Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome redirecting 1 site


  • Please log in to reply
10 replies to this topic

#1 tgcb

tgcb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 September 2013 - 04:13 AM

The other day, I've started running into this on my Windows 7 PC:

 

1) Google Chrome (and only Google Chrome, will redirect to Euro Med Online if I search for Troll Lord Games)

 

2) If searched for similar topics and found some like this:

 

 

http://www.bleepingcomputer.com/forums/t/498445/google-chrome-search-for-visiontek-redirects-me-to-euro-med-online/

 

 

3) doing all the suggestions on these other links hasn't fixed anything

 

4) so - ran about 5 virus scanners, 10 maleware scanners, etc

 

5) WIndows host file is OK

 

6) uninstalled and reinstalled Chrome

 

 

It is only Google Chrome and only (that I've seen so far) when I do a Google search for "Troll Lord Games".   I'll click on the 1st hit in Google and it will take me to Euro Med Com not "Troll Lord Games".    Firefox, IE, Opera do not do this on the same PC.

 

If I search for anything else, I haven't seen this problem.  (So in Google Chrome, if I do a Google Search and click one of the first hits, I go to where I'm supposed to....unless the Search is for "Troll Lord Games", then the first hit which is supposed to be "Troll Lord Games" takes me to Euro Med - the 2nd and 3rd and 4th hit seem to work normally - just the first result seems to be redirected).

 

I've also bounced my router, etc.   No other device I have does this (tablet, wife's laptop, etc).

 

Any ideas?


Edited by tgcb, 19 September 2013 - 05:53 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:08 PM

Posted 19 September 2013 - 05:53 AM

Hello -

First step -
Fully uninstall Chrome from the computer
Windows Vista/ Windows 7/ Windows 8
1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel.
3.Click Programs and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialog. If you want to delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.
 

 

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following checkboxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List content of Hosts
* List IP configuration
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (Only Problems)
* List Users, Partitions and Memory size.
* List Minidump Files
* List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Thank You -



#3 tgcb

tgcb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 September 2013 - 06:16 AM

  •  Results of screen317's Security Check version 0.99.73 
     Windows 7 Service Pack 1 x64 (UAC is enabled) 
     Internet Explorer 10 
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled! 
    TrustedID Secure Scan          
    Microsoft Security Essentials  
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:`````````
     Malwarebytes Anti-Malware version 1.75.0.1300 
     Duplicate Cleaner 1.4.7c  
     Java™ 6 Update 26 
     Java 7 Update 40 
     Java version out of Date!
     Adobe Flash Player 11.8.800.168 
     Adobe Reader 9 Adobe Reader out of Date!
     Mozilla Firefox 13.0.1 Firefox out of Date! 
     Mozilla Thunderbird (17.0.7)
    ````````Process Check: objlist.exe by Laurent```````` 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbamgui.exe 
     Malwarebytes' Anti-Malware mbamscheduler.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

     



#4 tgcb

tgcb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 September 2013 - 06:17 AM

How to provide the minitool box info without giving out personal info (my IP address, etc) to everyone on the internet?



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:08 PM

Posted 19 September 2013 - 06:34 AM

You are more than welcome to Edit any specific items out.

 

Just be sure you post this as **** so I know where it was edited.

I am not interested in any personal information, just computer data -

 

Thank You -

If you wish you can only post this information, at a minimum -

Checkmark the following checkboxes:
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (Only Problems)
* List Users, Partitions and Memory size.
* List Minidump Files
* List Restore points


Edited by noknojon, 19 September 2013 - 06:39 AM.


#6 tgcb

tgcb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 September 2013 - 09:25 AM

Will have to wait to get back home to upload the other log.

 

 

However I did notice something else in IE that I'll mention:

 

If I use IE and Google to search for "Troll Lord Games" - the first hit that comes up is "Troll Lord Games" and the main link works - you go to "Troll Lord Games" not "Euro Med scam-o-rama"...however I saw on one occassion that one of the sub headings in Google under "Troll Lord Games" (Products) was changed to "Viagra".    I tried this a few times but every time after "Products" was back to "Product".     



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:08 PM

Posted 19 September 2013 - 06:07 PM

OK -

Just start with these 2 scans to search for, and remove other infections -

 

Scan your machine with ESET OnlineScan
To prevent warnings, see How To Temporarily Disable Your Anti-virus
1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these 2 steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select all of the following:

 

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (2  hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button
Or you can find a report at  C:\Program Files\esetonlinescanner\log.txt.

 

Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts. (see above)
If you are using Windows Vista, 7, or 8; right click on JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Now enable your Antivirus again.

 

Thank You -


Edited by noknojon, 19 September 2013 - 06:08 PM.


#8 tgcb

tgcb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 September 2013 - 06:21 PM

Well...here's another mystery.

 

I had already done ESET, Junkware removal, RKill, etc.   Since none of that worked,  I ended up restoring Windows 7 from the factory restore disks and have loaded nothing else other than Chrome.

 

I have not hooked up any devices (did not hook up my backup drive).

 

After reloading Chrome, the "Troll Lord Games" site still  has the same problem - the first link in Google looks good (looks legit), but if I click on it, it goes to Euro Med site.  I also just rebooted my router again but that didn't help.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:08 PM

Posted 19 September 2013 - 07:04 PM

This is all that I can get from a search of Troll Lord Games, but I refuse to use Chrome.

Since there are many problems with the program, Internet Explorer now seems much better.

There was nothing much else on the page and all links were OK.

[attachment=142034:Games.JPG]

Your problem seems to be hard to fix on the open forum, so please follow these directions -

 

Please follow the instructions in ==>This Prep Guide<== starting at Step #6

If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post to ==>Malware Removal Forum<==


Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

 

NOTE : Please Copy / Paste all logs requested, and do not use Attach unless specifically asked -


Good luck and be very patient, as the area can get very busy.

 

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

 

Thank You -



#10 wpc105

wpc105

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 01 October 2013 - 01:31 PM

I can confirm that the same thing is happening when using Chrome for Mac.



#11 tgcb

tgcb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 01 October 2013 - 01:38 PM

Looks like this site was "hijacked" in some way - not a virus.   For some reason Google Chrome will redirect this site.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users