adf.ly malware on my computer

Post Reply New Topic

I am currently running Xubuntu 12.04. I have noticed today something different about my computer. Whenever I browse the internet, my browsing will occasionally be interupted by a redirect to a website called adfly. My adblocker, as well as extra plugins designed to thrwart the redirection don't work, as the intrusive ads do have a "redirect" option, supposedly to redirect me to where I wanted to go in the first place, but it ends up redirecting to google. So far, I haven't found any information on how to remove the malware from my linux system.

I seriously want to strangle whoever had the balls to make that ad program....what was he thinking?!

Delete the cookies for it from your browser cache.

That didn't work. It kept bothering me even after deleting cookies.

Turn off Javascript /Plugins and try.

Apparently it's not malware: http://adf.ly/
Are even NoScript and AdBlock Plus failing to block them?

If it's not malware, why is it impossible to remove?! !?

I've tried adblock, I've tried plugins that supposedly force it to redirect to the web page I was trying to access in the first place. I haven't used noscript yet, though.

Is there any consistency as to when you get redirected? Particular sites you're trying to access, or from which you get redirected? A lot of Minecraft mods, for example, use adfly for filehosting.

Odds are it's not malware, if you're running a Linux box.

adyf.ly could also be using persisant storage in your browser cache as well, so you might want to set your browser to not keep cahed web content. In Firefox, this is accomplished thusly:

go to Edit>Preferances>Advanced, then select the 'Network' tab, and look on the bottom of that tab, where it says 'Offline Web Content and User Data'. You will see a box that has a list of sites using persistant content storage on your computer. Click the 'Clear Now' button for this section, which will clear them out, and then go to the checkbox on the top left hand side of the box that listed the sites that used persistant storage and add a check to the box, which will at least ask you when a website tries to install 'helper' apps for a website.

Furthermore, if you happened to see 'adf.ly' amongst the list of sites that were using persistant storage on your computer, click the 'Exceptions...' button immediately below the 'Clear Now' button, and copy/paste the adf.ly entry into the box that pops up to ensure that the site is not allowed to use persistant storage on your machine.

Because there is nothing to remove?
Malware on Linux is about as common as hen's teeth.

After Googling to unearth some sites using adf.ly, I tried a few of them to see what happens.
Well, nothing much: links etc just work as expected and there seems to be no adf.ly present at all; checking the list of scripts blocked by NoScript, I see... adf.ly.
So maybe you should install it ASAP!

I found noscript to be a little bit intimidating to use, although thanks for telling me that the script specifically shows adfly among them. I find some scripts useful, so maybe I can block adf.ly ones alone. And yes, I've had the adf.ly problem on other websites, not just deviantart. Occasionally even on the school website I have to access every day. Just a few seconds ago, it even occured on this site.

Second of all, I know that it's malware because of the fact that nobody else has the same problem. I've also looked up malware on linux, and found out that even though it's not as effective, it does indeed work on wine, and I have wine on my system.

I wouldn't be so angry about this if the damned adf.ly s##t would only redirect me to the link's original destination, which it never does. It always links to google, or whatever website was being advertized, like Pirate 101 or stuff like that.

DeviantART becomes a bit broken when I don't allow at least some scripts. I'm currently trying what you're suggesting. I even visited the adf.ly website to see if i could find scripts to block.

I know you said it wasn't malware, but this worked of or me renoving several viruses a long time ago...a programme called malwarebytes that you can download, the free version works just as well. Redirect viruses can redirect you to pages filled to the brim with viruses and worms an Trojans and god knows what else. I had one a while back. Not the same one you have though.

Good luck. I know how frustrating viruses are.

I'm just frustrated because I'm using linux, and linux isn't normally supposed to get viruses.

I'd like to see sources on that information.

UNIX-like systems impose such a heavy separation between privileged and unprivileged processes, as well as user and system files, that it's virtually impossible for regular use of software to lead to malware infection. Just because it's only happening for you doesn't necessarily mean it's a virus (if it were a virus, other people would have things like this happen, and a fix would have been released quickly), and the odds of such a thing are so low that it may as well be discounted alongside gremlins and demonic possession as far as troubleshooting is concerned. Even with wine, you'd really have to go out of your way to help a Windows-based virus infect the Linux system, assuming that it would even work to begin with.

I would say, try temporarily creating another user on your system and using the browser as that user, to see if the problem still happens.
You can do that on a terminal with:

where '$otherusername' is something other than your existing login (you'll probably have to prefix the command with 'sudo'), and then,

assuming you use firefox as a browser.

If the problem goes away, then it's something in your firefox configuration.


He's running Linux, so not only will Malwarebytes not run, it's utterly pointless.

EDIT: If this is happening while browsing deviantART, it's also entirely possible that dA occasionally redirects through adf.ly as part of its advertising policy, or that users link their works through it (which is also a common practice amongst Minecraft modders; I absolutely hate it). I'm not a regular browser of dA, so I really couldn't comment authoritatively; except that you might keep an eye on the statusbar when clicking links to see if they use the adf.ly URL shortening.

Last edited by drh1138 on 24 Mar 2013, 3:05 pm, edited 1 time in total.

It's very easy to use and rarely needs touching. The only times I tweak it is for a new site I've not used before but would really like to use, and then it's a case of selectively allowing certain things to run. It doesn't take long to discover those things which are useless - to me, anyway - Facebook, Twitter, and the more obvious ad-related sites etc so knowing which things to allow to make the site functional is quite easy - and they're just as easily turned off too.

No, adf.ly isn't malware. Really, it's not...
If you check the adf.ly site I linked a few posts back you'll see that it works through scripts and if those scripts are allowed to run, most likely the default situation for many browsers, then it will be intrusive and annoying irrespective of the OS and the browser.
I Googled stopping adf.ly which turned up quite a bit that may be of interest to you, and all of it involved preventing or bypassing the sneaky tricks the adf.ly scripts try to pull with your browser. There is no malicious code installed because (quite apart from it being commercial suicide) there is no reason to do so.

Just because something which emulates Windows exists on your system does not make the system prone to malware - not least because if Wine was prone to anything, it would be prone to Windows malware. Assuming that Wine was prone, then it would only affect the operation of Wine and Windows software you might be running under Wine and even then, only while you were running it. If you were to run Malwarebytes under Wine you would be providing protection from Windows malware for that Windows environment only - not Linux, under which it will not only fail to run because it is Windows software, but it would be pointless to run it anyway.

Linux is totally and utterly different in its operation and it is impossible for Windows malware to affect it, because the Windows-related vulnerabilities (caused by specific flaws in specific parts of Windows OS code) simply do not exist in Linux. I don't just mean that it is basically "more secure" than Windows; more that the code which malware expects to use as an easy infection route is not present at all - quite apart from the many, many other differences in the way the OS works.
It's like saying that an insult spoken in French will also be offensive to someone understanding German only. It's never going to happen.
I suggest you Google for wine malware for a wider description.


ETA: plus everything drh1138 said, who posted while I was writing this.

I just find the whole thing baffling. I never even knew that adf.ly existed until a few days ago.