Published on January 2, 2015 By kona0197 In Personal Computing

So on the machine I use everyday I have an issue. I use Chrome. When in Chrome, I get constant redirects and popups. 

I have tried the following with these results:

AVG full scan - clean
MSE full scan - clean
Malewarebytes - clean
Superantispyware - clean
Spybot - clean
ADWcleaner - clean
Hitman PRO - clean

The popups and browser hijacks have to be some sort of virus. But all of these say the machine is clean??? 


Comments (Page 1)
on Jan 03, 2015

Sucks to be you on Chrome, Kona.  Hope somebody here, unlike me, can be of help.

on Jan 03, 2015

Check the add-ons of Chrome or unknown applications at "Add/Remove Programs" applet in your system. Also look for Task manager for nondescript .exe(s) or services which running on the background.  

Sometimes,the bothersome applets was/were piggybacked from other software you installed and masqueraded as legitimate which cannot be detected with its signature/code.  

 

The last,it's better share some informations of what's the popup about:its vendors,links for anyone whom might has similar encounters and know how to solve it straightaway.  

 

on Jan 03, 2015

Try running an application called Hijack This. It will scan the system including Browsers and let you know all about any Addons that have infiltrated Browsers. Be careful before removing things though because the program makes no distinction between what is good or bad, It just scans the computer and generates a list of Addons, Browser hijacks (Of which some are legitimate). And if in doubt you can submit the results to the Hijack This forums for some expert advice on what is what and what can be safely removed.

 

Oh and it's completely free, Did i mention that

 

http://www.majorgeeks.com/files/details/trend_micro_hijackthis.html

 

Good luck Kona

on Jan 03, 2015

kona, it sound like you might have 'toolbar hell', I would suggest using the iobit uninstaller and looking through the list for ANY items that have the following words 'tool' 'bar' 'toolbar' 'search protect' ,'ask'

then uninstall ALL the items that have those words (I also suggest the deep scan after the standard unistall and select all the found items and delete all of the found items.

then go through ALL the browser addons and remove ALL that are NOT vital for what YOU want to do

hope this helps you kona

harpo the NON-subscriber

on Jan 03, 2015

harpo99999

kona, it sound like you might have 'toolbar hell', I would suggest using the iobit uninstaller and looking through the list for ANY items that have the following words 'tool' 'bar' 'toolbar' 'search protect' ,'ask'

I am sorry,I have biased towards IObit software or any software from China. Said I am paranoid whatsoever,the experiences I have are not good.  

 

on Jan 03, 2015

Hopefully Hijack This will help, if not... try a herdProtect scan...more engines to look at your machine. 

Perhaps you can give us more info. What did you install or site did you visit before all this started?

on Jan 03, 2015

I personally do not recommend HiJackThis. I used to use it for years, but then all of a sudden, regardless of version, it would not work correctly. You would do a fix on an item for instance a "Missing File" item and it would complete, but when you did another scan that same item shows up again. Even running in administrator mode did not work. Also, unless you know exactly what you are doing, you can easily screw your system up with it as it displays a lot of items that are perfectly fine.

on Jan 03, 2015

system restore?

on Jan 03, 2015

might try looking at your proxy settings to see if something redirected you.

Open Chrome settings, Show Advanced settings. Under Network, hit the Change proxy settings buttons. (which opens IE internet settings..). Go to LAN settings.

It should just have the Automatically detect settings box checked. NOTHING else. If you have something in the other boxes, that would be your culprit and something else is changing it.

on Jan 03, 2015


Either you do what Nimbin suggested and go for hijack this or you go the good old routine tour
YOu should also check if your tools are up to date:
Get these tools on a USB drive from a clean system

OTL= Link
Tutorial in german if you need help scream
http://www.trojaner-board.de/85104-otl-otlogfile-by-oldtimer.html 

----------------------------------------------------------------------------------

Malwarebytes Antimalware + Anti Rootkit = http://filepony.de/download-malwarebytes_anti_malware/
http://filepony.de/download-malwarebytes_anti_rootkit/

----------------------------------------------------------------------------------
AdwCleaner = http://filepony.de/download-adwcleaner/
Junkware removal tool http://filepony.de/download-junkware_removal_tool/

----------------------------------------------------------------------------------
Kaspersky (root)

TDSKILLER - http://filepony.de/download-tdsskiller/

(Even though MB Anti Rootkit and Kaspersky TDSKILLER will find certain kits, it is sometimes wiser to just start again.)


After getting those tools


1. If the system is not booting normaly anymore (BKA/GVU trojan) Any other problems it is highly suggested that you load windows in safemode
safemode with command prompt to be exact.

2.Make a restore point or better make a systemimage as backup!
Now you can launch OTL.exe as Admin and make a logfile for me or ~
~When done run Malwarebytes Antimalware you can run antiroot aswell, you can either go and delete the findings or gimme a pm with the log.txt report first.

However if you feel im not trustworthy/ or you do not have enough time to do so you can simply delete all of that nasty shit.
(since you have made a backup)

3.Now since you reported trouble with your browser:
Run AdwC+Junkware Removal these are your friends when it comes to that.
Even if you had run AdwC already run it in savemode... and make sure it is updated or at least the latest version of it

If the Problem persists = open the browser without the cable plugged
clean the cache temp cookies and so on.
Now Chrome: C:\Users\[USERNAME]\AppData\Local\Google\Chrome\User Data\Default\Cache
IE: C:\Users\USERNAME\AppData\Local\Microsoft\Windows\INetCache
Or C:\Users\<your user name>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5.  (once you reach this folder you will find a number of folders ) like kjnwxiunis and so on, feel free to delete them all. 
Firefox: 
google said you can find the folder if you enter this in the URL =  about:cache?device=disk

IF a folder can not be deleted it is because your browser is still open or because there is a protected file sitting in one of them.
If so let me know the filename and i will tell you how to proceed.

I just list these extra because i will from now on use copy and paste...

Sometimes nasty stuff will not be deleted through the settings in your browser navigate to the folder above and delete it. (Shift+del)

Uninstall your browser and install the newest version.

----------------------------------------------------------------------------------

May i ask what protection you have for your system? Since it might be time to get something better.


 

on Jan 03, 2015

Of course, more often than not, it is simply faster to wipe your drive and re-install Windows than to jump through the diagnostic hoops.

on Jan 03, 2015

Constant redirects and popups does sound like a browser add-on.  I would direct your attention there as previously suggested. 

I know lots of folks like to use browser add-ons and some can be very helpful others just get added in when you download a new piece of software or probably go to a site, most of use fail to check for them, myself included. 

on Jan 03, 2015

Chrome has NO extensions or ad-ons installed. I can't wipe the computer, it's not mine. Internet settings under LAN settings are just what they should be. No new software installed, that requires a password I do not have. 

on Jan 03, 2015

Did you see post #10 ?

You said when in chrome you get constant redirects and popups.
Did you yet check the number of selected startuppages ? And search engines selected.

If not go to properties /then rider "settings"/
You have three options here under "At Start" you can choose if you want a new empty tab opened or the last page visited or you can define a page
Press define now you will see proxy underneath that option if you have a proxy addon installed it will show it automatically as selected you can also deactivate it right there 
underneath the proxy thingy you will have
display-characterizeation im not sure what it is called in english
make sure that the checkbox "show startpage" is selected if not check it.
select your startpage by clicking change
select one

On "Search" select a searchengine of your choice 
Scroll down until you read show advanced settings
there are bunch of checkboxes make sure the Phising and Malware protection is checked.


If all doesnt help you will also find a button at the very bottom that will reset the whole settings to default. But there is realy normally no need to do that.
Im still waiting for an answer about what protection software is installed.

Also i would like to know how many Addons are installed and what kind.
Since in the first post you said 

So on the machine I use everyday I have an issue. I use Chrome. When in Chrome, I get constant redirects and popups. 

While one post before this one you said "I can't wipe the computer, it's not mine.
 
 

on Jan 03, 2015

So I will take it kona that even though you said no extensions or add-ons are installed you did check?  If that's the case then it would seem that the only recourse that you can suggest to the owner of the computer is to do a restore, if one is available or in worst case a wipe and clean reinstall of the OS. 

I went and re-read your posts kona.  Are you attempting to repair this computer or do just have the use of it?  I understand you don't have the proper passwords to install any software but did the owner install something?

 

EDIT:  Here is another thought, you listed in the OP the software you ran to try and find the maleware.  Were they tried in normal or safe mode?  If you didn't try safe mode you might give that a try.