Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome using Yahoo as Default Page when Opened


  • Please log in to reply
14 replies to this topic

#1 Miroku16

Miroku16

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 29 July 2014 - 12:01 PM

I have a question regarding Google Chrome.  I have been using it for a long time, so this event in question is new.  Today, I opened my browser today noticed that it used yahoo's news page as the starting point in the browser.  It normally starts with going to google.com.  Instead, it had this in the toolbar: https://www.yahoo.com/?fr=hp-avast&type=avastbcl.  The only thing I know is that I need to open a new tab in order to run my normal searches on google.

 

So my question is: Is this something that Chrome has started doing or is this a virus or something.  It is a new occurence that I would like to understand.  Thank you.

 

Note: all of my browsers are opening yahoo's news homepage. 


Edited by Miroku16, 29 July 2014 - 12:30 PM.


BC AdBot (Login to Remove)

 


#2 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 29 July 2014 - 05:58 PM

Don't know how it changed to Yahoo but here are instructions to change your homepage back.

 

 

 

 

http://www.wikihow.com/Change-Your-Homepage-on-Chrome



#3 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 30 July 2014 - 06:43 PM

It does it for all of my web browsers, including IE and Firefox.  It has never done that before.  Do you think it is a virus if it is happening outside of Google Chrome?



#4 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 30 July 2014 - 10:01 PM

You might wanna scan with Adwcleaner and Malwarebytes to clear out a possible browser hijackers from your computer. A recently installed software bundled with unwanted package might have slipped past through...

 

Download Adwcleaner by Xplode from here.
Click on Adwcleaner and hit the Scan button and will begin to search for PUP and malicious files. Once finished click the Delete/Clean button. Copy and paste the log on your next reply.

 

Scan for Malware using free Malwarebytes
Install then run a quick scan only after updating to the latest definition. Uncheck the trial pro version on setup and remove any found threats after running the scan.
Please post also the result.

 

Manually change your home page on each browser then try reloading. Post of the changes or improvements next time please.


Tekken
 


#5 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 31 July 2014 - 09:01 PM

So, I ran the scans and got the results below.  I also was able to change and refresh the startup page for my google chrome, and it worked.  It no longer went to yahoo's newsfeed.  I will change it for the othe browsers.  However, I noticed something in common with this occurence.  They each use this: ?fr=hp-avast&type=avastbcl

This appears after yahoo.com/.  So does Avast! have anything to do with this?

adw:

# AdwCleaner v3.302 - Report created 31/07/2014 at 21:05:43
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Boot - BOOT-PC
# Running from : C:\Users\Boot\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\RewardsArcadeSuite
Folder Deleted : C:\Users\Boot\AppData\Local\RewardsArcadeSuite
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Boot\AppData\Roaming\Mozilla\Firefox\Profiles\q0pmg3ug.default\prefs.js ]
 
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
 
-\\ Google Chrome v
 
[ File : C:\Users\Boot\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2448 octets] - [31/07/2014 21:01:20]
AdwCleaner[S0].txt - [2356 octets] - [31/07/2014 21:05:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2416 octets] ##########
 
 
MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/31/2014
Scan Time: 9:38:20 PM
Logfile: -mbamlog-7-31-14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.31.09
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Boot
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349542
Time Elapsed: 16 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

Edited by Miroku16, 31 July 2014 - 09:15 PM.


#6 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 01 August 2014 - 12:36 AM

This appears after yahoo.com/.  So does Avast! have anything to do with this?

 

I believe its avast features but cannot comment further as currently no avast software is installed in my computer. See avast web protection or search for the problem online as certainly numerous results would be able to shed light on the problem. See feedback avast.
 


Edited by jhayz, 01 August 2014 - 03:16 AM.

Tekken
 


#7 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 01 August 2014 - 03:59 PM

Okay.  So, it is not a virus or anything?



#8 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 01 August 2014 - 05:55 PM

It appears to be what is called a Potentially Unwanted Program (PUP). So it's not a virus that will kill your PC but something that will change your settings on your PC without your knowledge. I don't know if this was caused by Avast. I don't use it either. The way you usually get PUPs is when you download something from the internet, you may get something extra like a toolbar. You are supposed to get the option of refusing the PUP but many users don't pay attention when they are downloading and they don't realize what has happened. Companies get paid for these PUPs. So you just need to be a little more vigilant. I also suggest you download Malware Bytes right here on BC and scan with it regularly as it will find PUPs.

 

 

 

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/


Edited by frankp316, 01 August 2014 - 05:56 PM.


#9 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 01 August 2014 - 08:31 PM

Do you still received the avast extension on url addresses? You can download and re run Adwcleaner just for good measure. Please post the results. Include also Junkware Removal Tool and Ccleaner.

 

Download JRT by thisisu from this link.
Make sure to disable your antivirus or any running protection softwares before running JRT to avoid interferences.
For Vista and Windows 7, right-click and Run as Administrator. In XP, double click JRT icon.
Please be patient and let the program finish scanning.
Once finish, a text document will open then copy-paste it on your next reply.

 

Try clearing your cache files : Free Ccleaner
Ignore the Registry feature of Ccleaner as it is not recommended or needed.

 

See also changing search engine for google.


Tekken
 


#10 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 03 August 2014 - 08:56 PM

I ran the scans and here is the one from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Boot on Sun 08/03/2014 at 21:15:42.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CD84654-2663-42B6-9F27-BB638526D463}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/03/2014 at 21:24:07.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
It still has IE and Firefox using yahoo as a default page.  However, it may be just a defensive action that avast may have done.  I think this is what I am experiencing;

 

https://feedback.avast.com/responses/avasti-antivirus-is-itself-a-virus



#11 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 04 August 2014 - 02:20 AM

Can you check your FF and IE internet options?

 

In Internet Explorer options go to Manage Addons - Click Search Providers.

Highlight preferred search engine then right-click to move up and or disable not wanted search provider among list.

Go to Toolbars and Extension - Disable unwanted tabs related to your problem.

Go to General tab in Internet options and input your preferred homepage (ex. http://www.google.com), hit apply and ok. Note : You can use 2 or more homepages under the home page box.

 

In Firefox, Tools - Addons

Disable under Plugins, Avast/Yahoo plugins.

Check also under Extensions.

 

Did you run Adwcleaner again as suggested? Remove cookies, temporary files and history on all browsers using Ccleaner or see previous post#9.


Tekken
 


#12 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 August 2014 - 09:32 AM

Okay, so I disabled/removed the all of the avast add-ons that were reated to my problem.  I also just reverted my homepages back to their default pages.  I also ran the adwcleaner scanner again.  Here are the results:

 

# AdwCleaner v3.302 - Report created 05/08/2014 at 10:22:17
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Boot - BOOT-PC
# Running from : C:\Users\Boot\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Boot\AppData\Roaming\Mozilla\Firefox\Profiles\q0pmg3ug.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Boot\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2448 octets] - [31/07/2014 21:01:20]
AdwCleaner[R1].txt - [1217 octets] - [05/08/2014 10:15:58]
AdwCleaner[S0].txt - [2500 octets] - [31/07/2014 21:05:43]
AdwCleaner[S1].txt - [1144 octets] - [05/08/2014 10:22:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1204 octets] ##########
 
 
Is everything fine, or is there another step I need to take to make sure it is clear?


#13 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 05 August 2014 - 07:30 PM

Did you run Ccleaner as per instruction to my previous suggestion also? How's everything running?


Tekken
 


#14 Miroku16

Miroku16
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 August 2014 - 09:21 PM

I did and everything is working fine.



#15 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 06 August 2014 - 09:04 PM

:thumbup2:


Tekken
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users