Tracking adware that opens ads/phishing websites through your default browser

Tracking adware that opens ads/phishing websites through your default browser

I have this adware that keeps opening the site "http://pine-this.org/webssm". Would it be possible to see what program is sending the command to open this website to Firefox? Something like a task manager or packet tracer, except for seeing what is being sent from within your computer. I've already checked all my add-ons and extensions, run several virus scans, etc. I know that a computer likely sends tons of commands every second, but if the internal tracer program had features such as ignoring duplicates then I can see it being more plausible.

Another option I'm curious about, could I redownload the virus (if I knew where I messed up) into Sandboxie and see what files it places, and then use that to find and delete the infected files back on the main system?

答案1

I redownloaded and rexecuted the virus using a Sandboxed web browser and a Sandboxed Windows Explorer, respectively. It was fascinating to watch, like locking a spider in a cage and dropping bugs in. Then Sandboxie came up with the following warning: "SBIE2205 Service not implemented: schtasks.exe", letting me know that the virus was trying to access the task scheduler. I looked in there, and sure enough, the adware webpage was set to open every 30 minutes. Thank you Sandboxie!

相关内容