Adf.ly Redirect Virus - How To Remove?

 

Adf.ly redirect virus refers to advertisements that are loaded from Adfly advertising network. Over the past few months, the company has been on the radar of security researchers for transmitting malware-laden and deceptive content. The advertising network itself is legitimate and should not be treated as an unreliable source, but many scammers use this website to promote disturbing and risky deals. However, we have noticed other malware, including advertisements from this network: Predictivadnetwork.com, MyImageConverter and Adskpak.com viruses.

Many people state that the service shortens links to hide destination of websites that should be actually considered as illegal and emotionally-damaging. One user left a review, suggesting that “One ad contained child pornography including sadism and bestiality, one ad included a drive-by download that Norton, Malwarebytes, and Google detected as malicious“. Since Adf.ly suspicious ad-network removed the usage of ad-blocker, the site has been considered as one of the services that are used to distribute malicious infections (Adf.ly served info-stealer).

Adf.ly rogue ad-network displays malware-laden ads, phishing scams, pornographic content

Adf.ly redirect virus

Actually, the website has been considered as suspicious ever since 2011, but it still continues to make displays of advertisements. Dozens of people have complained to be influenced by viruses due to Adf.ly redirect. Even though in the official forum of this ad-network it is claimed that adverts are closely monitored and suspicious ones are quickly banned, this does not sound convincing. Some users have complained about certain technical support scams a few years back. However, the same red-flagged ads appears to be still promoted via this network.

Some more aggressive users are claiming that Adf.ly redirect virus only poses as a legit site that allows businesses grow and earn profit. However, the service is legitimate service for url-shortening. Its irritating service is recognized by many people and it is important to regard this service as unreliable. Furthermore, even if users click the button of “Skip Ad”, they are immediately redirected to third-party websites like disturbing 3ask3.ba7r.biz or Files.ninja. If you attempt to download applications or interact with the content inside such domains, you will suffer the consequences of being infected with malware viruses. Services like Jamboxlive.com could be promoted by this suspicious tool and as we know, it is made as a browser hijacker.

For instance, we got introduced to an advertisements that promote MacKeeper. If downloaded from a reliable service, the tool should be normal. However, since we downloaded from Adf.ly com virus distributor, we received a susicpious MacKeeper.kpg that was a XAR archive. We ran this file through a number of security tools and they detected the archive as malicious (VirusTotal scan): Trojan.Application.MAC.PazaCA.1, Gen:Variant.Application.MAC.PazaCA.1, Osx.Malware.Agent-6327782-0, Riskware.Script.MacKeeper.enqqce and OSX/Mackeeper.J potentially unwanted.

Adf.ly hijacker

One ad also suggested to download File_173405.dmg. Our security researchers analyzed this file as well and found out that 13/58 security tools detected it as malicious (VirusTotal analysis). If controllers of Adf.ly redirect are claiming to monitor the content they promote, why are such ads still available? Obviously, advertising networks have a way of losing track of the material it supports. Just remember the incident with Taboola company when legitimate websites were noticed to include ads that lead to technical support scams.

In addition, Blpmovies.com malware is also seen as one of the malware parasites that Adf.ly virus supports. Please do not download content from websites that the rogue ad-network recommends you to. Some of the domains that are aiming to find out users’ personally-identifiable information have also been noticed to appear via Adf.ly ad-network.

How to tell if your computer is infected?

There are two case scenarios – you can be unlucky enough to constantly visit websites that are monetising their content with this questionable Ad fly method or your computer (web browser, to be more specific) is actually infected with an add-on and adf.ly advertisements come as a consequence of the presence of this tool.

Luckily, it is not that difficult to indicate whether your browser is infected or it’s just web pages you are visiting. If your browser is not infected, you are only likely to see adf.ly advertisements as a pre-screen on various websites. After clicking “skip the ad” button, you should be good to go and visit the website you want to. However, if your computer is infected with this virus (add-on is on one or several of your Internet browsers), clicking on the skip button will result in being redirected to affiliated website. The redirect can appear on the same window or on a new tab – that is a clear sign that your computer is infected.

You can also take a look at the extension list on your web browsers – you should be able to notice malicious extension right away. Look for the keyword “ad fly” in the name of the extension, as the name itself can vary.

Other symptoms that you are likely to experience if your computer is infected with this virus – you might notice additional banner or pop-up ads on random websites while browsing the Internet (usually labeled “ads by Adf.ly” or something like that) or regular text on websites can be turned into fake links and clicking on them might result in another redirect.

Finally, this adware infection might be responsible for other malware instalment on your computer. I.e. it can infiltrate other viruses into your computer, so keeping adf.ly add-on installed might pose a threat to the overall health of your computer.

In case you recognised at least one of those symptoms, you should fast forward to the removal of this virus. The longer you wait, the more harder it gets to clean your computer from malware.

Reasons for being bothered by this annoying redirect

You might be noticing this suspicious website due to the fact that an adware parasite has slithered into your operating system. This is possible if you like to visit unknown domains or have a tendency to pay little attention during installation processes of freeware. Select advanced/custom modes to avoid any future misunderstandings. If you wish to check your operating system for viruses, we gladly recommend scanning OS with Reimage. Furthermore, you can try to look whether suspiciou applications have been installed into your device and remove them from Control Panel.

How to remove Adf.ly redirect virus using Windows Control Panel

Many hijackers and adware like Adf.ly redirect virus install some of their components as regular windows programs as well as additional software. This part of malware can be uninstalled from Control Panel. To access it, do the following.
  • Start→Control Panel (older Windows) or press Windows Key→Search and enter Control Panel (Windows 8);
    Control panel
  • Choose Uninstall Program;
    Programs and features
  • Go through a list of programs and select entries related to Adf.ly redirect virus .
    Remove toolbars
  • Click uninstall button.
    Uninstall
  • In many cases anti-malware programs are better at detecting related parasites, thus I recommend installing Spyhunter or Reimage to identify other programs that might be a part of this infection.
    Scan with spyhunter
This method will not remove some of browser plugins therefore proceed to the next part of the removal guide.
Removing Adf.ly redirect virus from your browsers

Automatic Adf.ly redirect virus removal tools

 
 
Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure     
 

About the author

 - Virus researcher
I’m a virus researcher and my field of specialization involves but is not limited to the newly-developed ransomware variants. In my opinion, crypto-viruses are highly-underestimated and some Internet users have very few opportunities to learn about their symptoms before it is too late. Our goal here in 2-viruses.com is to make sure that crucial information about the most relevant malware samples would be available for everyone.
 
October 4, 2017 00:31, October 9, 2017 06:50
 
   
 

Leave a Reply

Your email address will not be published. Required fields are marked *