Hello,

I am facing a very tiresome problem.

Whenever I click on any link (sometimes not even on link, any where on the window) on any web browser (I am using Chrome more), a new tab opens up with address "wonderlandads.com". This stays for fractions of a second and some ad appears on this window.

This happens every time I click on any window. However it does not appear if I am opening e-mails. I have a broadband connection. Every system (PC, laptop, Mobile phones) are all connected through a Wifi router. In all these divices I am facing same problem.

I have tried many things to resolve this issue.

-Formatted PC
-Re-installed every browser
-Have done the setting things with the browers
-Have run multiple compelte scanning with genuine Kaspersky anti virus (Even the advanced one by enabling 'other softwares' also) but it is unable to find it out
-Have resent the DNS setting of the routerI am just tired of it because everytime I click on the browser window, first I have to shut down this ad window. It is very tiresome.

I am using windows 10.

Please anybody help me out to resolve this issue.

What should I do so that this nasty malware leave me alone for ever!

Thanks in advance.

Recommended Answers

All 28 Replies

One guess is that this is a virus that has embedded itself in the BIOS firmware. You need to reset / clear that, which will probably require that you short out a couple of contacts on the motherboard of all your systems, and reconfigure the bios. Then you need to totally erase the hard drives (including the boot sector) and reinstall the operating system(s). This will not be fun, fast, or easy. It is also why my wife and I do not run Windows systems...

@ Rubberman

Thanks a lot for reply.
I have formatted the 'C' drive.
But all other things that you are suggesting is not possible for me. I mean, I am not that technical to do all those things.

But if this continues, I will have to do these steps anyhow. As I am really tired of closing those windows after every click.

Which operating system is better? Windows is so much attacked by the viruses.

@CimmerianX

Thanks a lot for reply.

Actually, after doing all those steps, (formatting C drive, reinstalling browsers etc.), I searched about this malware.

Somebody wrote that he got rid of this virus when he reset his router. Because all the devices connecting through the router are facing same problem.

I called my internet operator customer care. They gave me new DNS primary and secondary settings. But still, the problem is there.

Anyways, I will try the link you sent.

I think many people are suffering from this wonderlandads.com virus. It is really a challange. Don't know how they designed it!

@CimmerianX

I installed that software.

http://greatis.com/blog/search-redirecting-11/remove-wonderlandads-com.htm

But this also could not detect the virus. The problem is still there.

In the mean time I have taken one extention in Chrome for blocking the ads. It is succsessfully blocking the ads. Screen has a little vibration but the other window does not appear. This blocker blocks the pop ups.

This solution is okay for time being....

I will post here if I get the solution!

This might help until you fix the actual problem.

Open a shell as Administrator and add the following line to C:\WINDOWS\System32\drivers\etc\HOSTS

127.0.0.1    wonderlandads.com

Hi Reverend Jim

I checked that file and found out the following content.
There is no mention of 'wonderlandads.com'.

127.0.0.1 localhost
::1 localhost

------
What should I do now? Any further suggestions please!

Jim wants you to add that line. Doing so will redirect all requests to winderlandads.com to, essentially, no where. That will at least keep the ads from showing.

Hi CimmerianX

In place of localhost... I should write 'wonderlandads.com' and erase local host?
Or

I should add another line 127.0.0.1 wonderlandads.com ?

Please answer. Thanks in advance.

You should add another line: 127.0.0.1 wonderlandads.com

@ null

I tried but it is not allowing me to save the notpad. I opened it in notepad.

Right click on your shortcut to notepad and Run as administrator.
Then click on File -> Open and browse to "C:\Windows\System32\drivers\etc\hosts"
Add the extra line then Save.

Thanks Nullptr

I did it. It got saved. But still that site is appearing again and again.

Right now I am running the extension in Chrome, AdBlock. It is stopping all the pop-ups.

Hope would get solution sooner or later.

Thanks a lot and suggestions are still invited!

Have you checked your router to see whether the new DNS settings provided by your ISP have been modified?
Is access to your router password protected?
Are all your other devices (laptop, phones) still affected?

@ null

You know, you are right.

I just checked it and changed it again. (I called ISP guy again and he gave me different DNS settings.

When I re-opened it, the DNS settings are same which I just deleted to enter the new one.
Yes! Accesss to router is password protected. But the password is very simple.

(If I am getting it right... you are asking, when I open up the router setting page, I have to go through a webpage which is opened up after entering password...then...yes)

All devices are still affected.

Should I change the router password?

Should I change the router password?

I'd definitely change the router password.

I'll write out some instructions to have a look at the PC you're on. Is it only Chrome browser that redirects to the ads?
What operating system are you running on your PC?

No, even mozilla firefox and enternet explorer are re directing the ads.
Operating system is 'windows 10'.
Please help.

Note: I talked with the customer care of TP-Link router ( I am using this router). He told me that the software of the router can be upgraded but then I will have to do all the settings again in router to use the internet.
So I asked for some time because I dont know if upgrading would work for the malware and what are the details that I will have to keep in order to reset the router for internet connection.

I've no idea if upgrading the router firmware would resolve the issue. If you do upgrade then you'd just need to save the SSID, the type of encryption key used and the encryption key.

If you still have a problem, then download OTL by Old Timer and save it to your Desktop.
Launch OTL and press 'Run Scan'. When it has finished there will be 2 log files created on your desktop, OTL.txt and Extras.txt.
Zip both log files and attach to your post.

Okay.... will do...

I'm assuming (like me) that you have a cable or DSL modem that connects to your router. If that is the case then you might try (for a short time as a test only) cabling your computer directly to the modem (bypassing the router). If you still get the ads then the problem is likely not with the router. If the ads disappear then the router is likely the problem and should be wiped/reset or discarded.

Without going back into all the previous posts, has anyone else suggested booting off a Linux LiveCD to see if the problem persists?

When you type an address into the address bar of the browser, Windows must convert that to an actual IP address. It does this in stages. First it checks to see if the address is of the computer you are on. If not then it checks to see if the HOSTS file has an entry for that address. If so then it uses that IP address. If not then it starts doing DNS queries. Domain names can be cached at various levels. Your router/modem can serve as a DNS but the cache of addresses is usually small. If the address cannot be resolved there then an external DNS must be queried, and so on up the hierarchy until the name is resolved or the top of the hierarchy is reached.

Hi Jim

If I connect the cable directly with the computer, the internet does not run.

I don't know why. So, that option is not with me to do.... because I dont know the settings ...... so it's on is own!

@ null

The zip file in not being attached here.

I can attach the .txt files. But I will remove them after you find them. Because I don't know it is safe to upload such files for long in open platform.

:-)

Noor, did you upgrade the firmware on your router and are the DNS settings in your router still being changed?
If you've not upgraded the firmware, I'd do that first and see if the problem persists.

Okay null I would do that and come back to you again....

@ Null

I am not able to upgrade the firmware right now. I will have to call that router customer care guy and then my internet operator for settings.

Meanwhile I am attaching the txt log files that were generated by the software.

You can delete those logs as well as OTL.
It would be better if you ran Farbar Recovery Scan Tool.
Download FRST - Farbar Recovery Scan Tool and save it to your Desktop. (Select the version 32 or 64 bit that applies to your operating system.)

  • Right click FRST.exe and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will produce logs FRST.txt and Addition.txt in the same directory the tool is run from.
  • Attach both logs.

If you like, hold off on running FRST until you've upgraded the router firmware.

hey Null and other freinds,

Thanks a lot for the help.

But I am too tired now to get rid of this wonderlandads.com

This app 'ad blocker' is blokcing the ads. So, I guess, I am continuing with it.
In meantime, if I get energy back to fight with this nasty ad website, I will come back.

Thanks a lot :-)

I know this is an old topic and your problem may have been fixed. I found a solution that may help fix the wonderlandads problem:

Open Task Scheduler (taskschd.msc).
Select Task Scheduler Library on the left panel.
On the upper center panel you will see a list of scheduled tasks.
On the lower center panel select Actions tab, it will show you which programs are launched by each task.
Go through the scheduled tasks one by one and find which of them open chrome.exe and load some URL. Delete those tasks.

The steps above are mentioned in this discussion https://www.reddit.com/r/techsupport/comments/5rzpnn/need_help_removing_some_wonderlandads/

It seems that this method worked. Some also mentioned that wonderlands is associated with mail.ru, a potentially unwanted program. So check the installed programs list and browser extensions/add-ons. If it is found there, remove it and the browser redirection problem may be solved.

Hope this helps those who have the same problem.

Good luck.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.