Trouble with possible Adware, video included

[ZWTron Support]

Hello everyone, I have an issue which I noticed a two days ago. The issue is that some (not all) websites are doing wierd things. It could be waste of time describing it, so I recorded a video:
https://www.youtube.com/watch?v=EZkk4s7M8eI&feature=youtu.be

Some details:
I've fresh version of my Windows 7 (installed 15.6.2015, yesterday).
I've used some tools and utilities to attempt to get rid of this, but they found some issues, but the problem has not been solved.

✓ AdwCleaner
✓ Malwarebytes Anti-Malware
✓ Rogue Killer tool
✓ Full antivirus scan using IObit Advanced SystemCare
✓ As said, reinstallation of Windows

It has never been shown to me before, but the worst is that the thing is on both of my notebooks (using the same wifi routes, so the router may be infected).

I'll be grateful for all ideas and replies.

 

[Reyaz123]

Does it only happen on that website? If yes its probably just the website

Do those scans in safe mode with networking.

You did a fresh version of Windows already, so I suspect something malicious has gotten into your network. Turn on windows firewall on every PC that is connected to your network and see if that helps

 

[ZWTron Support]

@Reyaz123 - No, it happends in multiple websites, sometimes the same website working well and sometimes with that thing. I had turned on Windows Firewall in both computers.
I guess that its not problem with the websites.

 

[scout_03]

witch browser do you use you may have to check the security settings in it also check your router on the wireless part if only your decice mac arrdess are on the permit list .

 

[ZWTron Support]

witch browser do you use you may have to check the security settings in it also check your router on the wireless part if only your decice mac arrdess are on the permit list .

I'm using Google Chrome on both notebooks. I've checked wlan in router and I found something suspicious:

Or3.7777 is my wifi network.
RT2561_2 UNKNOWN?!

TdoPC - pc #1
android - possibly my mobile phone
Kubo - pc #2
UNKNOWN??!

 

[ZWTron Support]

This thing also happend in this website, but it looks like it don't work on https (security) related websites.
I think that I'm close to solution, please check what I've found.

I think that the junk does following:
It overlays the website with an transparent (image) element with target <a> (link)
Here's source code for the element:

<a style="cursor:default" onclick="return ctpsrv.dp(this,0)" target="_blank" href="http://rdsrv.com/newbidder/click.php?subid=23c777ffLXF6b18AgUdrAQrgA1MDU2MDkyMDMgICAgICAgICAgICAgICAgICAgICAbL109pojbAAEAAAAAAOTxwsQAIgABAAAAAgABAAAACQABAAAAAAAAAAAAAAAAAJBZgFUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcUx%5FBZW4gIBQA&amp;redir=aHR0cDovL3d3dy5hZGNhc2guY29tL2FkL2Rpc3BsYXkucGhwP3I9MzUwMzQ4JnN1YjE9MTQzODczNjYmbm9jb29raWU9MQ~~&amp;subid2=e4a3aHR0cDovL3d3dy53aWtpYS5jb20vd2lraWE%7E&amp;cost=0"><img src="//p.ctpsrv.com/transparent.gif" style="border-style: none; position: absolute; z-index: 999; left: -1px; top: -1px; height: 100%; width: 100%; background-color: rgb(246, 161, 181);"></a>

and image element:

<img src="//p.ctpsrv.com/transparent.gif" style="border-style: none; position: absolute; z-index: 999; left: -1px; top: -1px; height: 100%; width: 100%; background-color: rgb(246, 161, 181);">

The image uses a link, based on website loaded, examples: (DONT CLICK!!!)

http://www.wikia.com/p.ctpsrv.com/transparent.gif
http://tomshardware.com/p.ctpsrv.com/transparent.gif

When I attempt to delete the element using Google Chrome source code I'm rid of this until I reload a page.

So my computer must contain a javascript file .js that loads when chrome is on.

 

[Reyaz123]

You have 2 options:
1.scout_03 suggested with Mac filtering for that unknown Mac address (should be in your router config)

2.Do a factory reset on your router. Reconfigure the wifi passphrase and change it

 

[ZWTron Support]

You have 2 options:
1.scout_03 suggested with Mac filtering for that unknown Mac address (should be in your router config)

2.Do a factory reset on your router. Reconfigure the wifi passphrase and change it

I've just reset my router, the hidden address is there no more, but the problem is still there.
Please check my new video, maybe it helps more.
https://www.youtube.com/watch?v=kDWX58zBxuk
Its doing on my second computer to, but when I connect to neighbor's WIFI theres nothing.

 

[Reyaz123]

Does it happen with other browsers? Or just chrome? If its just chrome, uninstall/delete the setup file you got as it probably got infected by something before you installed chrome
Download the chrome setup from the official website and reinstall it. Just a thought.

 

[ZWTron Support]

Does it happen with other browsers? Or just chrome? If its just chrome, uninstall/delete the setup file you got as it probably got infected by something before you installed chrome
Download the chrome setup from the official website and reinstall it. Just a thought.

It's happening in Mozila Firefox too. As I said, its not computer issue, I couldnt get the same virus on both computers and when I connect to neighbor's wifi - nothing at all. Is there a way that my internet provider has been hacked or something? Just thinking.

 

[Reyaz123]

Here is another idea I got
Open cmd
Type these commands in:
Ipconfig /release
Ipconfig /renew
Ipconfig /flushdns
Check if it solved it. If not

Call your ISP, this could be more complex than we thought. If you do call them and find out what was causing that, post it here

 

[scout_03]

you been infected on your wireless network change the password of it but do not put dictionnary work and use a capital letter and a number in it ,the other thing your router use wep only and it is on auto if you use wpa 2 that would be better and put mac filtering on . https://www.google.ca/?gws_rd=ssl#q=rt2561_2+wireless+client