Software, Technology

How-To: Remove Rvzr-A.Akamaihd Pop-Up Virus


Rvzr-A.Akamaihd.Net Pop-Up ad-wareA colleague just got hit by another one of these insidious little blighters. We know how it got in – Internet Explorer 11 – but not the source. I suspect my colleague clicked on a close or cancel button in a pop-up which actually ran some malicious code. We know what and when it was installed – a program in this case masquerading as Rich Media Viewer, on May 16th. We got the full range of initial symptoms. We also got rid of it inside ten minutes, before it could do any further damage.

Rvzr-a.akamaihd.net is another unauthorised adware client; using a full range of false pages and pop-ups, it highlights web page text for adware popups, opens tabs onto Trojan pages when you open your browser, and initiates more popups when you open a new tab.

Fortunately it is relatively easy to exterminate, but do be aware there are new variants hiding under new names, so check for updated instructions on the web whenever you come across an instance of infection.

The pop-ups, which all originate from Rvzr-a.akamaihd.net you can see sampled in the thumbnail to this article and include:

  • various advertisements pushed in highlighted ad text inserted into third party websites
  • separate pages onto Trojan pages for multi-player online games – League of Angels and Travian
  • a number of browser and media player alerts which look astonishingly close to Adobe and IE update notices, which prompt users to download some software products such as Internet browsing applications and media tools (players, editors)

These are all complete garbage hiding malware.

Common redirects include a “media player update” from playmediaplayer.com, a “Video Downloader” from onlinevideopctools.com, “recommended” media player from ttb.playmediaplayer.com, an ‘error’ message’ implying you cannot view the page and launches a download from weupdatevideos.com (or similar). Lookout for variants. None of these is legitimate.

Removing Rvzr-a.akamaihd.net

First you have to identify the program containing the Rvzr-a.akamaihd.net adware, as well as any software bundled with it. Bundles include:

  • Rich Media Viewer
  • Onlinewebfind.com
  • NationZoom
  • Browser defender
  • Browser protect
  • Browser protected by conduit
  • Delta search, Babylon
  • LessTabs
  • WebCake 3.0
  • Yealt
  • LyricsContainer
  • VideoSaver
  • AddLyrics
  • privacy safe gaurd
  • unfriend checker
  • Price peep today
  • Coupon amazine
  • TidyNetwork.com
  • DownloadTerms 1.0
  • Yontoo
  • A2ZLyrics
  • DealFinder
  • ClickDownload
  • FBPhotoZoom
  • LyricXeeke
  • WebCake
  • DownloadTerms
  • Lyricsfan
  • HD-Plus
  • Language Learning
  • Browse2Save

This bit of malware has been around since at least 2011, and many of the third party security suites will pick it up and zap it. Microsoft Security Essentials DOES NOT. Thanks Redmond.

There are dedicated tools for malware removal and for Rvzr-a.akamaihd.net specifically. I do NOT trust any of them, since you cannot trace their provenance: many of the malware removal tools are extensions of the malware themselves produced by the criminal little scumbags that wrote the malware in the first place.

So I would suggest you do NOT download any of these tools even if you have it on good authority from someone known personally to you.

Instead, I would go with the manual removal as this strain of malware is not so difficult to get rid of with some guidance.

Rvzr-a.akamaihd.net manual removal

Go to Control Panel. For Windows XP / Windows 8, browse to Add or Remove Programs.; for Windows Vista / Windows 7, select Uninstall a program.

Identify any new or unrecognised programs that may have come bundled with Rvzr-a.akamaihd.net and select Uninstall/Change in order uninstall the carrier. This may require some intelligent research as you go through the entries. If you didn’t install it, don’t recognise it, can’t associate it with a reputable piece of software, hardware or service provider on your machine, and it is dated close to when the infection start, there’s your candidate carrier of the infection.

Before you do a restart, also look to clean your browser.

Remove Rvzr-a.akamaihd.net trojan from your web-browser

Resetting your browser will, along with eradicating the infection, erase personal data such as bookmarks, passwords, browsing history, which may be inconvenient, but not fatal. Do try to backup your bookmarks as a minimum.

RemovingRvzr-a.akamaihd.net in Mozilla Firefox

  • Go to Help section at the top of current page to pick up Troubleshooting Information among its options, otherwise enter type about:support in the address bar.
  • Once you are in the Troubleshooting Information menu, press Reset Firefox… as seen below

Reset IE browser settingsRemoving Rvzr-a.akamaihd.net from Internet Explorer

  • Open Tools at your current page top menu and proceed to Internet Options in the Tools drop-down list
  • In the Internet Options menu, go to Advanced tab, press the Reset option below
  • This opens the Reset Internet Explorer Settings window; check the box for Delete personal settings then select Reset

 

Removing Rvzr-a.akamaihd.net from Google Chrome
Reset Chrome browser settings

  • Open Chrome, select the Wrench (Google) menu at the top right. In the drop-down list, select Settings
  • Select Show advanced settings.
  • The Reset browser settings shows some way down the tab.
  • Chrome politely reminds you of the consequences; select Reset otherwise select Cancel

Finally restart the PC and open a browser window to ensure that the tricky little swine is gone.

Thereafter, please keep an eye on things you download, and browser pop-ups to strange pages. Don’t click any of the buttons inside them, but use the browser window close button to kill it. AJS

Related: How-to: Remove Text Enhance Adware

About Allan J. Smithie

Allan J. Smithie is a journalist and commentator based in Dubai.

Discussion

2 thoughts on “How-To: Remove Rvzr-A.Akamaihd Pop-Up Virus

  1. Its very well written; I love what you’ve got to say.

    But maybe you could a little more in the way of content so people could connect with it better. You’ve got an awful lot of text for only having 1 or 2 images.

    Posted by gregorio seaman | June 10, 2014, 3:31 pm

Trackbacks/Pingbacks

  1. Pingback: How-to: Identify the Troj/Urausy Ransom-ware infection | Everything Express - June 11, 2014

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

Library

BBC World News

BBC World News
Opens the BBC World News page.
Follow

Get every new post delivered to your Inbox.

Join 164 other followers

%d bloggers like this: