Ad on SDMB installs malware on my PC

I can’t tell you what ad is doing it, but in the last ten minutes I’ve opened a thread and had my screen taken over by malware that looks like the My Computer folder with a virus scan going on. After closing down the offending program, SpyBot tells it came from “Right Media”.

Please do something about this now.

Here are a link to help anybody who has been infected:

(link to commercial site removed – Rico)

The above link was to a site offering a spyware remover - it said it would detect the infection, but not heal it unless you paid for it. (Not your fault, Skald, thanks for trying to help!)

Let’s give you some free links:

Super Anti Spyware
Spybot S & D

The above links offer free versions to their products and should be able to remove just about any infections you have. Make sure you update them before you start - and if the infections keep coming back, run the program in Safe Mode.

The links I found to Right Media (owned by Yahoo) removal mentioned that Super Anti-Spyware would remove the infection. Try that first. MalwareBytes would be my second choice.


It’s not Yahoo’s fault.

One of their content providers is inserting malicious code into Right Media ads!

Still searching. The aforemtioned Spybot will not remove the infection.

Spybot did remove the infection for me when I ran it after first coming across the malware. Running Ad-Aware after a restart didn’t find it again.

Addition #2:

Malwarebytes should remove it. Do the following after installing the latest version:

Open it, go to “Settings” and uncheck the box “always scan extra and heuristics objects”

Select quick scan and delete all that it marks in red.

When a notice pops up to restart computer select yes.

If the malware returns then go into Safe Mode and run it from there.

ETA: Glad you found it, Justin. We were typing posts at the same time.

I double-checked and you’re right Rico, Spybot won’t remove it. It says it does, but it doesn’t. Ad-Aware doesn’t even recognize it as an infection.

We are looking into this.

We also need more information – who else has actually seen this? What ad caused it to happen?

Jerry has told me in the past that when this happens the user picked up the malware from somewhere else – the calls in our ad software triggered the activation of the malware but the download did not come from this site itself.

Please observe the situation and tell us what you see.

Both times the malware appeared I was only using the SDMB. Both times it occured, the malware took over a page I had just opened a thread. Both times the malware took over before I could read what the ads said (I tend to tune them out).

If the above doesn’t work for you, please follow the steps in this thread: