Fix: Annoying Adsmatte popup in desktop and smartphones

Phew! It killed a whole day of mine.

For last few days, I was bombarded with annoying Adware popup from Adsmatte. I first noticed it when I navigated to my blog for updating the template. Insaneously, I was surprised by bunch of ads popping up from my blog when I click on the post title or whenever I make any random clicks on blank area. And, that to without my consent.

I was facing this issue in both Internet Explorer as well as in Firefox. Initially, I thought it was because of any addons that got installed in my browser. I cross-checked the add-ons, disabled it, reset the browser, deleted temporary files, opened in InPrivate mode; but didn't helped at all. Along with this, I saw this issue in my other laptop and in windows phones. That gave me red signal. Does the malware affected my router or ISP? And, it's start spreading to all devices connected my router. Ah, oh! Literally, I have tried everything except Refreshing my PC and resetting my phone.

I searched through the internet and could hardly find 2 threads - (http://forums.androidcentral.com/moto-g-2014/528571-adware-redirects-most-websites.html, http://www.asus.com/zentalk/forum.php?mod=viewthread&tid=8189) which explain this problem. I am very surprised by the timing of this issue. Because, the thread was opened approximately on same day, I started facing the issue. I opened a thread in Microsoft Answers - http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/how-to-get-rid-of-adsmattecom-adware-opening/06b20667-586a-4ebd-9876-6d28c8528a1f?rtAction=1431798827824, and could see that other affected users too.

I started analyzing step-by-step. This issue is not related to my blog alone, I started seeing this in other websites also. If that's the case, then it should be related to some services that is widely used across all the websites. Could that be Google AdSense? Yes, that's a valid possibility. I quickly tuned off the ads code in my blog. But, the issue reappeared. That made me angry. I borrowed some patience, started digging for the JavaScript code (using IE Developer Tools) that loads this annoying popup and finally figured it out. I managed to extract the JavaScript code, that opens the annoying adsmatte popup. Carefully going through the code, caught my attention on one Google service - Google Analytics. Bingo!

I quickly commented my analytics code and refreshed the browser. There you go. No popups, no ads, nothing. It's clean and clear.

Yes, that's it. Google Analytics is the culprit here. Some nasty clever hacker has figured the loophole in Google services and targets the malware. Wait! The solution that I just figured out is a temporary fix. Practically, commenting out analytics code in every website is not practical and is not ideal at all. I believe, Google should investigate this further and come up with a fix which wipes out this issue.

Hoo!!! It's too late here. I just want to share this information with whoever reading this. So, I stayed late and published this.

Hope this helps. Please leave your comments, if it helped you.

Thanks a lot for reading this.

Thanks again.

UPDATE: A thorough analysis reveals that my router was hacked and the malware injected malicious code to the script files along with each webpage request. Since Google Analytics script is widely popular, it would be way more easier for malware to scan for the script and inject the code. This was the reason why you were getting ad pop-ups in websites which has google analytics and not in other websites. I finally brought new D-LINK modem to solve this issue.

 

Comments (33) -

  • Does this infect web sites ? For example I can browse some web sites but when I click certain other web sites it opens the pop up ad dot adsmatte. and browsing is very slow for those web sites.

    Is my computer infected ?  Or those external web sites ?
  • Hi
    after a lot of searching  came to your blog.i have pulled every trick to get rid of adsmatte to no avail.i want to ask you if it is just a popup or any severe infection could be there.
  • Can it steal my financial information and withdraw money from my account ? , I have done many transactions from this laptop ? What would be the best thing to be done ?
  • Have been facing the same issue but i am practically illiterate in this matter. How do I do it? its so annoying and frustrating!
  • PLEASE tell me how to solve this problem
    • another fix which i found is:
      first turn off your wifi(on phone), then restart your modem(just to get new ip),
      then goto google settings(android kitkat), the one where get advertising id (google ads settings)
      click options and clear app data, then goto ads tab and reset advertising id
      now just goto apps from settings, and go to chrome
      clear cache, then clear data, uninstall updates, force stop, disable
      then after sometime enable it
      then turn on wifi and connect to your wifi
      first check if the problem is resolved, if not retry again(just try once more Tong)
      then if you dont get any popup, update chrome and use normally

      mostly even if you are getting this after your browser reset and all these steps then its site's javascripts code issue, from the site server side, cant help it.
  • Please tell me how to solve problems

    I really liked this article but I can not understand how to solve it

    I am using Samsung android phone
    • in this post it says, the bug is in google analytics javascript code in the website code itself, so whenever you open the site it redirects to that shitty ad thing. it needs to be changed in website code, that is commenting the google analytics js code in the website code from server side.
  • Yes by disabling Javascript the problem disappears but with that a lot of functionality of the page goes along with it. Hope Google solves the problem asap. Thanks for giving such critical info about the problem!!
  • is it possible that any javascript could cause it?

    i am still wondering if its wifi , browser OR some hack on a service provider

    sachin
  • Hey there ,
        I am not a tech guy,but the same thing got into my ipad,iphone and my every device in my home.Could you suggest me hot to cure this .

    Thanks in advance
  • Hey,


    I'm experiencing the same issue. I am unable to load many websites(Google and facebook works fine). I get DNS error all the time. Sometimes few sites load on second attempt and for some sites css doesn't load. Whenever I double click(at any position) on a web page for the first time it pops up new pages or opens    Devices running Windows8.1, Windows7, Android, ubuntu in my lan got affected. Windows mobile is in horrible situation, it automatically redirects to some other page. Net speed has came down drastically. I tried paying bills online but was unable to connect to payment gateways all the time(I tried about 6,7 times). Ran MalwareBytes scan but it didn't detect any. Most importantly I cannot access my router page. I get request timed out error whenever I try to connect to 192.168.1.1.    

    I hear that resetting the router solves the problem, is that true?
    • hi,
      I have exact same prob as you.
      I solved a bit of it.
      First know the username and password to be entered in the 192.168.1.1 page in PPPoE mode.
      Reset the router using the switch on the router. Hold it for 30 seconds atleast.
      Maybe Wifi will be turned off. Connect the router by cable to a laptop . Now you ll be able to access router page. Enter the default user name and password to login. And use the proper settings in the router settings. And turn on Wifi, etc. Set the DNS to automatically detect. Now change the router access password from the default values.
      Next turn off JavaScript in your browser. This will limit the redirects. But many sites need javascripts, in those sites alone allow JavaScript to run. The pops up will come for that site but it wont load  since JavaScript is not allowed in the pop up page.

      This is as far as I got till now. I will update later.
    • same problem bro...can't access router and most pages not loading.. reset my router and problem gone, but sadly for one week only..same condition again and m hopeless to find a solution
  • Hello Brother,
    I'm not a computer programmer and not having too much knowledge about programming languages and scripting.
    So how I fixed that problem. I'm facing the same problem with "https://ad.admatte.com";.
    Please help me.
  • glad you found the solution. care to share a crash course for us slightly technologically challenged bunch?
  • its affected my iPad, my android phone and my mac. both chrome and safari
  • I was unable to access the router page. I tried resetting my router too. Also, refreshed my PC but the frequency of redirect is reduced now. Rarely only, I am seeing this issue. I am analyzing the issue further.
    Thanks.
  • Hi,
    You are spot on brother, I have been trying to solve this issue for a month, I also managed to somehow get affected by a DNS changer virus too, so it took me a long time to finally figure out how to solve this. I just turned off Javascript in Chrome, hey presto, no more http://ad.adsmatte.com/ redirects. A router reset stopped the DNS changing. A MBAM scan deleted 18 PUPs. Finally i got back control of the router. But life is difficult without Javascript. If you find a way to solve this, please email me
  • simply disable (allows sites to run java script). it will temporarily fix the issue.  ** it is not a final solution.
    to permanently get rid of the issue you have to  , Disconnect all your devices from the modem and router.
    Hard reset your modem/router. and ask your service provider for a new IP address. because that malware has infected your modem/router.
  • Anj
    Facing same issue since a month. Annoyed with this to the core. Not able to browse anything on my phone, ipad, laptop. Anybody know how to block this?
  • Hi, good info thanks, will wait for Google to fix this. I put a post in answers.Microsoft.com with a decent workaround? For now Just open a VPN connection then start any browser and you don't get the problem anymore. I tried it with Onavo VPN free version and I already had a paid for Cyberghost 5 and it works well with both. Hope this helps. Cheers, Martin
  • Hi guys after much headbanging and following a process of elimination i found the culprit for my website. It was the 'sharethis' widget. as soon as i disabled it this adsmatte problem was gone from my website. thanks for all your inputs as it helped me a lot.
  • saw
    Hell, this started out a week ago, and now it has made nearly impossible to surf the internet. What should I do? Frown(
  • Researching on a similar issue led me here and currently, I am also in the phase of cross-checking its occurrences and frequency. The exact same symptoms but with slightly different attributes, my ISP is Airtel:

    1) Adsmatte popups and other similar popups bombarding the devices.

    2) DNS server address gets changed from Google DNS to a server-related services provider in the UK or Netherlands, happened frequently. Now contained, though the 1) issue is still remnant.

    3) Router page cannot be accessed, device IP allocation frequently gets changed (for PCs, laptops, network devices and cellphones connected). IP address range from 192.168.1.1 to 192.168.1.99 has been locked out. A new antivirus  was installed (PCs laptops are alright now, but android cell phones appear infected) but the router page still remains unavailable.  

    Some of the instances pointed me to this Ars Technica article: arstechnica.com/.../
    BUT only some symptoms match and the scope of others remains questionable at best.

    Is it a malware or a full-blown rootkit which is roaming around on the web and finds vulnerable residences to squat and spread infection (not really qualified to test that out)?

    The bonus of this issue was the serendipitous discovery of Binatone router vulnerability (which Airtel freely distributes in the North region esp. NCR; South by my experience has started getting the new Beetle ones).

    Find the Binatone DT 850W vulnerability details here: https://www.exploit-db.com/exploits/33455/
  • I had the same problem, but thank's to pointing out google analytics, I found a solution. Yay!

    The problem is caused by DNS server adress change on your router. It points to maliocious server, which adds some nasty js code to google analitycs code. The easiest way to solve this is to change your router DNS to automatic discovered only and flush DNS cache on your devices. To do so on Windows machines, open command line and run 'ipconfig /flushdns'. Android devices flush their DNS every 10 minutes i think, so jus wait a moment, however I dont think it's possible to do on Windows Mobile, you have to wait a bit longer.

    However again, something changed your router DNS, and it will do it again. You most probably have a malware on one of your devices, which apparently isn't detected by any antivirus. In my case, format of my old XP machine worked, and I have no more problems.

    Now a bit more geeky talks...

    Something caused my routers DNS to change, I think about three options:
    -Something attacked my router from internet (I blocked my router visibility in internet, so at most someone could DDoS me, but that wouldnt change my DNS)
    -Someone got into my network and guessed my routers password (I dont think so)
    -Some nasty virus on one of my computers brute-forced my router (It fits, because formatting my old PC helped)
    Okay, my DNS is changed to malicious one, which redirects google analytics request to malicious server, which adds malicious code, which causes ads to appear. However, it also worked outside my home network, because systems remember IPs of servers I visited recenty. In this case, it cashed google analytics into something else, so ads appeared in school or friends anyway.

    And thats all.

    Btw, Legitimate GA code weights 44Kb, and this ads causing code weights over 60Kb of pure javascript... Someone was very busy to make us angry.
  • It has affected my mac and windows PC. Surprisingly it has not affected my iPhone.
  • msi
    This worked 100%

    Disconnect all your devices from the modem and router.
    Hard reset your modem/router.
    Before connecting clear all the catche and cookies and history.
    Connect all devices.
  • It is happening only when i click something from google search... one fix is to copy url and paste in now tab
  • I am facing the exact same problem. It started with my computer but spread to other computers locked on my wifi including my phone. It is very irritating and I am unable to find a solution to this mess. I am scared that it may steal my personal information or affect financial transactions.
    Please help me and other users finding a solution in a language that we can understand. Probably a step by step guide on your blog. I will be very grateful.

Add comment

Loading