How to get rid of Vimax ads

Neil Chase at our advertising partner company, Federated Media says:
Several authors have recently found every ad zone on their pages filled with ads for Vimax, which is supposed to enlarge a certain body part. We don't run ads for stuff like that, and of course no FM author or staffer could possibly need it anyway.

But there's malware floating around out there that hijacks your computer's DNS settings and puts its own ads into your zones. Unlike regular viruses, it can attack both PCs and Macs. It seems to often come with free video-processing software.

If it happens to you, rest assured that it's happening only in your Web browser and not to your readers. Here's what to do:

* For Mac users: Apple's forums have info about a couple fixes in this thread

* For PC users, several people suggest Trend Micro's free HijackThis tool.

33

  1. NoScript Firefox plugin. Live it, love it, eat it, breathe it, hack it.

    Never get another script you don’t want (and only view the stuff on sites that you want and trust).

  2. just do what I do, use Privoxy, it’s an HTTP filtering proxy that re-writes HTML on the fly and strips out animated gifs, ad banners (based on image type, URL, etc), eats cookies, etc. it’s awesome. I don’t see ads anymore.

  3. HijackThis is great. Get it even if you’re not affected by this virus. But learn how to use it before you go messing around.

  4. I’ve always felt that advertising by linking to an ad provider’s site in the HTML page is the wrong approach. It slows down page loads, places both performance and reliability outside your control, and is susceptible to attacks like this. The only advantage I can think of is ease of implementation in the CMS/blog server software…

  5. According to the linked Apple support forum, these ads were being substituted by a user’s ISP; changing DNSs fixed it. Linux users (who were seeing ads) would be just as vulnerable.

    I’m surprised that an ISP would do this. Perhaps I shouldn’t be, but this would seem to expose the ISP operator to huge potential downside.

    Safari users should get with SafariBlock.

  6. The HijackThis description says that it scans the computer for settings that MAY have been changed, but “doesn’t determine what is bad or good.”

    It advises: “Not an expert? Just save the HijackThis report and let a friend with more troubleshooting experience take a look.”

    I have Vimax ads. Does anyone here know what to be looking for in the HijackThis scan results log, and what to do about it?

    These ads suck boo coos of eggs, regardless of whatever benefit it may have for my lady friend eventually.

  7. WOW!! Now if I can just figure out how to get ALL THE ADS OUT OF THE VIDEOS ON BOING-BOING!!!!

    Sweet Jeebus. . . I was just scrolling down checking out a couple of the vids on the page and every one of them came up with an ad related to something in the video.

    For instance, I was watching the video on shooting hot water from a bottle at -29 degrees. I couldn’t focus well on it though. . . THERE WAS A BANNER FOR “BOTTLE WARMERS” THAT COVERED A FULL THIRD OF THE VIDEO SCREEN.

    Okay, so I click through it. No biggie. You can just click on the “x” and see the entire video, so I click on another video. . . Well it gets better. This time a popup twice the height and half the width came up on the screen, with nothing to click to minimize it.

    Nice.

  8. To be fair, the Vimax dns hijack is not a virus. Most security companies would call this an exploit since it only affects web browsers and is not a system-level attack. OpenDNS and Privoxy are the way to go.

  9. @7, One alternative to SafariBlock that doesn’t involve hacking Safari (no official plugin support) is GlimmerBlocker, which works by setting up a local proxy instead. I use it for some userscripts, but I noticed the ad blocking (which is its main purpose) works quite well. I don’t really like ad blocking, but I know a lot of people do, and it’s always good to let the options be known…

  10. Well… none of these seem to be a solution to the actual problem, more of a workaround. Does anyone that actually *has* the problem feel like figuring out what it is? I’m curious, but alas I am worm-free.

    Btw to all of you that block ads: keep in mind that web sites exist because of advertising revenue. I don’t want to be preachy, some ads deserve to be blocked. But come on the ones that don’t get in your way aren’t that big a deal are they?

    Especially if you need a bigger penis ; )

  11. “Unlike regular viruses, it can attack both PCs and Macs.” The only two types of computers that exist?

  12. Can’t you just take a screen shot of your blog all full of Vimax ads and then charge the company the standard advertizing rate? If everyone did that the company might go out of business.

  13. To get rid of it on the PC you probably need something like SpyBot or AdAware. This advice of “go look for a friend that may or may not know what the hell they’re doing” is bullocks.

  14. Oh Jeebus- folks before you download, run and delete everything from HyjackThis- STOP. It is a powerful piece of software. But it will pop up anything it thinks looks remotely suspicious- which may,can, and probably will include necessary system files. If you don’t know what to delete (and you probably don’t) then run the program, copy the log, search on google and find a site to paste to. There are a couple where people are nice enough to look over your log and tell you what to delete and what not to. And be nice about it. I’m not saying this is the only solution, but if you just select everything and hit deleteall like you do with your antivirus or antispyware software usually, you almost assuredly WILL have problems with your OS.

  15. Gussy it up however you want, Trebek. What matters is does it work? Will it really mighty my penis, man?

  16. Malware as vandalism was bad enough. Having it become a tool of marketing was worse. I suggest we consider an ethical rethinking of the malware issue.

    I propose nothing less than an universal social “Excommunication and declaration of Anathema” upon malware writers orthose who use it as a tool. It’s really simple. Write or use Malware wittingly and for evil- We consider you dead. Suffer not a Malware participant among us. There’s no sane justification for malicious code! So we must consider a united declaration of just how unacceptable Malware creation or use is.

    WE tell THEM to depart into darkness and remain there. We shall shun them and their kin. They shall be unwelcome in our company. I would humbly suggest the concept be seriously considered. Would the concept of social Excommunication from ALL honorable company deter YOU from trafficking in Malware? It might be hard to tell a friend or closer relation that they are in social death penalty for their crimes. Yet it’s kinder than waterboarding them the way Malware victims might suggest instead.

  17. SpyBot and AdAware don’t solve this problem.

    I use Ad Block Plus, which is awesome, but I do understand the sentiment posted regarding blocking out all ads, many of which generate needed revenue for small-time websites that deserve it.

    I was, in fact, driven to use ABP because of Vimax.

    If anyone has a solution to the Vimax problem that doesn’t involve wholesale blocking of all banner ads, I would be curious to hear it.

  18. I found this here:
    http://aalaap.blogspot.com/2008/10/block-annoying-vimax-ads.html#comment-99623873703031745

    Hello my name is Andrew, and i am a rep for the vimax pills company (pillsexpert.com) i am visiting different forums in the hopes that someone may still have this virus on their computer.

    Firstly this is not us that is infecting machines with the dns changer, this is why we need your help in tracking this person down.

    You must understand that our company runs an affiliate program, this means that webmasters and website owners are paid for their efforts when they generate sales for us form their own sites, thus the banners you are seeing are tools for our affiliates to use.(the banners are also available to advertise on other peoples websites, but certainly not in this manner of which i am speaking to you about now)

    We do not condone this type of virus spamming and we assure you once we have traced the affiliate in question he will be severly dealt with.

    (Side note, we still do not know who this affiliate is because we do not have this malware
    on our computer or any other computers we have access to, thus it makes it very hard for us to track him/her down and other factors such as cloaking etc etc)

    What we need form you is someone who is still affected with this malware to first of all:

    1. please download firefox or if you already have it GREAT.

    2. please click on the ad to arrive at our website pillsexpert.com (please note that all affiliates have a link to this site as each affiliate is assigned their own tracking cookie/pixel/number so we can tell which affiliate has generated a sale, which is the next part i am getting to.

    3. please click on in (firefox) tools> options> privacy> and on the privacy tab click on “show cookies”

    4. once you are inside the “cookies” tab you will see a cookie folder named: track.oainternetservices.com please click on the little + sign to open the folder.(it may be easier for you to clear your firefox
    cookies before you visit pillsexpert.com so there is not a whole bunch of cookies for you to scour through)

    5. once you have clicked on the folder you will see a number of different subfolder names what we want from you is a (6)-six digit number this number can be found under one of two sub-folders either
    the “id” sub-folder or the “pub” sub-folder

    thats it! please email me the six digit number we will know exactly who this person is and he will be dealt with by way of law (yes we will be suing him) and any monies forfeited.

    my email address is official79@gmail.com

    thank you for your time and we would sincerely like to apologise for any harm caused to your computers.

    Andrew

  19. The only thing I can think of for Mac users is that it’s something to do with the DNSChanger trojan (a.k.a., OSX.RSPlug.A and OSX/Puper) that’s out there. I very much doubt this is from a “virus” as this BB article suggests or this would be major news for the Mac community. It’s a huge pain in the ass to make a prolific virus that propagates worth a shit for OS X despite what so-called security “experts” say.

    You get the trojan (not virus) by going to porno sites which tell you that you need a “codec” to watch some sheep fucking porn or whatever which then (if you allow it) it will download an installer on your Mac. You then need to run the installer and put in your Admin password and everything and then proceeds to jack up your DNS.

    It’s kind of like walking into a strip club with your laptop and having a seedy character in a dark corner you’ve never met before tell you he can “help your computer” if you let him take it out to his car for a while and bring it back. Hahaha…

    Gawd…

    If you want to get rid of it (or just check for it) go here:
    http://www.versiontracker.com/dyn/moreinfo/macosx/33696

    If you want to avoid it, avoid being stupid.

    Windows users… if you don’t know how to get rid of spyware, adware, malware, viruses, trojans, etc. by now… then… well… you’re probably already screwed.

  20. Well is this really a virus or even an exploit?

    You have several people saying DNS is being effected and redirecting to a different dns server could fix the issue…if that’s the case then the issue lies outside of the system.

    If the malware is creating something like a proxy and intercepting the stream then yes it’s local. Or even becoming a plugin (so to speak) into the browser…

    @17 I agree to the most extreme level…
    I have logged many hours on many pc’s with hijackthis and it’s a great tool. A very powerful one at that.

    To anyone that is going to try it, I have little advice… It really just takes knowing a lot about windows to do it effectively without serious system harm. (Not that you’ll “break” your pc, but you can certainly hose windows to the point it won’t load, ie. format and reinstall).

    I’ve got adblock plus installed in firefox right now… Never seen these so called ads… Hard for me to give any feedback on it.

  21. #21: Wait, what? Someone who sells penis enlargement pills is worried that rogue ads are tarnishing his image? It’s too early to start drinking (I have shit to do), yet how am I meant to cushion the blow as my brain assimilates this information?

  22. Re: the company rep “asking us to help find the rogue associate”. Uh? let’s see how many other sites discussing the malware associated with the ads he’s “asking for help from” Let’s next see how many click-per-view credits his “asking us to help” generates… That alone could explain his desire to have us “help”

    Which is supported as a suspicion by his poor literacy. There is a strong stench of complicity between this “Andrew” and the person/s who are orchestrating the DNS redirect exploits. I humbly suggest everyone affected by this consider forming a class action group against the company. And it’s quite thinkable that RICO federal violations are involved due to the multiple layers of conspiracy. Perhaps the EFF might also look into this as “Freedom from DNS misuse or Malware” should be right in their ballpark…

    And *IF* he were truly a company rep he’d have an address in their domain as some credibility. Yep- smells like more scamming.

  23. Madfist @9 – Yell at YouTube. That ad was from them.

    FYI, when I made suggestions about the BBtv ads the BBtv crew listened. But then again, I tried to complain without berating anyone.

  24. It is in fact a form of malware that is installed. Basically if you are seeing the ads then you are infected. I have removed it off 20+ computers already.

    I don’t want to spam up your boards, so if I am not allowed to post a link to our removal instructions then feel free to remove it. I notice a few people above said they are infected so I wanted to offer to help remove it using free software – we run a free computer support site and would be happy to help anybody having issues with this.

    Preliminary Removal Guide =>
    http://www.tech-101.com/virus-malware-removal/topic6.html

    Regards,

    BD

  25. I also wanted to respond to some of the above comments.

    Often while removing this I have noticed bigger problems – the victims are almost always infected with some far greater threat than this adware. Usually Trojan.downloader or Trojan.DNSchanger < -which can actually effect the firmware of your router and re-route your DNS connection to a malicious server which sends a payload of additional malware to your computer. The server has an IP address beginning with 85.x.x.x Adding a pop-up blocker or connecting to a proxy server may eliminate symptoms, though your computer is still infected. The preliminary removal instructions posted above will remove the vimax ads, however you should still post your logs for us to review in case there are greater threats present

  26. For Windows users ComboFix will get rid of this pesky beast. And McAfee, Windows Defender and Spyware Terminator couldn’t detect the malware or do boo about it.

  27. IF u r using firefox. Right click on the ad and select block images from img.
    This is the easiest tmeporary fix if u don trust the adwares and malwares.

    RGDs—TTv

Comments are closed.