\crlkm97s.default\Extensions\[email protected]
    File Deleted : C:\END
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_emailstripper_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_emailstripper_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\visualbee
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\visualbee
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\visualbee
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\visualbee
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Mozilla Firefox v23.0.1 (en-US)

    [ File : C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\crlkm97s.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.backgroundjs", "\n\n/*****************************************************************************[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylig[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app33906%22%3A%22app33[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_css.expiration", "Mon Sep 23 2013 11:25:20 GMT-0400 (Eastern Standard Ti[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_geolocation.expiration", "Tue Sep 24 2013 16:23:48 GMT-0400 (Eastern Sta[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_messages.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylig[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_messages.value", "%7B%22data%22%3A%7B%7D%2C%22lastMessageId%22%3A2%7D");
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_metadata.expiration", "Mon Sep 23 2013 08:50:25 GMT-0400 (Eastern Standa[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A33906%2C%22appName%22%3A%22VisualBee%[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.internaldb.Resources_meta.value", "%7B%22images/emaze.png%22%3A%7B%22id%22%3A170999%2C%22ver%22%3A[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.internaldb.Resources_resource_170999.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEU[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.internaldb.Resources_resource_171000.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEU[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.js", "\n\n /************************************************************************************\[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_13.name", "CrossriderAppUtils");
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_14.name", "CrossriderUtils");
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_32.code", "appAPI.hooks.addHook(\"images\",(function(a){return function(){var v={bg[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var e=/left|center|right/,d=/top|center|bottom[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_78.name", "CrossriderInfo");
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
    Line Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.33906.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
    Line Deleted : user_pref("extensions.crossrider.bic", "140e093ae9bd35051c7070ef047db20c");
    Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
    Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    Line Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Ba0b7322d-1cf7-4b01-914e-126cefd1e86c%7D&mid=cb20f8ff8cae47d0a6c40d47e7ac6b58-e5ced30ae51b17e4d56e959568a09453001f3444&ds=AVG&v=11.0.0.9&l[...]

    *************************

    AdwCleaner[R0].txt - [12035 octets] - [23/09/2013 07:52:26]
    AdwCleaner[S0].txt - [11680 octets] - [23/09/2013 07:53:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11741 octets] ##########
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    52,041
    simplest cure now is reset firefox to default
    this one is quite easy to cure in IE but much harder in FF or chrome as it downloads so much junk that isn't always detected by antivirus scanners or anti malware tools

    open FF/help /troubleshooting information/ press reset to default
     
  6. DKTaber

    DKTaber Thread Starter

    Joined:
    Oct 26, 2001
    Messages:
    2,826
    . . . which I just did and it appears to have gotten rid of the problem. Thanks for the tip.

    I'm still don't know where that thing came from. I am VERY careful when installing anything to get it from the manufacturer's site or the site they partner with for downloads, and examine EVERY screen during the install to avoid getting piggy-back software. But I must have slipped up somewhere; one clue is that I also have no idea where the "VisualBee" software came from or what it does, so it got by me somehow and may have been the source of the akamaihd.net page (which was always blank, so I don't even understand what it was trying to accomplish).
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1109026