Adf.ly Redirect Virus - How to remove

The term Adf.ly redirect virus refers to unwanted advertisements that Adf.ly loads to monetize its links. Over the past few years, Adf.ly has been on the radar of security researchers for transmitting malware-laden and deceptive content. The advertising network itself is legitimate and should not be treated as an unreliable source, but many scammers use it to promote disturbing and risky deals. Notably, we have noticed some malware that it related: Predictivadnetwork.com, MyImageConverter and Adskpak.com viruses.

Link Shortener

Adf.ly provides a service that shortens links. This can be used in a few ways:

• to make links look shorter,
• to share links that hide their true destination,
• to make money from people clicking on these shortened links.

Clicking shortened links is always a little risky as some malicious users severely misuse shorteners like Adf.ly to spread sites that should be actually considered harmful, illegal, and even emotionally-damaging. One user left a review, suggesting that “One ad contained child pornography including sadism and bestiality, one ad included a drive-by download that Norton, Malwarebytes, and Google detected as malicious“. Adf.ly has been abused by cybercriminals to spread a spyware virus).

But often, Adf.ly links are not so dangerous. They’re just full of obnoxious, unskippable ads that are supposed to make money for those who used Adf.ly to wrap their links. These ads can still be harmful, of course.

Adf.ly (often seen using the “Gloyah.net” URL) works by intercepting a shortened link that was generated using Adf.ly to display an ad before the real destination site is loaded. The ads shown allow people who share Adf.ly links to make money off of each visit. They might not intend the ads to be malicious, but they are profiting from it, while innocent users are being exposed to outrageous, harmful, and annoying content.

The situation of being exposed to Adf.ly ads can be summarized like this:

Symptoms	Pop-up ads by Adf.ly and Gloyah.net. Unrelated ads after clicking on a short link. Unexpected redirects to ads by Adf.ly.
Causes	Clicked on a short link created using Adf.ly. Visited a website that uses Adf.ly ads. Was redirected to Adf.ly by adware.
Harm	Drive-by malware installation. Leaked credentials. Exposure to traumatizing ads. Exposure to scams.
Removal	Remove harmful programs (Spyhunter for PC, Combo Cleaner for Mac, others). Remove suspicious extensions. Block unwanted notifications.

Adf.ly advertises unsafe and controversial content

Unexpected and unwanted sites

Actually, Adf.ly has been considered suspicious by some ever since 2011. Users keep complaining of viruses and infected links being shown to them by the Adf.ly redirect. Even though in the official forum of this ad-network, it is claimed that adverts are closely monitored and suspicious ones are quickly banned, this does not seem convincing.

For example, some users complained about certain technical support scams being spread by Adf.ly. Despite that, the same red-flagged ads appear to be still promoted via this network. Malicious ads are a problem and Adf.ly participating in the promotion of scams and malware puts ordinary internet surfers in danger.

As an example, if a user clicks on an Adf.ly ad, even if they click the button to “Skip Ad”, they are immediately redirected to third-party websites like disturbing 3ask3.ba7r.biz or Files.ninja. If you attempt to download applications or interact with the content inside such domains, you will suffer the consequences of being infected with malware viruses. Services like Jamboxlive.com could be promoted by this suspicious tool and as we know, it is made as a browser hijacker.

Infected apps

For instance, we got introduced to MacKeeper ads. If downloaded from a reliable service, the tool should be normal. However, since we downloaded from Adf.ly com virus distributor, we received a susicpious MacKeeper.kpg that was a XAR archive. We ran this file through a number of security tools and they detected the archive as malicious (VirusTotal): Trojan.Application.MAC.PazaCA.1, Gen:Variant.Application.MAC.PazaCA.1, Osx.Malware.Agent-6327782-0, Riskware.Script.MacKeeper.enqqce and OSX/Mackeeper.J potentially unwanted.

Another ad suggested downloading File_173405.dmg. Our security researchers analyzed this file as well and found out that 13/58 security tools detected it as malicious (VirusTotal).

Needless to say, be wary of Adf.ly ads.

In addition, Blpmovies.com and Ecleneue.com malware are also seen as some of the parasites that Adf.ly virus supports. Please do not download content from websites that the rogue ad-network recommends you to. Some of the domains that are aiming to find out users’ personally-identifiable information have also been noticed to appear via Adf.ly ad-network.

If the operators of Adf.ly say that they monitor the content they promote, why are such dangerous ads ever available? Obviously, some advertising networks have a history of losing track of the material they promote. Just remember the incident with Taboola company when legitimate websites were noticed to include ads that lead to technical support scams.

How to tell if your computer is infected?

Do you constantly get Adf.ly ads in your browser?

There are two explanations – you might be unlucky enough to constantly visit websites that are using Adf.ly to monetizing their content (maybe someone you follow always shares links shortened using Adf.ly?), or your computer (web browser, to be more specific) is actually infected with adware that’s causing Adf.ly ad spam.

Luckily, it is not that difficult to check whether your browser is infected or it’s just web pages you are visiting. If your browser is not infected, you are only likely to see Adf.ly advertisements as a pre-screen on various websites. After clicking the “Skip the Ad” button, you should be good to go and visit the website you want to. However, if your computer is infected with this virus (a malicious add-on is on one or several of your Internet browsers), clicking on the skip button will result in being redirected to an affiliated website. The redirect can appear on the same window or on a new tab – that is a clear sign that your computer is infected.

Other symptoms that you are likely to experience if your computer is infected with this virus – you might notice additional banner or pop-up ads on random websites while browsing the Internet (usually labeled “ads by Adf.ly”). Pop-up ads from Adf.ly or Gloyah.net that periodically show up on your screen are another symptom. If you check your notifications and find some suspicious URLs that are sending you ads, go ahead and block them. Many sites, including Adf.ly, behave like adware without even installing anything on your device, but they’re not any less dangerous because of it.

Finally, this adware infection might be responsible for other malware being installed on your computer. The ads that Adf.ly shows can perform drive-by downloads of viruses into your computer, so allowing Adf.ly to hijack your browser poses a threat to the overall health of your computer.

In case you recognized at least one of those symptoms, you should fast forward to the removal of this virus. The longer you wait, the higher the chance that a virus leaks your private data, exposes you to a convincing scam or does something else dangerous.

Reasons for Adf.ly redirects

If you wish to check your computer for viruses, we highly recommend scanning it with Spyhunter for Windows, Combo Cleaner for macOS, and other scanners. Look at your installed apps and see whether any suspicious ones have been installed.

Block notifications from Adf.ly, too. Check your browser settings:

• Chrome – open Settings, scroll down to Site settings (under Privacy and security), click on Notifications.
• Edge (Chromium) – open Settings, click Site Permissions, Notifications.
• Firefox – open Settings, Privacy & Security, scroll down to Permissions, and click on Settings next to Notifications.
• Safari – in the Safari menu, choose Preferences, Websites, Notifications.

Finally, if you wish to use Adf.ly links, you can look into using a reputable Adf.ly skipping tool. Ad blockers are great, but Adf.ly might resist them and block you from progressing to the destination link. So, alternative ways to get past Adf.ly need to be found.

How to remove Adf.ly Redirect Virus using Windows Control Panel

Many hijackers and adware like Adf.ly redirect virus install some of their components as regular Windows programs as well as additional software. This part of malware can be uninstalled from the Control Panel. To access it, do the following.

• Start→Control Panel (older Windows) or press Windows Key→Search and enter Control Panel and then press Enter (Windows 8, Windows 10).
• Choose Uninstall Program (if you don't see it, click in the upper right next to "View by" and select Category).
• Go through the list of programs and select entries related to Adf.ly Redirect Virus . You can click on "Name" or "Installed On" to reorder your programs and make Adf.ly redirect virus easier to find.
• Click the Uninstall button. If you're asked if you really want to remove the program, click Yes.
• In many cases anti-malware programs are better at detecting related parasites, thus I recommend installing Spyhunter to identify other programs that might be a part of this infection.

Automatic Malware removal tools