Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bet365 webside randomly poping out while using chrome


  • Please log in to reply
6 replies to this topic

#1 bygone

bygone

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 09 May 2014 - 06:44 AM

Sometimes when I am using chrome and I open a new tab bet365 opens in new tab. This is happening totaly randomly, sometimes several times in a row and sometimes I can browse whole day without it. I tried running tests in my AV, but it found nothing.

I would like to get rid of it as it is clearly bad and other problems can show up later.

Thanks in advance.


Edited by hamluis, 09 May 2014 - 09:28 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,102 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 09 May 2014 - 08:59 AM

Bet 365 Group Limited, is a United Kingdom based gambling company.

 

Reset Chrome. Extensions are disabled during reset. One of your extensions is likely the cause of the ad appearing. 

 

 

Reset browser settings

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings:

  1. Click the Chrome menu on the browser toolbar.
  2. Select Settings.
  3. Click Show advanced settings and find the "Reset browser settings” section.
  4. Click Reset browser settings.
  5. In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

Scan your computer using this: AdwCleaner Download

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 bygone

bygone
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 09 May 2014 - 03:35 PM

Thanks for reply.

I reseted  Chrome and run AdwCleaner as you wrote.

 

# AdwCleaner v3.207 - Report created 09/05/2014 at 18:27:48
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Pavol - ASUS-NB
# Running from : E:\down\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\BitLord 2
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\QuickSet
Folder Found : C:\Users\Pavol\AppData\Local\RavenBleuSA
Folder Found : C:\Users\Pavol\AppData\Local\webplayer
Folder Found : C:\Users\Pavol\AppData\Roaming\BitLord
Folder Found : C:\Users\Pavol\AppData\Roaming\eType
Folder Found : C:\Users\Pavol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Found : C:\Users\Pavol\AppData\Roaming\Web Cake
Folder Found : C:\Users\Pavol\Documents\BitLord
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Pavol\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B45408606E01807D&affID=119776&tsp=4951
Found [Extension] : defdhglnppeioeflggkmglipcecffkhk
 
*************************
 
AdwCleaner[R0].txt - [4169 octets] - [09/05/2014 18:27:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4229 octets] ##########


#4 buddy215

buddy215

  • Moderator
  • 13,102 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 09 May 2014 - 03:48 PM

Rerun AdwCleaner and this time click on delete. It will reboot the computer and delete the adware it found.

 

There was more adware and likely some that AdwCleaner missed. Run the scans below and allow them to

remove whatever they find.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Free Virus Scan | Online Virus Scanner from ESET
  • Click the esetonlinebtn.png button in the link above.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Use CCleaner to cleanup the temporary files, logs, cookies, etc. Use the default settings. Pay attention while

installing and UNcheck offers of toolbars such as Yahoo. No need to use the Registry Cleaner tool and it has 

the potential of causing another problem. CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 bygone

bygone
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 09 May 2014 - 04:01 PM

Well I used Junkware removal tool earlier today and eset online test is in progress.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Pavol on pi 09. 05. 2014 at 18:49:27,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3399884995-2808803649-3542752372-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricel_equalizer_dlya_world_of_tanks_0_8_8_0_8_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricel_equalizer_dlya_world_of_tanks_0_8_8_0_8_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricel_equalizer_dlya_world_of_tanks_0_8_8_0_8_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricel_equalizer_dlya_world_of_tanks_0_8_8_0_8_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 09. 05. 2014 at 18:59:32,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 bygone

bygone
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 11 May 2014 - 01:57 AM

Many thanks to you. Seems that one step helped, I haven't seen that page since I did what you wrote. Thank you very much for help :thumbup2:



#7 buddy215

buddy215

  • Moderator
  • 13,102 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:01 AM

Posted 11 May 2014 - 05:57 AM

Good...you're welcome!

 

FYI...there is one website that contains a lot of popular programs that when downloaded from there do not contain adware.

Ninite - Install or Update Multiple Apps at Once You can just use their downloads or you have the option to install their update service, too.

A lot of programs attempt to install adware along with their updates.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users