Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeing pop-ups and redirected links, also problem with Blizzard app?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mrb0unZz

Mrb0unZz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 May 2017 - 07:58 PM

Hey guys :)

 

I have pop-ups appearing when using websites (some more than others, facebook seems fine but I get loads when on this forum for example) and lots of links redirect me to pop-ups etc. This appears to have gotten worse since I began trying to fix my initial problem, which was that I was getting bombed (constant spam of new tabs) in google chrome or internet explorer when the 'Blizzard app' was open.

 

I have previously spoken to an Advisor on this forum, who linked me here and gave me instructions on what I should do after we attempted to fix the problem. I have tried multiple methods so far to fix the issues I was having with Blizzard app and pop-up spam, to no avail (the problem has got worse as now I struggle to use sites like this at all because of pop-ups/re-directs/dodgy links). I feel it would be easier if I just link you to my original thread so you can get a better idea of what has been happening, what I have tried and also the logs for the programs that I have run so far (https://www.bleepingcomputer.com/forums/t/646002/help-please/).

 

My problems with Blizzard app 'seem' to be time sensitive, that is, I can leave the app open for most of the day but around 9/10pm GMT chrome would open itself and start the spam (like 40 tabs open and continuing to open them until the PC goes really slow and I have to use task manager to first close the blizzard app and then chrome, otherwise it would just re-open chrome). Since trying to fix all this there seem to be other problems occurring (I have random pop-ups when visiting some sites, sometimes a white box that covers the screen and tries to redirect me somewhere (not clicked) and reimage repair and sex-game pop-ups etc. as well as dodgy links that re-direct me to ad-pages. :( 

 

Any help would be much appreciated, I will attach the requested logs as requested. :) 

 

Kind Regards

Mr b0unZz

 

 

Attached File  FRST.txt   100.07KB   3 downloads

Attached File  Addition.txt   60.19KB   2 downloads

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 09 May 2017 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Chrome Web Store Payments) - C:\Users\abby smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\abby smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
CustomCLSID: HKU\S-1-5-21-92575206-1544861781-2143437628-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6D153CDFDE5D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {02962982-C698-47CA-BFAD-D3A5B1A34A9A} - System32\Tasks\{C84106BF-7FEA-B114-5A5C-DCE6E921C341} => C:\ProgramData\{685DC7BB-DFF6-7010-93F0-7AFE961761F2}\3E0F5DA8-89A4-EA03-B9E3-4E2776D2733E.exe  <==== ATTENTION
Task: {0D30B160-E46B-4596-8EDE-74926AB9E14E} - System32\Tasks\{90E3A2FB-2748-1550-C9C3-F8F0DB66F8E0} => C:\ProgramData\{E3D012BB-547B-A510-A48E-99C6C676B24D}\71CE895C-C665-3EF7-3E39-3E49C9A6E264.exe  <==== ATTENTION
Task: {280981F0-7AA8-4408-AF04-8C7DA8638F17} - System32\Tasks\{D0ADB203-6706-05A8-63C1-4AEE9A57FDD1} => C:\ProgramData\{CE56FB4B-79FD-4CE0-01D4-5A17CCD98067}\C3E096F2-744B-2159-71DE-C37C65EC5564.exe  <==== ATTENTION
Task: {919E320E-DE0A-4045-BAE7-BA04DF46987D} - System32\Tasks\{4085BA8F-8EE3-FFD9-862B-CE073E35A110} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\50cb6c7e\6ce971a3.dll" <==== ATTENTION
Task: {9F8D8CE5-F75B-4F3B-9D8F-EC364E6C0952} - System32\Tasks\{E41E814C-53B5-36E7-1615-6BE32EAC8588} => C:\ProgramData\{59064E66-EEAD-F9CD-97F8-251AB35F9641}\E497B789-533C-0022-CC1F-860226AA8DCB.exe  <==== ATTENTION
Task: {D4C2286B-8DE8-415F-B899-76B80880A16A} - \{7F7D0D47-0F7D-7F78-7A11-0E780B08110F} -> No File <==== ATTENTION
Task: {D80629EA-8F3C-4C78-A293-F05935283A33} - System32\Tasks\{73C09C29-C46B-2B82-6B7F-611FC69C17D6} => C:\ProgramData\{A2CD66C6-1566-D16D-A07E-581392F1422C}\C6FD14A9-7156-A302-C2DF-9A075F3E9354.exe  <==== ATTENTION
Task: {D9745F03-2C8A-476E-8C5A-407552491AFA} - System32\Tasks\{1F2D2DCB-A886-9A60-4290-24C6F3B32CA8} => C:\ProgramData\{702FB636-C784-019D-8364-718EAA33DC98}\647820C9-D3D3-9762-FD2F-9CC141097F71.exe  <==== ATTENTION
Task: {DE963EFC-D875-4D14-B117-1FBBF88A4E2F} - System32\Tasks\{115A39F1-A6F1-8E5A-34FA-B1EF71257020} => C:\ProgramData\{AB8BED33-1C20-5A98-945A-1B0BC12F9F44}\107810C8-A7D3-A763-5A1B-1199E413AB7A.exe [2017-05-08] () <==== ATTENTION
C:\ProgramData\{685DC7BB-DFF6-7010-93F0-7AFE961761F2}
C:\ProgramData\{E3D012BB-547B-A510-A48E-99C6C676B24D}
C:\ProgramData\{CE56FB4B-79FD-4CE0-01D4-5A17CCD98067}
C:\PROGRA~3\50cb6c7e
C:\ProgramData\{59064E66-EEAD-F9CD-97F8-251AB35F9641}
Task: {D4C2286B-8DE8-415F-B899-76B80880A16A} - \{7F7D0D47-0F7D-7F78-7A11-0E780B08110F}
C:\ProgramData\{A2CD66C6-1566-D16D-A07E-581392F1422C}
C:\ProgramData\{702FB636-C784-019D-8364-718EAA33DC98}
C:\ProgramData\{AB8BED33-1C20-5A98-945A-1B0BC12F9F44}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

ADOBE SHOCKWARE

Navigate to this page and follow the instructions and get the latest version.
https://www.adobe.com/shockwave/welcome/

=====

Remove this program in bold via the Control Panel > Programs > Programs and Features if still present.
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
===

Please let me know what problem persists with this computer.

#3 Mrb0unZz

Mrb0unZz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 10 May 2017 - 07:36 AM

Hey nasdaq, 

 

We left both Chrome and the Blizzard app open all night last night and no issues! Also nothing coming up in browser or links being re-directed, you are quite literally a miracle worker!! I'll keep an eye on it over the next few days to make sure nothing else comes up or if the problem occurs again (I'm still worried it might as before it only happened at certain times, I feel like whoever is doing it could have just taken the night off) and then post another response letting you know either way in a few days time. 

 

I can't believe the work that you guys do, especially voluntarily - it's amazing! Keep it up!

 

Kind Regards

Mr b0unZz



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 10 May 2017 - 07:43 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

p.s.
Let me know if it returns.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users