Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer browsers keep redirecting to porn sites.


  • Please log in to reply
10 replies to this topic

#1 KC13

KC13

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 22 August 2015 - 11:59 AM

Hello,

 

A friend's computer (Lenovo laptop, Windows 7) got to the point that the internet wasn't accessible at all. I ran just about all the anti-virus and anti-malware programs I could think of and now she has access to the net again. The problem is that sometimes (not every time) her browsers (IE and Chrome) are being redirected to porn sites.

 

The problem here is that she does  not understand computers at all. I would have to download recommended files to a usb device then go over to her place and run them. I could only do this once a week, so there would be some delay between postings and replies.

 

Any advice is appreciated.

 

Ken



BC AdBot (Login to Remove)

 


#2 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 22 August 2015 - 12:48 PM

Did you check the hosts file to see if there is local DNS poisoning for certain websites? Make sure the hosts file has not been maliciously changed.

 

After you do that I would run HijackThis and MalwareBytes Anti-Malware and CCleaner (you want to delete all temporary files and also make sure there is nothing malicious in startup). Then reset her browsers to the default settings.

 

NoScript is a good add-on in Firefox. Consider installing MalwareBytes Anti-Exploit (protection against exploit kits).


Edited by packetanalyzer, 22 August 2015 - 12:55 PM.


#3 JohnC_21

JohnC_21

  • Members
  • 22,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 AM

Posted 22 August 2015 - 12:48 PM

I would run the following programs

 

Adwcleaner

 

Junkware Remover

 

HitmanPro

 

I would backup the bookmarks/favorites of each browser and do a reset of each. Any addons will need to be reinstalled

 

Firefox reset

 

Chrome reset

 

After the reset add the following extensions to firefox. Noscript and Adblock Plus (ublock takes the place of the previous two) and ghostery. Enable all options in ghostery

 

After the Chrome reset use the following extensions.  Adguard and  or ublock. Also Ghostery.

 

Tell your friend to do their browsing in a Limited User Account and not an Admin account. Provide a strong password for the Admin account and if the UAC pops up during a browsing session block the download.

 

If your friend uses MSE or Defender, change to something like Bitdefender Free or Panda Free.


Edited by JohnC_21, 23 August 2015 - 11:26 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:15 AM

Posted 22 August 2015 - 03:36 PM

After you do that I would run HijackThis and...

 

Hijack This is an outdated tool...and is not used/allowed in this forum.  Please see Malware Removal Tools Not To Be Suggested Outside MRL Forum - http://www.bleepingcomputer.com/forums/topic182397.html .

 

Thanks for understanding :).

 

Louis



#5 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:15 AM

Posted 22 August 2015 - 03:39 PM

 

After you do that I would run HijackThis and...

 

Hijack This is an outdated tool...and is not used/allowed in this forum.  Please see Malware Removal Tools Not To Be Suggested Outside MRL Forum - http://www.bleepingcomputer.com/forums/topic182397.html .

 

Thanks for understanding :).

 

Louis

 

 

Sorry Louis. Thanks for letting me know.



#6 KC13

KC13
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 23 August 2015 - 10:39 AM

Thank you gentlemen! I will be going to her house this coming Friday after which I will post the results of the above recommendations.



#7 JohnC_21

JohnC_21

  • Members
  • 22,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 AM

Posted 23 August 2015 - 11:27 AM

See my edited post. For Chrome you only need Adguard or ublock, not both. I would recommend ublock as that also has script blocking.



#8 KC13

KC13
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 29 August 2015 - 11:46 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.5.9 (08.27.2015:1)

OS: Windows 7 Home Premium x64

Ran by Judy on 28/08/2015 at 14:31:53.76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

 

~~~ Tasks

 

Successfully deleted: [Task] C:\Windows\system32\tasks\Program Manager

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\SysWOW64\sho4442.tmp

Successfully deleted: [File] C:\Windows\SysWOW64\sho4B73.tmp

Successfully deleted: [File] C:\Windows\SysWOW64\sho677E.tmp

Successfully deleted: [File] C:\Windows\SysWOW64\sho7ABA.tmp

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Judy\Appdata\Local\{52AE9152-C7F4-46A0-ACDF-89649981A2FC}

Successfully deleted: [Empty Folder] C:\Users\Judy\Appdata\Local\{9647F52A-1FDD-4CD1-9BD6-D94A74EBEEE1}

Successfully deleted: [Empty Folder] C:\Users\Judy\Appdata\Local\{B5CDEEBB-3F6C-42E3-A849-C8F1F493F081}

Successfully deleted: [Folder] C:\ProgramData\google

Successfully deleted: [Folder] C:\Users\Judy\Appdata\Local\downloaded installers

Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers

 

 

~~~ Chrome

 

[C:\Users\Judy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Judy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Judy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Judy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28/08/2015 at 14:46:23.34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 KC13

KC13
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 29 August 2015 - 11:48 AM

# AdwCleaner v5.003 - Logfile created 28/08/2015 at 14:50:20

# Updated 20/08/2015 by Xplode

# Database : 2015-08-25.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Judy - JUDY-PC

# Running from : C:\Users\Judy\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled tasks ] *****

 

***** [ Registry ] *****

 

***** [ Web browsers ] *****

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [515 bytes] ##########


Edited by KC13, 29 August 2015 - 11:53 AM.


#10 KC13

KC13
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 29 August 2015 - 11:50 AM

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host

 

# localhost name resolution is handled within DNS itself.

# 127.0.0.1       localhost

# ::1             localhost


Edited by KC13, 29 August 2015 - 11:53 AM.


#11 KC13

KC13
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 29 August 2015 - 11:52 AM

HitmanPro did not create a log unless I couldn't find it. Her system seems to be running quite a bit better as well. While there, I saw redirects only from one website that she frequents. Some movie site with a something.to address, so it may be the site itself that is doing it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users