anrdoezrs.net

What is this weird URL that seems to show up in the strangest places?

anrdoezrs.net is a redirect url used by Commission Junction (cj.com) to sort of anonymize links to individual offers on their platform. So when you post a link to an affiliate offer from CJ (for instance,¬†http://www.anrdoezrs.net/links/3904395/type/dlg/http://www.gearbest.com/tablet-pcs/pp_365835.html ), they use this link to make it less obvious that the link is an affiliate link. Or at least that’s what I assume.

Malware removal toolkit – step by step

I recently suspected my laptop may have some malware (though now I think it’s just some new evil ad stuffing technique used on the web, but digress do I), so I consulted my guru buddy “tk” which malware removal tool he currently recommends. And he dumped the following list on me ūüėČ

me: What’s the best malware scanner n0wdays?
tk: There isn’t one really. You have to weed the sh*t out. One sec and I’ll get you a list.

1.  Start with http://www.bleepingcomputer.com/download/rkill/
2. Then after step 1, go to windows\temp and %temp% and empty those.
3. Then run http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ ¬†(Don’t install the “free” realtime scanner. it’s a check box. )
4. Then run http://www.bleepingcomputer.com/download/adwcleaner/ (it may find some scheduler stuff or something malwarebytes missed.)
5. Once all that is done, run this to manually see what is starting on the PC: http://www.bleepingcomputer.com/download/hijackthis/
6. Then run this to see if you can spot anything out of the norm (this and the prior step take some understanding of how windows works) http://www.bleepingcomputer.com/download/process-explorer/
7. Then run this hosts file editor to check if any domain redirs are hiding in the hosts file: http://www.amazify.com/windows-hosts-file-editor

tk: If it was just something dumb downloaded with a silent installer, the first two things will clean it up. The last stuff is for the really sh*tty malware.