Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! My hyperlinks have been hijacked!


  • Please log in to reply
10 replies to this topic

#1 Rigoletto

Rigoletto

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 August 2014 - 02:33 PM

When I hit a hyperlink, I'm being redirected to a variety of commerical sites that hav nothing to do with the purpose. How can I get rid of this? Is it a virus, or has someone taken control somehow?

Edited by Orange Blossom, 19 August 2014 - 02:43 PM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


m

#2 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:09:50 AM

Posted 19 August 2014 - 02:44 PM

Most likely you have installed a browser toolbar or some other form of adware. Generally these types of infections aren't too severe, they are easy to remove and they don't do anything other than annoy. Not always the case though. Malwarebytes is a great free scanner that will identify all sorts of adware/toolbars etc. and easily remove them. I would suggest downloading it and running a full scan, then removing all issues it finds. If you still are having issues, please post in the Virus, Trojan, Spyware, and Malware Removal Logs forum.


-- Matt


#3 Rigoletto

Rigoletto
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 August 2014 - 02:48 PM

Thanks for the quick reply. Since the link you supplied has been hijacked, can I simply google Malwarebytes, or use CNET?



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:09:50 AM

Posted 19 August 2014 - 02:54 PM

Please do not post in Malware Removal Logs just yet.

 

We do have members and staff who can help you here in Am I Infected. One of them will give you the proper tools to use and guide you through the clean up process.

 

If your issue requires more advanced tools the helper here will direct you to Malware Removal Logs.



#5 Rigoletto

Rigoletto
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 August 2014 - 04:09 PM

I downloaded Malwarebytes and yes indeed! it worked! The problem seems to have disappeared, so thank everyone so much!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:50 AM

Posted 19 August 2014 - 04:32 PM

Please post the complete results of your Malwarebytes scan for review.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:50 AM

Posted 19 August 2014 - 04:33 PM

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Rigoletto

Rigoletto
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 August 2014 - 05:00 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/19/2014
Scan Time: 12:53:05 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.19.09
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jmarsh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316040
Time Elapsed: 12 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.ArcadeGiant.A, HKU\S-1-5-21-2522335498-833048787-1260035780-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4FD3B33A-372C-439E-BB87-017365EC693C}, No Action By User, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4FD3B33A-372C-439E-BB87-017365EC693C}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{41829420-151B-4920-B8A5-16BE4601B42A}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{62970E2F-A895-4848-B46C-FBD071192995}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B3B723CD-7242-4775-B10E-74DB7F4CB5A1}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{62970E2F-A895-4848-B46C-FBD071192995}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKU\S-1-5-21-2522335498-833048787-1260035780-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{41829420-151B-4920-B8A5-16BE4601B42A}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4FD3B33A-372C-439E-BB87-017365EC693C}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKU\S-1-5-21-2522335498-833048787-1260035780-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4FD3B33A-372C-439E-BB87-017365EC693C}, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, HKU\S-1-5-21-2522335498-833048787-1260035780-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BEC0B5A9-4CE8-4873-90E5-345E66A944DB}, Quarantined, [4332b31584f78da9729f198716eb42be],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant, Quarantined, [f67fa7214b3003338d1a19cf659de020],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\chrome, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\chrome\content, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Local\ArcadeGiant, Quarantined, [78fd9335f4873006deb93f96639f3bc5],

Files: 18
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Local\ArcadeGiant\agiantie.dll, Quarantined, [393cfcccbebd74c22b050c6153af25db],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Local\ArcadeGiant\bkr.exe, Quarantined, [2c49f9cfa2d9142255bc4c543dc4e41c],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Local\ArcadeGiant\uninstaller.exe, Quarantined, [4332b31584f78da9729f198716eb42be],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Local\ArcadeGiant\updater.exe, Quarantined, [066fae1a572477bfd041e8b88d7459a7],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant\Play ArcadeGiant Games.url, Quarantined, [f67fa7214b3003338d1a19cf659de020],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant\Uninstall.lnk, Quarantined, [f67fa7214b3003338d1a19cf659de020],
PUP.Optional.ArcadeGiant.A, C:\Windows\Tasks\ArcadeGiant Updater.job, Quarantined, [8ee715b39dde7fb79612de0afd05748c],
PUP.Optional.ArcadeGiant.A, C:\Windows\System32\Tasks\ArcadeGiant Updater, Quarantined, [4530fdcb710ae452298092565da51ae6],
Trojan.Agent.TPL, C:\Users\jmarsh\AppData\Roaming\Microsoft\Windows\Templates\2433f433, Quarantined, [ec8923a5a6d5b680f7e3a674bc48ce32],
Trojan.Agent.TPL, C:\ProgramData\2433f433, Quarantined, [9cd9d3f5215a1323409b7f9b52b238c8],
Trojan.Agent.TPL, C:\Users\jmarsh\AppData\Roaming\2433f433, Quarantined, [2a4b2f9984f70630db003cdea064ce32],
Trojan.Agent.TPL, C:\Users\jmarsh\AppData\Local\2433f433, Quarantined, [adc8e3e5f487a78f4e8ec05aef158e72],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\chrome.manifest, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\icon.png, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\install.rdf, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\chrome\content\browser.xul, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Roaming\Mozilla\Firefox\Profiles\2ag8t4lh.default-1393178646574\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE}\chrome\content\script.js, Quarantined, [aacb20a8bac1181e4353d6fff210fd03],
PUP.Optional.ArcadeGiant.A, C:\Users\jmarsh\AppData\Local\ArcadeGiant\agnt.config, Quarantined, [78fd9335f4873006deb93f96639f3bc5],

Physical Sectors: 0
(No malicious items detected)


(end)



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:50 AM

Posted 19 August 2014 - 05:18 PM

Your scan log(s) show that most of the detections were related to Potentially Unwanted Programs (PUPs) which do not fall in the same category as malicious files such as viruses, Trojans, worms, rootkits and bots. In most cases they are related to junk software, toolbars, add-ons/plug-ins, and browser extensions bundled with other free third-party software you download from the Internet.

These bundled packages, installers and downloaders can often be the source of various issues and problems to include Adware, pop-up ads, browser hijacking which may change your home page and search engine, and user profile corruption.

PUPs are a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Rigoletto

Rigoletto
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 19 August 2014 - 06:14 PM

Also, ESET has been run; no threats. (I run this fairly regularly)



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:50 AM

Posted 19 August 2014 - 06:41 PM

Ok then you should be good to go.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users