Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Popups/Chrome Google Search Redirecting


  • This topic is locked This topic is locked
9 replies to this topic

#1 Buddha61

Buddha61

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 25 July 2017 - 05:44 AM

Let me start first by saying that I downloaded and tried to install a program that ended up being a virus/malware. At first, a bunch of stuff was added, most of which has been removed. This started last week, and since I had run ADWCleaner, MalwareBytes, and SuperAnitSpyware, along with deleting all unknown and seemingly associated programs that were installed. I thought that would fix everything, but it appears that it has not. The only thing that seems to now be a problem, is with Chrome.

 

I will get completely random popups, mostly when I click some links. Sometimes it is a new window/tab, sometimes it opens my link in another tab, and will start the random site in the current tab. Seems to be completely random, and I usually try to close the windows before they load, so I don't know where they redirect. One that seems to come up goes to apple-panda something or other. The other issue in chrome, when I try to search from the address bar (omnibox search I believe), will redirect all searches to a yahoo page. These two issues are annoying, and I assume the result of something left, that I can't seem to find or get rid of.

 

For some reason when I try to add a file to attach, it wont allow me. I hope it is ok, I have uploaded the FRST and Addition logs to Dropbox (to save space in the message), and will link the logs.

 

Addition

FRST Log

 

Thanks in advance for any help.


Edited by hamluis, 25 July 2017 - 05:47 AM.


BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:03 PM

Posted 26 July 2017 - 12:35 PM

Hello, I'm Bezukhov. I'd like to help you with this problem. First some ground rules:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. Just to let you know I'm still a student, and anything I propose needs to be vetted by an instructor, so that might slow things down a bit. The upside is you'll have two heads working on this.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against Bleeping Computer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
One more thing. Do you get these popups and redirects with other browsers? Try Edge and Internet Explorer and tell me what happens.

Edited by Bezukhov, 26 July 2017 - 01:10 PM.

To err is Human. To blame it on someone else is even more Human.

#3 Buddha61

Buddha61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 26 July 2017 - 04:05 PM

When I search in google.com, on both Edge and IE, the search proceeds as normal. When in Chrome, either omnibox or use of google.com for search will result in a redirect. As for the popups, I will have to take a little more time, as I don't ever use the browsers, and at times it can be a while between popups, but from a quick use of the two programs, it appears that they are functioning normally.

 

As part of whatever is infecting Chrome, I am seeing lots of red x in the address bar for trying to load scripts from unauthenticated sources, but it appears that they are being blocked. It even makes me go into the full reply option here to respond, as the quick reply field will say loading.... and not allow me to type.



#4 Buddha61

Buddha61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 28 July 2017 - 10:40 PM

From more use of Edge, it appears that only Chrome is infected. Some pages in Chrome are completely being hijacked, including the forum when I first came to post. I have attached a screenshot of what it looks like. During one of the search redirects, it showed 'Search.feedvertizus.com' as one of the redirects. I much prefer using Chrome, so I will await further information.

Attached Files



#5 Buddha61

Buddha61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 29 July 2017 - 03:30 AM

I do have to say, I thought that I had deleted all the programs through the control panel that I didn't know, but found one more, and uninstalled it. Took a nap, and for now, it appears that Chrome is functioning normally again. No redirects on google searches, and no unauthenticated scripts trying to be run. Might have been that last program causing issues. 

 

As of right now, I believe that I am clean, and this post can be considered resolved. I guess I will know more in the next 24 hours, if it stays clean.



#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:03 PM

Posted 29 July 2017 - 03:11 PM

Sorry for the wait. Nice to hear that this might be solved. I wish I could have been more helpful.

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.



If you wish please run this again:

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 


To err is Human. To blame it on someone else is even more Human.

#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:03 PM

Posted 01 August 2017 - 10:01 AM

Are we finished here?
To err is Human. To blame it on someone else is even more Human.

#8 Buddha61

Buddha61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 02 August 2017 - 08:48 PM

Yes, everything appears to be functioning without popups and redirecting. Feel free to close the topic. 



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:03 PM

Posted 03 August 2017 - 03:38 PM

Since everything's back to normal here's some reading for you:

 

Simple and easy ways to keep your computer safe and secure on the Internet

https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/ 


To err is Human. To blame it on someone else is even more Human.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,404 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 04 August 2017 - 02:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users