Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect not only while searching


  • Please log in to reply
15 replies to this topic

#1 Arcanis

Arcanis

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 01 September 2015 - 11:09 AM

Hello Guys. 

I've read other posts, but since I think that each situation is individual and unique I'm going to ask for help for that problem.

I have a browser redirect. It appears to affect only Chrome and not Internet Explorer.

The redirections not always happen, but just the first time I click after a while on any link or on ANY point of the page without hyperlink.

I've read a lot of guide on internet. 

I've run a lot of programs than you listed on other posts, but nothing, the redirection is here. 

I do not have any extension in the browser.

I do not have any suspicious program in the control panel.

Thanks for any answer, bye



BC AdBot (Login to Remove)

 


m

#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 01 September 2015 - 11:24 AM

Hello and welcome to BC,

 

Which programs did you use?

 

If you have any logs, please copy/paste them here to see.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 znow

znow

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 01 September 2015 - 11:28 AM

Hi

 

mmm it's similar to my problem, i'm finishing the second round of tests

 

 

http://www.bleepingcomputer.com/forums/t/588567/adv-everywhere-when-click-in-link-e-in-empty-space-only-when-i-login-in-chrome/

 

only with chrome, only when i login in chrome with a specific user

 

 

can you verify if you have these files in Local Storage in Chrome?

 

http_static.re-markable00.re-markable.net_0

https_static.pricepeep00.pricepeep.net_0

https_static.selectgo00.selectgo.net_0

 

i deleting them with cleaning software but they are regenerated continuously



#4 Arcanis

Arcanis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 01 September 2015 - 11:47 AM

I've used ADWCleaner, Hitman PRO, TDS Killer. 

Atm I have no logs, which tool i should use?

 

Znow sorry I do not have those entries in chrome's local storage..

 

thanks for the fast answer



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 01 September 2015 - 11:51 AM

Let's do the complete check:

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

------

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

----------

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

------------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

-------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 Arcanis

Arcanis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 01 September 2015 - 01:51 PM

There's all the logs requested. Thanks

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/01/2015 06:52:46 PM in x64 mode.
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
 * HOSTS file entries found: 
 
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 0.0.0.0.0
  127.0.0.1 m.fr.a2dfp.net
  127.0.0.1 mfr.a2dfp.net
  127.0.0.1 ad.a8.net
  127.0.0.1 asy.a8ww.net
  127.0.0.1 static.a-ads.com
  127.0.0.1 atlas.aamedia.ro
  127.0.0.1 abcstats.com
  127.0.0.1 ad4.abradio.cz
  127.0.0.1 a.abv.bg
  127.0.0.1 adserver.abv.bg
  127.0.0.1 adv.abv.bg
 
  20 out of 79 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 09/01/2015 06:52:55 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 
-------------------------------------------------------------------------
 
C:\Users\KyuubiArcanis\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTGZT7\1[1].zip a variant of Win32/ELEX.CP potentially unwanted application deleted - quarantined
C:\Users\KyuubiArcanis\AppData\Local\Temp\is386526232\38DE72CE_stp\May12_3695_cor_sweet-page.exe a variant of Win32/LiMo.C potentially unwanted application cleaned by deleting - quarantined
C:\Users\KyuubiArcanis\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
C:\Users\KyuubiArcanis\AppData\Roaming\Wondershare\MobileGo\TempRoot\root\pwn Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
D:\Formattazione HD\Super\Documenti Vecchi\FAMIGLIA\LEANDRO\The All-Seeing Eye v2.3.6 Incl Keygen.zip a variant of Win32/Keygen.AD potentially unsafe application deleted - quarantined
D:\Program Files (x86)\Grand Theft Auto V\3dmgame.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
D:\Torrent\Download\Project.CARS-RELOADED\rld-prca.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
 
--------------------------------------------------------------------------
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data scansione: 01/09/2015
Ora scansione: 20:37
File di log: malbb.txt
Amministratore: Sì
 
Versione: 2.1.8.1057
Database malware: v2015.09.01.05
Database rootkit: v2015.08.16.01
Licenza: Gratuito
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata
 
SO: Windows 8.1
CPU: x64
File system: NTFS
Utente: KyuubiArcanis
 
Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 371430
Tempo impiegato: 5 min, 55 sec
 
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata
 
Processi: 0
(Nessun elemento nocivo rilevato)
 
Moduli: 0
(Nessun elemento nocivo rilevato)
 
Chiavi di registro: 0
(Nessun elemento nocivo rilevato)
 
Valori di registro: 0
(Nessun elemento nocivo rilevato)
 
Dati di registro: 0
(Nessun elemento nocivo rilevato)
 
Cartelle: 0
(Nessun elemento nocivo rilevato)
 
File: 0
(Nessun elemento nocivo rilevato)
 
Settori fisici: 0
(Nessun elemento nocivo rilevato)
 
 
(end)
 
-------------------------------------------------------------------------------------------------
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 Pro x64
Ran by KyuubiArcanis on 01/09/2015 at 20:45:16,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B38F1E6AAB9EAAE066635C6D32E7658
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\KyuubiArcanis\Appdata\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
 
[C:\Users\KyuubiArcanis\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\KyuubiArcanis\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\KyuubiArcanis\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\KyuubiArcanis\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  lbfehkoinhhcknnbdgnnmjhiladcgbol
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/09/2015 at 20:46:50,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 01 September 2015 - 01:57 PM

Do you still have a problem?

 

If yes, try this:

 

Reset Chrome (http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/)
Click on "Customize and control Google Chrome":
Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 Arcanis

Arcanis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 01 September 2015 - 06:04 PM

Unfortunately yes, I still have the problem.

And I have already tried resetting chrome :(



#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 02 September 2015 - 02:37 AM

Click on "Customize and control Google Chrome",

Click on About and check if you have "dev" version of Chrome installed or normal version (something like this: http://i.imgur.com/WFTOmYn.png)

 

 

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.

--------

 

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
  • ----------

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 Arcanis

Arcanis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 03 September 2015 - 08:02 AM

This is security check 

 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Java version 32-bit out of Date! 
 Google Chrome (44.0.2403.157) 
 Google Chrome (45.0.2454.85) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
--------------------------------------------------------------------------------------
 
and this emergency kit 
 

Emsisoft Emergency Kit - Versione 10.0
Ultimo aggiornamento: 03/09/2015 14:55:06
Account utente: Arcanis\KyuubiArcanis
 
Impostazioni scansione:
 
Tipo scansione: Scansione Malware
Oggetti: Rootkits, Memoria, Tracce, Files
 
Rileva PUPs: On
Archivio scansioni: Off
Scansione ADS: On
Filtro estensione dei file: Off
Caching avanzato: On
Accesso diretto al disco: Off
 
Scansione avviata: 03/09/2015 14:55:20
Value: HKEY_USERS\S-1-5-21-4167542002-2103454883-609795829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR rilevati: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4167542002-2103454883-609795829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS rilevati: Setting.DisableRegistryTools (A)
 
Scansionati 86851
Rilevato 2
 
Fine scansione: 03/09/2015 14:57:01
Tempo scansione: 0:01:41
 
Value: HKEY_USERS\S-1-5-21-4167542002-2103454883-609795829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS In quarantena Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4167542002-2103454883-609795829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR In quarantena Setting.DisableTaskMgr (A)
 
In quarantena 2
 
 
thx again


#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 03 September 2015 - 09:09 AM

 

Click on "Customize and control Google Chrome",

Click on About and check if you have "dev" version of Chrome installed or normal version (something like this: http://i.imgur.com/WFTOmYn.png)

 

 

 

Have you checked this?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 Arcanis

Arcanis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 03 September 2015 - 09:34 AM

Yes, already done and I do not have developer version. 

But it's like 20 minutes that I'm not bored by that hijacker...maybe is gone? 
I'll let you know guys

thanks



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 03 September 2015 - 09:37 AM

Ok. Give me a feedback later, so we can finish the job.  :workout:


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 Arcanis

Arcanis
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 03 September 2015 - 09:44 AM

Nothing, I just clicked on a white spot here in this page and the browser redirected me...



#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:18 AM

Posted 03 September 2015 - 09:57 AM

I don't have here much options left. Just 2 options.

 

You can reinstall Chrome:

 

If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
 

§  Close all Chrome windows and tabs.

§  Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)

§  Click Programs and Features.

§  Double-click Google Chrome.

§  Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

 

or

 

You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

 

Start with Step 6 and post FRST log in new topic.

 

Please informe me if you need any help with this second option. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users