November 25, 2013 - Warren Held

Remove Ads By BetterSurf (and ads coming from jsn.donecore.net)

There is new malware making the rounds that is finally starting to be detected by Malware scanners.  I’ve only been able to find rumors on how it is spread but this Reddit post says that you might be able to prevent computers on your network from being infected by blocking rvzr-a.akamaihd.net.  BetterSurf will inject banner ads into web pages as you browse the internet and launches pop-up ads that seem to come from the URL jsn.donecore.netjsn.donecore.net.  BetterSurf also comes with an updater program and creates a scheduled Windows task to run this updater.  This enables it to phone home and update itself, and potentially install more malware onto your PC.  I tried to remove this infection on two PCs using both Spy-Bot and Malwarebytes and was only successful with Spy-Bot on one machine.  I had to manually uninstall BetterSurf on the second PC.  Here are the instructions on how to manually remove BetterSurf:

  1. Chrome: Go to options menu in the top right corner.  Go to Tools -> Extensions.  If you see BetterSurf click the trash can icon to remove it.
  2. Firefox: Go to the Firefox menu at the top left.  Go to Add-ons.  Click on the extensions tab.  Disable BetterSurf.
  3. Internet Explorer: Click on the gear icon in the top right corner of IE and go to Manage Add-ons. Look in there for BetterSurf and disable it if you find it.
  4. Go to Control Panel -> Folder Options.  Go to the View tab. Make sure ‘Show hidden files, folders, or drives’ is selected.  Click ok.
  5. Check for the C:\Program Files (x86)\BetterSurf folder.  Delete it.
  6. Delete C:\Windows\tasks\AmiUpdXp.job
  7. Go to Control Panel -> Programs and Features.  Look for an item called ‘Software Version Updater’.  Select it and click Uninstall.
  8. Hit the Windows Key + R on your keyboard to open the run dialog box.  Copy C:\Users\%username%\AppData\Local\ into it.  Hit enter.  Look for a folder called SwvUpdater.  Delete it if it exists.

Please leave a comment and let me know if these instructions worked for you!

Malware