[ritz3645]

Quote:

Originally Posted by condor

.

Quote:

Originally Posted by samaspire

I

Greetings,
When you download freeware, provider wants to monetize the event. It may load browser extension in pack which lead you to a specific search engine. The search engine is compromised and direct you to high advert search page as compared to google.

Now how to remove all the malware which entered through the download package. There are usually three places where the changes have been done.

• Control panel : Goto Control panel-> Program
  ->Remove everything which seems shady or downloaded as on the same date as the pack. This step involves admin rights
  
• Chrome extension : Goto Settings in Chrome, click on extension, uninstall all extension which is shady or not downloaded by you.
  
• Chrome settings default Browser : Open a specific or set up a page, make it 'www.google.co.in' *copy paste it*

If the above step does not resolve the problem, the option I can think of is Restore to a previous date. Even if restore does not resolve the issue, then the only better option I think is a back up on a external drive and complete wipe to factory reset.

* Please perform the last step under someone's supervision.
*I highly recommend using following extension of Chrome - HTPPS everywhere & AdGuard AdBlocker for safe experience.

[samaspire]

Quote:

Originally Posted by ritz3645

Greetings,
When you download freeware, provider wants to monetize the event. It may load browser extension in pack which lead you to a specific search engine. The search engine is compromised and direct you to high advert search page as compared to google.

* Please perform the last step under someone's supervision.
*I highly recommend using following extension of Chrome - HTPPS everywhere & AdGuard AdBlocker for safe experience.

One thing I forgot to mention is that I'm having this issue on my Android Phone, not a PC. Would any of the steps change in that case?

[ritz3645]

Quote:

Originally Posted by samaspire

One thing I forgot to mention is that I'm having this issue on my Android Phone, not a PC. Would any of the steps change in that case?

Hi Samaspire,
Attached is a screen shot of Chrome settings on my phone. Can you please post screen shot of your settings and issue plus phone details.
Thanks.

[samaspire]

Phone is MiA1 running Android 8.1.0 (pure)

My issue started with Cobalten, but now I get various other sites (not porn though). Includes a download link for a browser and a virus warning popup to install antivirus. This happens when I click on a button. It's not always though.

[ritz3645]

Quote:

Originally Posted by samaspire

.

Hi Samaspire,
Thanks for screen shot. Since I have not encountered it, I did a Google search and found results for the same. I am not passing the buck, but this surely is a little complex issue. Please see if first link to remove from Android, the second is for removal from others. Please read the second link regarding cobalten then use first.

Link 1: https://howtoremove.guide/android-malware-removal/

Link 2 : https://howtoremove.guide/cobalten-com-virus-remove/

Hope it help, let me know.

Quote:

Originally Posted by condor

.

Condor : The first link has cobalten details for Windows.

[pcpranav]

Adware App is a bit complex matter, and not always termed as malware (c.k.a virus!). In the most common case, Adware apps are installed by user's permission, but in disguised or bit overlooked manner. User may miss a small "optional" tick-mark which by the way is default ticked ON! Some genuine apps are bundled with Adware apps and default installed together. These are the tricks they employ to get inside the system, and then change system behavior in many ways. So Adware apps may change browser settings, or over-ride search options, or show preferred search results, or show random advertisements. Sometimes, these advertisements are "poisoned" to be malicious, often called as phishing links. Sometimes even the Adware app owner genuinely doesn't know or able to control the kind of advertisements which are flashing on user's system.


https://en.wikipedia.org/wiki/Adware
https://www.kaspersky.co.in/resource...threats/adware



A typical antivirus (anti-malware) app would detect malware, and even detect Adware apps. Some in certain scenarios, anti-malware wouldnt detect Adware and let it pass, because of legal issues, yes true!


You may need a combination of security apps: anti-malware and anti-adware, sometimes bundled into single app as well. In complex scenario, troubleshooting is often done with a bundle of tools, but needs to be done cautiously. Mistakes could be costly, resulting in loss of time, system crashes, data loss etc.


Specific to Adware cleanup, I may personally recommend use the "free" version of Malwarebytes - its available for Windows, Android and Mac. Another one is AdwCleaner (now by Malwarebytes). Use along with a good antivirus software.



https://www.malwarebytes.com/android/
https://www.malwarebytes.com/adwcleaner/


When installation of Malwarebytes, be careful do not select the Premium version, and not enable "real-time" scanning, because it will conflict with existing antivirus installed on the system. Instead, configure the "free" version as to load whenever you want, update, and scan the system on periodic interval and then exit it.



regards,

[condor]

Quote:

Originally Posted by ritz3645

When you download freeware, provider wants to monetize the event. It may load browser extension in pack which lead you to a specific search engine. The search engine is compromised and direct you to high advert search page as compared to google.

Looks like freeware is not the only route for this. On my office-issued laptop, we are not to browse any sites for personal use. And definitely no un-authorised apps. Any apps / software has to come from the company internal source. I do make some exceptions sometimes with specific websites like banking, may be mail, TBHP. And yet I got a cobalten child (separate pop-up) window.

[roamer012]

Quote:

Originally Posted by condor

Looks like freeware is not the only route for this. On my office-issued laptop, we are not to browse any sites for personal use. And definitely no un-authorised apps. Any apps / software has to come from the company internal source. I do make some exceptions sometimes with specific websites like banking, may be mail, TBHP. And yet I got a cobalten child (separate pop-up) window.

Facing similar issue on Team-Bhp website (Have yet to observe on other websites) while visiting from company laptop (With similar policies in place like that of yours). Also, iPad on the home network also throws this issue intermittently. The only thing common between company laptop and ipad at home is chrome with same login credentials.

[condor]

Quote:

Originally Posted by roamer012

Facing similar issue on Team-Bhp website (Have yet to observe on other websites) while visiting from company laptop (With similar policies in place like that of yours). ... The only thing common between company laptop and ipad at home is chrome with same login credentials.

Thanks for this - so I am not the only one. Wonder if anyone else is facing this.

Btw, for me it is Firefox.

[roamer012]

Quote:

Originally Posted by condor

Thanks for this - so I am not the only one. Wonder if anyone else is facing this.

Btw, for me it is Firefox.

I doubt it's browser dependent. I find the issue crops up on specific networks and devices. Have tried clearing all caches and history across devices (linked to same apple / Google id) but the problem seems to correct it self / appear again randomly. Right click to open in new tab works flawlessly however directly clicking links leads to cobalten. And I am pretty sure that no anti malware can sort this rather the root cause is cheap routers and their pathetic security since I am not able to replicate this on same device, same browser but different network. However the pop up is usually restricted to Team BHP and few other websites.

[i_see]

I used to have Airtel broadband connection at home till recently and never had any pop up issues. Recently shifted to BSNL FTH connection and all hell broke loose.
I frequently get the cobalten pop up on my laptop on several websites. Surprising, I never get it on same device when I use mobile hotspot on Airtel, Jio and Vodafone sims!
Did a bit of googling and found many people on BSNL broadband connection face this issue . It seems BSNL is injecting adds for additional revenue

You can read about it here

https://broadbandforum.co/threads/ma...bsites.169151/

Are all the people facing the issue on BSNL broadband connection?

P.s. on browsing through mobile on same WiFi network, it frequently takes me to play store to download UC browser ( even when browsing on UC browser)

[samaspire]

Quote:

Originally Posted by ritz3645

Link 1: https://howtoremove.guide/android-malware-removal/

Link 2 : https://howtoremove.guide/cobalten-com-virus-remove/

Hope it help, let me know.


Condor : The first link has cobalten details for Windows.

I worked, or I thought it did. I was 'warning free' for 1 week, but it's back again since yesterday.

[GeneralJazz]

Quote:

Originally Posted by i_see

I used to have Airtel broadband connection at home till recently and never had any pop up issues. Recently shifted to BSNL FTH connection and all hell broke loose.
I frequently get the cobalten pop up on my laptop on several websites. Surprising, I never get it on same device when I use mobile hotspot on Airtel, Jio and Vodafone sims!
Did a bit of googling and found many people on BSNL broadband connection face this issue . It seems BSNL is injecting adds for additional revenue

You can read about it here

https://broadbandforum.co/threads/ma...bsites.169151/

Are all the people facing the issue on BSNL broadband connection?

P.s. on browsing through mobile on same WiFi network, it frequently takes me to play store to download UC browser ( even when browsing on UC browser)

Yes I've faced this issue with BSNL. Any decent ad-blocker should make it go away. Haven't faced the UC Browser issue though.

Check out these discussions:

https://www.quora.com/Is-it-legal-for-an-ISP-to-inject-advertisements-into-webpages

https://security.stackexchange.com/q...bsites-and-mak

[samaspire]

Quote:

Originally Posted by i_see

Are all the people facing the issue on BSNL broadband connection?

P.s. on browsing through mobile on same WiFi network, it frequently takes me to play store to download UC browser ( even when browsing on UC browser)

You are right. BSNL is the culprit!!! I just realised that I am having issues only while using BSNL wi-fi at home.

I have also recently started getting the UC Browser messages.

Can't we do anything about it? Complain to somebody?

[roamer012]

Quote:

Originally Posted by roamer012

I doubt it's browser dependent. I find the issue crops up on specific networks and devices. However the pop up is usually restricted to Team BHP and few other websites.

Quote:

Originally Posted by i_see

I used to have Airtel broadband connection at home till recently and never had any pop up issues. Recently shifted to BSNL FTH connection and all hell broke loose.
I frequently get the cobalten pop up on my laptop on several websites. Surprising, I never get it on same device when I use mobile hotspot on Airtel, Jio and Vodafone sims!
Did a bit of googling and found many people on BSNL broadband connection face this issue . It seems BSNL is injecting adds for additional revenue

Are all the people facing the issue on BSNL broadband connection?

P.s. on browsing through mobile on same WiFi network, it frequently takes me to play store to download UC browser ( even when browsing on UC browser)

Quote:

Originally Posted by GeneralJazz

Yes I've faced this issue with BSNL. Any decent ad-blocker should make it go away. Haven't faced the UC Browser issue though.

Quote:

Originally Posted by samaspire

You are right. BSNL is the culprit!!! I just realised that I am having issues only while using BSNL wi-fi at home.

In both my cases i.e. work laptop and ipad at home, network is of BSNL. Also as said by GeneralJazz, none of these devices have adblocker installed.