Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Lagslayer]

It's called playbryte, and it highlights text as links to advertizements. Antivirus doesn't seem to be picking it up. Can't find it under programs, and not sure what it is even listed as. Claims I can turn it off, but will turn back on if I delete any cookies. What do I do to get rid of this thing?

[Darvi]

Well booting in safe mode seems as good a suggestion as any.

[Eagle_eye]

If you're on windows, search your entire C: drive for it.

[Starver]

I don't know of that advertising scheme in particular (they merge into one, after a while), but is this one of the double-underline-links ones?  That could be a 'feature' of the site you're visiting, actually put there by the server admins, and not actually a virus that you can 'catch'.  I would expect that if that sort of thing was done with a friendly 'get-out' option that it would rely upon cookies to tell the server-side not to linkify the words on this site, and deleting the relevant cookies would behave as you describe.

Of course, if it's appearing in every site you go to (for example if I mention the word 'computer' on here and it highlights it) then I would agree that it is foul play of some kind.  Perhaps you've got a Proxy set up in your internet connections.

Ok, forget all that, I just decided to search for 'playbryte', instead of trying to work blindly on your problem.

The first page of Google reveals (without following any of the links it gives) that either it comes from a vendor of 'free games' (always a dodgy thing to accept at face value, but may well be) or it's an unfortunate coincidence.  A few links down, though, no less a site as microsoft.com mentions that "%LOCALAPPDATA%\iBryte\Implementations\playbryte\config.cfg" is something to do with something that sounds fairly similar to your experience.  Check in there for any executables that may be associated, and check for "iBryte" being mentioned in your registry for further clues, perhaps apps started in "Run"/"RunServices" in one sub-element or other (but don't actually edit the registry unless you know what you're doing...).

Several other places appear to have had messages of "I can't get rid of Playbryte" or "My scanner can't even find Playbryte".  I don't know what your current AV program is, but it might not consider Playbryte as an actual bit of Malware[1].  Can I suggest trying something like SuperAntiSpyware and Malwarebytes (the latter, I know, also targets tracking cookies, and "PUPs"[2]) as on-demand scanners and seeing what that does to augment your existing protection, and perhaps even remove this annoyance.

If it's not that kind of thing but you can identify a URL that's being asked for the ads, you could always add that URL's domain and the IP 127.0.0.1 to your "hosts" file to block it off, as well and effectively disable it.  (If you know what I mean by what I just suggested.)


I personally like running the various tools I use (the above two are probably the easiest ones that I can suggest) in Safe Mode.  Or in Safe Mode With Networking if I need to make sure they're updated.  That can clean out some things that make pretty serious attempts to hide themselves from a 'standard' boot (rare that this gets past the tools I use, but always possible), or at least get rid of the hiding mechanisms so that it's easier to rid of everything else in normal-booting mode.


The trouble being that I don't know how to compress everything I might do down into simple and foolproof[3] instructions.  And there's no guarantee that I'd catch everything anyway, but I reckon that following the above you'll get 99% of everything that's not also a zero-day exploit.  For utter surety, complete reinstalls would be best, but that'll probably be overkill for your case.


[1] I remember a fuss, a decade and a bit ago, when the AV program my company of the time was using had just added "Adware" signatures to its monthly update, and then had had (after complaints by the 'honourable' Ad people) to release update snippets to reverse these additions (which I made sure my site's machines never received, although it was a short-lived victory given how the major update for the next month superseded this temporary period of protection).  Anyway, depending on the AV software's vendor, they may or may not have (otherwise harmless) Adware-detection, however much actual Malware-detection they have, under legal threat from 'legit' ad-providers who don't want to be tarred with the same brush as used with the actual virus-writers.

[2] "Potentially Unwanted Programs", I believe...  Could include your current bane.

[3] Not intending to cast aspersions!

[Shadowlord]

So I googled as well and did find http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Adware%3AMSIL%2FPlayBryte
From that page I noted that Microsoft recommends:
http://windows.microsoft.com/en-US/windows/products/security-essentials
http://www.microsoft.com/security/scanner/en-us/default.aspx

That second one is just a scanner you can download when you need it, not an anti-virus or anti-malware program (it expires after 10 days). The first one is their anti-virus/anti-malware/etc solution for everything before windows 8 (windows 8 comes with Windows Defender, which is an upgraded and improved solution).

(I'm using Windows Defender myself, since I'm using Windows 8, and prior to that I was using MSE, but I may also recommend trying Spybot S&D. You may or may not need to reboot to safe mode to remove the thing. Who knows.)

[Starver]

I'd just like to say that I don't like or trust MS's own anti-malware solutions.  I really can't justify this[1], but I'd like to say it anyway.

OTOH, the latest version of AVG picked on (and quarantined) some of the old df-hack tools I had floating around on a removable drive (and never really used anyway), claiming them to be Trojans, which I'm sure that the pre-2013 versions of AVG never 'discovered'.  No AV solution is perfect, and MS should have the knowledge to get into the innards of the OS (and wheedle out unwanted 'innards') a bit more, but for some reason I trust every major 3rd-party AV (except for McAfee, for historical reasons that probably aren't as relevant any more) a lot more than MS.

Sorry, babbling.  And likely as not prejudiced, as noted.  (Says I, using IE8, on this XP machine (but not for this particular post, because I'm also running Firefox for some browsing, and not v16 until I know they've given that the all-clear again.  Whoops, babbling again.)


[1] Except that this becomes the 'default' protection solution for users who haven't already got a solution; it becomes a low-hanging fruit for those that want to target a common platform; MS has notoriously been terrible at making their regular software malware-proof, at least historically; MS has notoriously been terrible at making their hotfixes truly "hotfixy" (historically); MS doesn't care that its updates reset stuff like the "User must log onto the computer" (i.e. "userpasswords2" configuration), "on resume, display Welcome screen" and "Prompt for password when computer resumes from standby" (i.e. display and power options) with various updates (historically and currently!), and who knows what else gets changed that I don't so easily notice; ...and I could continue some more, but I won't, because I know I'm not mentioning equivalent problems with other vendors, like Sun.

[Shadowlord]

I used to use AVG; It was terrible and I switched to Avast. That turned out to have major false positive issues with Steam, among other things, going so far as to prevent me from unlocking games that I had pre-ordered or patching games in general unless I disabled it (Avast), and putting every almost new game into the sandbox by default.

It also never found anything real anyways, and eventually I switched to MSE, which has been quite impressive compared to everything else I've used in the past. (Windows Defender in 8 is essentially a better MSE integrated into the OS, but it can be disabled, if necessary)

[Starver]

AVG tends to pester a lot, yes.  My biggest criticism of that software (though others also do similar, at least until you plump for the premium versions).

Spoiler: In case you want to see me ramble... (click to show/hide)

"Please run the PC optimiser", "please upgrade to the month/15-day trial version", "please protect your phone with me", it's incessant.  And I don't like the (presumedly) Windows8-ish look of the 2013 interface at all (but then I don't like the post-XP look of the other later Windowses, either, technoluddite as I apparently am...  I've still got a W2K machine at home, which I find visually more honest still).  But I've never found it technically failing.  YMMV.

The last time I mentioned a bugbear with AVG (while at the same time it being suggested by others that I was promoting AVG!), that particular bugbear got fixed, though.  Now nullified, because that interface feature is now permanent, rather than not disappearing properly when given the choice to make it.  I'll admit that it's now been a bit too long since I properly used Avast to be able to comment on it.  Methinks I need to refresh my acquaintance with it, on a trial machine, and perhaps look at some of the other (free) AV products out there.  Possibly even some that don't start with the letters "A" and "V", unlike AVG, Avast, Avira, etc...

I do believe that the de-railed train is now happily trundling over fields, now, perhaps heading towards a small township (probably going to head down the main street, leaving by-standers gawping at it, and ploughing straight through a glass pane that was being carried across the road by two rather put-upon labourers, then decorating itself with the bunting announcing the town's Founder's Day celebrations and then finding itself being mistaken for a float in said celebrations as it reaches the centre of the settlement, before hitting a broken down trailer and launching itself over roadworks)... In other words, I don't think I'm quite as relevant to the original discussion as I should be...

Any other problems - well it's probably horses for courses.  OP/whoever should probably try any number of solutions to see what works for them.  (Though not more than one 'active scanning' solution at any one time, for obvious reasons.  And might be a good idea to get the sanctioned uninstaller (where available) at the same time as you grab the trial/freeware installer, where applicable, to make sure you have it at hand.  But that, again, is probably beyond the remit of the original question.)

[miauw62]

In addition to what starver suggested, if all else fails, i heard some good things about Combofix. Its a completely free program. Download it from the bleepingcomputer website ONLY. The first two or three search results google gives you are fake.

Also, i'm using AVG 2012. This version seems to be fine. It had a few false positives like *COUGHJLWGLCOUGH* dfhack but it doesn't seem to pester me too much. Hell, most of the time i dont even SEE it.