Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Chrome hijacked - can't find why

  • Please log in to reply
2 replies to this topic

#1 bluenote


  • Members
  • 2 posts
  • Local time:07:30 AM

Posted 08 October 2014 - 03:36 PM

Randomly, when clicking on links in Google Chrome, I am taken to a website that is NOT what I clicked on.  I'm fairly certain that I've got some kind of browser hijacking going on, but I can't find it.
For example, today I clicked on a recent story on CNN, and was taken to an ad for Spyware Clear instead.  I've seen this behavior from several websites, including MSNBC, various blogs that I read, and business sites.  I'm fairly certain it's not coming from the site itself.
I've run Ad-Aware several times, including deep scans (which take 9+ hours on this machine), and Malware Bytes.  Neither can find anything.
I'm running Chrome 37.0.2062.124.  I've tried disabling all of my extensions and still got the same behavior.
I've tried other browsers and haven't seen the ads come up, but it's intermittent so that might not mean anything.
Windows 8.1 (combofix won't work).
Fairly recent Lenovo laptop, nothing fancy.

BC AdBot (Login to Remove)


#2 bluenote

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:30 AM

Posted 08 October 2014 - 04:59 PM

As a test, I switched to FireFox for a while.  Had the same problem.


I downloaded and ran HijackThis, it came up with some extraneous entries added to the hosts file.  Various hosts including connect.facebook.com and google-analytics.com were being redirected to an IP in South Africa.


Whatever changed my hosts file did it in a few sneaky ways.  The hosts file was marked as hidden, read-only, and system, so the file didn't show up in regular file explorer windows.  My previous hosts file was copied to a new file called hosts.txt, and with default settings that just shows up as "hosts" because the extension is hidden.  The entries were added after about 100 blank lines, so when I found the file an opened it for editing, it looked like a normal hosts file until I scrolled down.


To fix, I had to go to the command line to alter the attributes, following instructions here:



For now it looks like I've solved it, but I'll certainly be back if it's not a permanent solution.

#3 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:10:30 PM

Posted 08 October 2014 - 05:22 PM

Hi -

A couple of things that may help you if I understand your post -



Reset the Hosts file automatically, click the Fix it link below.
Click Run in the File Download dialog box, and then follow the steps in this Fix it wizard. >> http://go.microsoft.com/?linkid=9668866


Run these few quick scans and then Copy and Paste the logs back here.



Please download and run RKill by Grinler.

  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes

Please Copy and Paste the log back here.

Do not reboot your computer until you complete the next step.

  NOW :

  • Download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.


  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
    Copy and Paste the contents of that log in your next reply.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.




Next - Please download Junkware Removal Tool to your desktop.
* Temporarily Disable your Antivirus now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for Rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You may be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log with the date you just scanned ( Day / Month and Year xx /xx/xxx. )
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
If nothing was found you would have had a Green Tick at the end of the scan, and an empty log.




Thank You -

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users