Sunday 17 March 2013

Remove Chitka pop up ads, removal instructions

Chitka pop up ads are truly annoying, lots of people have this issue, but the worse part is that these frequent intrusive pop-ups are caused by malicious software. What is Chitka? Honestly, I'm not quite sure what it is. I mean I couldn't find anything, any clue about it. Google search suggested Chitika which is a perfectly legitimate online advertising network and obviously has nothing do to with this malware. It sounds almost the same, though. Actually, I think that those who run the malware campaign did this on purpose. They probably try to mislead users.

The primary reason behind the creation and use of this malware is that it enables one to generate profit by forcing hits to specific websites and advertisements. At the same time, it might be used as marketing and commercial strategy for publicity purposes. One way or another, infected users who are getting a bunch of Chitka pop ups and redirects are not happy at all. What is more, they can't remove the culprit of this infection. That’s why I wrote a step-by-step guide on how to remove Chitka pop up virus and other pop-ups from your computer. Please follow the removal instructions below.

Many people are clueless on how they become victims of this malware. They just keep getting popups on their web browsers, sometimes bottom right corner but very often both. Here’s a good example:



Chitka pop up ad appears in the lower right corner of the browser window. And at the same time, in the lower left corner there's another fake pop-up claiming that your Flash Player is outdated. It says: Please install Flash Player HD to continue. Obviously, it's a scam. I've said this many times before – download and install Flash layer from the official website only.

Here’s another example of Chitka pop up:



This time only one pop-up but highly targeted one, because the malware gathered enough information about victim's interests and displayed the most relevant advertisement. Sometimes, it takes only a few minutes and keywords to select relevant enough ads and sometimes scammers simply display ads according to your location.

This last one shows the Facebook style pop up. That’s why some users say they got infected with Chitka/Facebook pop up ads.



Furthermore, this malware redirects users to malicious websites or web pages full of ads when they click links on the page they are browsing. Usually, Chitka pop ups cannot be closed. It simply doesn't have the small "X" to close it.

Chitka ads and redirect issue is not necessary the same for all users. From what I've seen, these popups and redirects are caused by malicious browser helper object and modified Windows Hosts file. I got the malware for testing purposes from an adult site. However, I'm pretty sure it's promoted via infected websites and may even come bundled with freeware. The malware installed a web browser extension called Flash Player Update 11.0 and modified Windows Hosts will so that certain websites were redirected through servers controlled by scammers. It is worth mentioning that the malicious web browser extension was locked which makes the removal a little bit challenging, at least for less computer savvy users. Besides, the extension name itself may stop some people from removing it. It looks like a legitimate extension and most users know that web browser use Flash Player plugins to display interactive content and Flash documents.

But I also found another sample of this malware and it actually came packed with ZeroAccess rootkit. So far, I’ve seen to possible culprits of Chitka pop-ups – a rootkit and a malicious web browser extensions + Hosts file modification. Maybe there are even more combinations but I couldn’t find them at the time I was researching this malware.

Last but not least, this malware affects all major web browsers: Google Chrome, Mozilla Firefox and Internet Explorer. I’m not sure if it works on Macs and Safari. Cross platform malware became very popular, so I wouldn’t be very surprised. To get rid of this malware completely you should use the tools recommend below.

Do you have any additional information or questions on the Chitka pop up virus? Post your comment or question below. Good luck and be safe online!


Chitka pop up ads removal instructions:

1. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.





2. Reset Windows HOSTS file.

Go to: C:\WINDOWS\system32\drivers\etc.
Double-click "hosts" file to open it. Choose to open with Notepad or any other text editor.



The Windows hosts file should look the same as in the image below (Windows XP). There should be only one line:

127.0.0.1 localhost (Windows XP)

127.0.0.1 localhost ::1 (Windows Vista/7/8).

If there are more lines, then remove them and save changes. Read more about Windows Hosts file here: http://support.microsoft.com/kb/972034



Alternate method: to reset the Hosts file back to the default automatically, download and run Microsoft Fix it tool and follow the steps in the Fix it wizard.

3. Remove malicious extensions from your web browser.

Google Chrome:
1. Click on Chrome menu button. Go to ToolsExtensions.
2. Click on the trashcan icon and remove the extensions that might be causing Chitka pop ups. Basically, remove all extensions that you didn't install. It's perfectly OK to remove all extensions since by default Google Chrome comes without any extensions.

Mozilla Firefox:
1. Go to ToolsAdd-ons.
2. Select Extensions. Remove all extensions that you didn't install. Please note, by default Firefox comes without any extensions.

Internet Explorer:
1. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.
2. Select Toolbars and Extensions. Remove all add-ons that you didn't install or you believe may cause those annoying pop-ups to show up.

4. Download CCleaner and tidy up your computer, remove temp files, etc.

5. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

No comments:

Post a Comment