Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues following Start Menu Update pop-up and homepage-web.com attack


  • This topic is locked This topic is locked
4 replies to this topic

#1 NattyH

NattyH

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 March 2015 - 04:29 AM

Hi everyone.

I have been pulling my hair out in frustration trying to resolve what may be a lingering problem due to the bleeping Pokki Start Menu Update pop-up that I naively didn't realise was an attack when I switched my Lenovo PC on on Saturday and then when opening Firefox straight after found that it, along with IE and Chrome, had been hijacked with the homepage-web.com redirect.

I followed all the instructions I found here for resolving the homepage-web.com hijack and here for the Start Menu Update and removal of Pokki and getting my browsers back to an unhijacked state and Pokki off my system (still furious that such a potentially malicious piece of software came preloaded on what has otherwise been a beautiful Lenovo PC purchased late December!).

 

Everything appeared fine and working correctly, but Saturday was also the day I needed to renegotiate my TV/broadband/phone package with my provider and basically have had my cable broadband upgraded to 50 MB there and then (they upped the speed on the line while I was on the phone with them), but was also sent out a new router as my older setup from them was not guaranteed to support the new speeds.

 

All appeared fine - happy computer was back again. Yay.

 

But a day or so later when I next went on any of the tumblr blogs I follow I would receive a connection was reset message in random image frames and they would load fine if I hit try again (this was in Firefox), I tried the same pages in IE and Chrome and got similar persistent but random loading issues with images here and there but ony tumblr blogs.

 

I have had no issues in any browser with any other websites returning "Connection was reset" or error loading page - I've tried lots of image heavy sites I usually frequent like other blogs, pinterest, facebook, no other websites are giving me problems - just tumblr. Grrr...

 

Tuesday my new superhub arrived and I thought maybe the change of modem/router would fix the issue, but no. Still experiencing the same problem just on tumblr - it's as though the browsers are too quick to say they can't load something as it is almost instantaneous that the "connection was reset" display appears while otherwise they would still be trying to load the page (like they do on other devices in the network).

 

I have cleared the cache and cookies of firefox, I have reset it, I have rest IE completely, I have uninstalled Chrome which was only a recent install with no bookmarks, and have run it with the cache completely cleared and still the problem persists.

 

I am not having this issue with tumblr on any other computer connected via my wifi - my Windows 7 laptop is loading the same problem pages fine in IE and Firefox, another windows 8.1 laptop I borrowed to test this is loading them fine in IE and Firefox, and my iPad is loading them fine. These three are all connected via WiFi.

 

So, I disconnected the Ethernet cable to my PC and tried the same pages via WiFi on it and still no joy. I have been clearing the history and cache frequently between attempts. But stilll nope.

 

I have run frequenet Malware Bytes scans and Adwcleaner scans since this all kicked off on Saturday. Malwarebytes returns nothing - no threats, adwcleaner returns the same false positive results for the registry but nothing else hinky.

 

I have rebooted the new router - no difference.

 

So I am banging my head against the wall here, because everything appears to be hunky dory except for this niggling issue with loading tumblr sites that have reblogged image posts.

 

It makes me question whether there is still some malware or something nasty lurking that is not being picked up and really, why am I getting these "connection was reset" issues just on tumblr when everything else is working fine? It's just not logical and I just want to get this resolved. I hate illogical things like this, mysteries bug me!

 

I'm currently away from my home PC for the next few hours, but wanted to get the ball rolling if at all poss. on what the next steps to take are.

 

If anyone could help I would be so grateful!

 

Thanks!

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:43 AM

Posted 26 March 2015 - 11:45 AM

Hi, as this Pokki thing is installed by Lenovo and has a few names with long tentacles, I feel it best to get a deeper look to find it all.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 NattyH

NattyH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 March 2015 - 01:48 PM

Thanks for the response boopme - will link up the new topic when the scan is done. :)



#4 NattyH

NattyH
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 March 2015 - 01:55 PM

New thread and logs are now here.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:43 AM

Posted 26 March 2015 - 02:00 PM

You're Welcome!
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users