Saturday, 17 May 2014

How-To: Remove Rvzr-A.Akamaihd Pop-Up& Virus [Guest Post]


Rvzr-A.Akamaihd.Net Pop-Up ad-ware A colleague just got hit by another one of these insidious little blighters. We know how it got in - Internet Explorer 11 - but not the source. I suspect my colleague clicked on a close or cancel button in a pop-up which actually ran some malicious code.

We know what and when it was installed - a program in this case masquerading as Rich Media Viewer, on May 16th. We got the full range of initial symptoms. We also got rid of it inside ten minutes, before it could do any further damage.

Rvzr-a.akamaihd.net is another unauthorised adware client; using a full range of false pages and pop-ups, it highlights web page text for adware popups, opens tabs onto Trojan pages when you open your browser, and initiates more popups when you open a new tab.


Fortunately it is relatively easy to exterminate, but do be aware there are new variants hiding under new names, so check for updated instructions on the web whenever you come across an instance of infection.

The pop-ups, which all originate from Rvzr-a.akamaihd.net  you can see sampled in the thumbnail to this article and include:
  • various advertisements pushed in highlighted ad text inserted into third party websites
  • separate pages onto Trojan pages for multi-player online games – League of Angels and Travian
  • a number of browser and media player alerts which look astonishingly close to Adobe and IE update notices, which prompt users to download some software products such as Internet browsing applications and media tools (players, editors)
These are all complete garbage hiding malware.

Common redirects include a “media player update” from playmediaplayer.com, a “Video Downloader” from onlinevideopctools.com; “recommended” media player from ttb.playmediaplayer.com, an ‘error’ message’ implying you cannot view the page and launches a download from weupdatevideos.com (or similar).

Lookout for variants. None of these is legitimate.

Removing Rvzr-a.akamaihd.net
First you have to identify the program containing the Rvzr-a.akamaihd.net adware, as well as any software bundled with it. Bundles include:
  • Rich Media Viewer
  • Onlinewebfind.com
  • NationZoom
  • Browser defender
  • Browser protect
  • Browser protected by conduit
  • Delta search, Babylon
  • LessTabs
  • WebCake 3.0
  • Yealt
  • LyricsContainer
  • VideoSaver
  • AddLyrics
  • privacy safe gaurd
  • unfriend checker
  • Price peep today
  • Coupon amazine
  • TidyNetwork.com
  • DownloadTerms 1.0
  • Yontoo
  • A2ZLyrics
  • DealFinder
  • ClickDownload
  • FBPhotoZoom
  • LyricXeeke
  • WebCake
  • DownloadTerms
  • Lyricsfan
  • HD-Plus
  • Language Learning
  • Browse2Save
This bit of malware has been around since at least 2011, and many of the third party security suites will pick it up and zap it. Microsoft Security Essentials DOES NOT. Thanks Redmond.

There are dedicated tools for malware removal and for Rvzr-a.akamaihd.net specifically. I do NOT trust any of them, since you cannot trace their provenance: many of the malware removal tools are extensions of the malware themselves produced by the criminal little scumbags that wrote the malware in the first place.

So I would suggest you do NOT download any of these tools even if you have it on good authority from someone known personally to you.

Instead, I would go with the manual removal as this strain of malware is not so difficult to get rid of with some guidance.

Rvzr-a.akamaihd.net manual removal
Go to Control Panel. For Windows XP / Windows 8, browse to Add or Remove Programs. For Windows Vista / Windows 7, select Uninstall a program.
Identify any new or unrecognised programs that may have come bundled with Rvzr-a.akamaihd.net and select Uninstall/Change in order uninstall the carrier. This may require some intelligent research as you go through the entries. If you didn’t install it, don’t recognise it, can’t associate it with a reputable piece of software, hardware or service provider on your machine, and it is dated close to when the infection start, there’s your candidate carrier of the infection.

Before you do a restart, also look to clean your browser.

Remove Rvzr-a.akamaihd.net trojan from your web-browser
Resetting your browser will, along with eradicating the infection, erase personal data such as bookmarks, passwords, browsing history, which may be inconvenient, but not fatal. Do try to backup your bookmarks as a minimum.

Removing Rvzr-a.akamaihd.net from Internet Explorer
Reset IE browser settings
  • Open Tools at your current page top menu and proceed to Internet Options in the Tools drop-down list
  • In the Internet Options menu, go to Advanced tab, press the Reset option below
  • This opens the Reset Internet Explorer Settings window; check the box for Delete personal settings then select Reset
RemovingRvzr-a.akamaihd.net in Mozilla Firefox
  • Go to Help section at the top of current page to pick up Troubleshooting Information among its options, otherwise enter type about:support in the address bar.
  • Once you are in the Troubleshooting Information menu, press Reset Firefox… as seen below

Removing Rvzr-a.akamaihd.net from Google Chrome
Reset Chrome browser settings
  • Open Chrome, select the Wrench (Google) menu at the top right. In the drop-down list, select Settings
  • Select Show advanced settings.
  • The Reset browser settings shows some way down the tab.
  • Chrome politely reminds you of the consequences; select Reset otherwise select Cancel

Finally restart the PC and open a browser window to ensure that the tricky little swine is gone.

Thereafter, please keep an eye on things you download, and browser pop-ups to strange pages.  Don’t click any of the buttons inside them, but use the browser window close button to kill it. AJS

Related:  How-to: Remove Text Enhance Adware
 
Allan J. Smithie is a journalist and commentator based in Dubai.
An ex-pat from the wintery North-East of the UK, self-confessed grumpy old git Smithie enjoys sunshine and arguing, over a drop of something bad for you.

No comments:

Post a Comment

At least try to be nice, it won't kill you...