0

I am continuously getting popups from rdsrv.com on Google Chrome. I am on Ubuntu 14.04. I tried resetting browser, and uninstalling every extension, but still have the popups.

TRiG
  • 1,910
Mrinmoy Dey
  • 63
  • 1
    Can you try reseting your router to default as suggested here http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/potential-malware-rdsrvcom/adab5118-07f8-4020-af94-b6dd3eced7bf also a virus scanner may find it , do you have windows ? as this seems to be a Windows virus. – Mark Kirby Apr 07 '15 at 11:51
  • I am on Ubuntu 14.04. I don't have access to router settings it is my office settings – Mrinmoy Dey Apr 07 '15 at 12:02
  • sudo apt-get install clamav clamtk - this if free anti virus, install, scan and see if it gives you a location for the virus, if it does run - sudo rm /location/of/the/virus/ - to remove it – Mark Kirby Apr 07 '15 at 12:13

2 Answers2

1

I would try to confirm that it is indeed Google Chrome itself causing the problem. When you see the popup, try running

sudo netstat -taup | grep rdsrv.com

If the request is indeed coming from chrome, than try another reinstall, but use purge if you have not already. Also, make sure you are installing it from the offical repository.

sudo apt-get purge google-chrome-stable && sudo apt-get autoremove && sudo apt-get clean && sudo apt-get install google-chrome-stable

The purge option will make sure that all remnants of the old install are removed. You may wish to check your system's integrity with tools such as clamav, rkhunter, or chkrootkit, but usually all you will get are false positives. If the problem still persists after a full reinstall, perhaps try the open source chromium-browser instead. Personally, I think it's better.

You may also want to try installing the Ablock-Plus and ScriptBlock plugins to prevent these kinds of things from happening in the first place.

Also try connecting to a different network and see if the problem persists. Perhaps you are behind an infected router. I see that the domain in question belongs to godaddy.com so you could inform them about this abuse case. If none of that works, please report back.

Chev_603
  • 1,676
  • 3
  • 18
  • 30
1

The problem is in the router not the computer. The DNS has been changed from service provider set to the DNS address set in the router. Reset the router to defaults and the set up to your ISP settings.

To reset router, with power on put paperclip or similar in the reset hole and hold the reed swwitch down for ten seconds.

acementhead
  • 26