Browser Redirects To Adware

Hoopjone · Jun 22, 2015

Hello!
So I am trying to clean my computer but it has taken me to a whole new level. I have tried Spybot, Malware bytes, Adware cleaner, Eset Smart Security but nothing has worked.
Pages randomly open to some oxybe website or others(AliExpress, Shorte.st) when I click on other links. The tab at the top of the browser usually reads "De Compras". I've uninstalled/reinstalled my browser and tried resetting all the internet settings back to default. There's nothing in my Programs and Features that look suspicious. It doesn't happen all the time but still, just knowing it's in there somewhere and I can't find it is driving me bonkers. any help would be greatly appreciated

Edit: It has even infected my Steam.

Edit: Turned out it was deeply rooted in my Hosts file. I deleted the old one and replaced it with a new copy. Ba-da-Bing, Ba-da-Boom! Whammy! He's on fire!, Boom-shaka-laka, FROM DOWN TOWN! thanks for the suggestions.

Paul NZ · Jun 22, 2015

Download then run adwcleaner. Then click on clean. Wait for to finish then reboot. Then run it again then click on uninstall

Since ccleaner is installed go to uninstall and startup save whats here as a txt file. Then copy and paste both of them here

i7Baby · Jun 22, 2015

See if you have something you shouldn't in Settings/extensions

Hoopjone · Jun 22, 2015

Paul NZ :

Here is the Logfile from Adwcleaner, I don't have ccleaner installed on my computer so I'm not sure what you meant by uninstalling it.

# AdwCleaner v4.207 - Logfile created 22/06/2015 at 03:08:33
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Hoopjone - HOOPJONE-PC
# Running from : C:\Users\Hoopjone\Downloads\adwcleaner_4.207 (1).exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [11506 bytes] - [19/06/2015 15:32:07]
AdwCleaner[R1].txt - [899 bytes] - [22/06/2015 03:04:44]
AdwCleaner[R2].txt - [961 bytes] - [22/06/2015 03:07:18]
AdwCleaner[S0].txt - [11264 bytes] - [19/06/2015 15:33:46]
AdwCleaner[S1].txt - [887 bytes] - [22/06/2015 03:08:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [945 bytes] ##########

Paul NZ · Jun 22, 2015

Hmm it didnt find anything. Oops I misread Adware cleaner as ccleaner lol. I didnt see the adware bit

Altho Chrome wouldnt be my choice of browser. It's like a malware magnet !

Everyone I know who uses it or has used it, has been infected or something.

i7Baby · Jun 22, 2015

Try Avast (free version). Eset isn't real good - http://internet-security-suite-review.toptenreviews.com/eset-smart-security-review.html.

Hoopjone · Jun 22, 2015

i7Baby :

No problem in there either.

As I just clicked on the "Answer" button it redirected me to one of the adware pages.

Hoopjone · Jun 22, 2015

Paul NZ :

I'm fairly adamant about keeping my system clean of any viruses. I've been using chrome for years and have never had an issue until just this past week. Usually I have no problem nipping any issue like this at the bud when it arises but this is just nuts. I've found one other person with this same problem and they just recently posted about it as well so I'm assuming he/she got it the same way I did.

Solandri · Jun 22, 2015

Check to make sure there isn't a proxy set up for your browser(s).

Also with browsers using cloud sync (Chrome, Firefox), it's possible for malware extensions to get saved to the cloud, so they reinstall themselves even after you uninstall and reinstall the browser.

If you're using Chrome, try opening an incognito window and see if you have the same adware redirect. By default, extensions are disabled in incognito mode. If the browsing is clean, then you've got some malware extension installed.

Hoopjone · Jun 22, 2015

Solandri :

No luck with the incognito mode. [strike]How do I check to see if there is a proxy set up for my browser?[/strike] Never mind; A little googling and I figured it out for myself. Will report back momentarily.

Weird, when I try to run ipconfig it opens and closes the cmd right away.

Solandri · Jun 22, 2015

Hoopjone :

Run CMD instead, then inside the command prompt type ipconfig.

Check to make sure your DNS is set to your local router (e.g. 192.168.0.1) or a known public DNS server like Google (8.8.8.8, 8.8.4.4) or OpenDNS (208.67.222.222, 208.67.220.220).

If it's set to your router, login to your router, make sure the DNS server it is using is one of the above or your ISP's (its IP address range should be similar to the gateway your router's WAN port is using, or you can use reverse DNS lookup). Actually if it's set to your ISP's, you should probably switch it to Google or OpenDNS. ISPs try to monetize your typos by redirecting you to their own landing page when you make a typo in a URL, which can get really confusing.
http://mxtoolbox.com/ReverseLookup.aspx

Open up your hosts file and make sure there's no unusual entries. It's rare for something to be added to it, but sometimes it is necessary. So rather than resetting it to default like in the below link, you may simply want to comment out any questionable entries with a # at the beginning of the line.
https://support.microsoft.com/en-us/kb/972034

Is the problem only happening in Chrome, or with other browsers as well?

You could try making a Kaspersky or Avast rescue disk, booting off it, and doing a virus scan that way. In case whatever malware you've got is so deeply imbedded it's masking itself from anti-malware software.

Hoopjone · Jun 22, 2015

Solandri :

Hoopjone :

Run CMD instead, then inside the command prompt type ipconfig.

Check to make sure your DNS is set to your local router (e.g. 192.168.0.1) or a known public DNS server like Google (8.8.8.8, 8.8.4.4) or OpenDNS (208.67.222.222, 208.67.220.220).

If it's set to your router, login to your router, make sure the DNS server it is using is one of the above or your ISP's (its IP address range should be similar to the gateway your router's WAN port is using, or you can use reverse DNS lookup). Actually if it's set to your ISP's, you should probably switch it to Google or OpenDNS. ISPs try to monetize your typos by redirecting you to their own landing page when you make a typo in a URL, which can get really confusing.
http://mxtoolbox.com/ReverseLookup.aspx

Open up your hosts file and make sure there's no unusual entries. It's rare for something to be added to it, but sometimes it is necessary. So rather than resetting it to default like in the below link, you may simply want to comment out any questionable entries with a # at the beginning of the line.
https://support.microsoft.com/en-us/kb/972034

Is the problem only happening in Chrome, or with other browsers as well?

You could try making a Kaspersky or Avast rescue disk, booting off it, and doing a virus scan that way. In case whatever malware you've got is so deeply imbedded it's masking itself from anti-malware software.

the problem has infected my Steam as well. I have yet to try any other browsers. I could dabble in Internet explorer for a little bit and I'll get back to you. also, I took a look in my host file and there's nothing really in there, however, in my hosts .old file I found quite a bit of suspicious looking things in there. would you like me to copy and paste it here?

Search

Browser Redirects To Adware

Hoopjone

Reputable

Solandri

Paul NZ

Polypheme

i7Baby

Titan

Hoopjone

Reputable

Paul NZ

Polypheme

i7Baby

Titan

Hoopjone

Reputable

Hoopjone

Reputable

Solandri

Illustrious

Hoopjone

Reputable

Solandri

Illustrious

Hoopjone

Reputable

TRENDING THREADS

Latest posts

Moderators online

Share this page