Search the Community

Greetings, I believe it started somewhere during this week or last, i'm not completely sure. At first i noticed that some of the tabs i was visiting didn't have the page title but the url between quotes. I was busy with work so i ignored it off as a chrome bug or something. Since i work as a webdeveloper, it's normal for me to sometimes go F12 and check JS console, then i noticed... Sometimes, when i load a website, the website gets loaded on a frameset, with a cryptojacking on the header. Check attached image. Thankfully, this alone doesn't do jack to me since i use Minerblock, plus i also have a lot of 0.0.0.0 redirection to known coin miners websites on my hosts file. At first i thought the obvious: Somehow i've got a rogue extension or cookie, easy. I cleared up chrome using google own instructions. But then i noticed it still happened. Also happens on firefox, IE, every single browser, even steam in-game browser is suffering from this issue. It IS a problem for mainly 2 reasons: 1) Even if i have the miner blocked, how can i be sure it's not doing something else to my computer, like tracking data before messing with the source code? 2) It's problematic and disruptive. Sometimes, every single connection i make, on a browser, on a game, gets randomly denied. i try again and it works. It's making me unable to do my work correctly; I tried running Malwarebytes, ADWCleaner, Hitman Pro... Nothing seems to stop this. Then i proceeded to my router, as it seems to be a networkwide issue; My ISP uses two DNSs: One of theirs and one from google. I proceeded to remove theirs and use only the google ones. Then i restarted router and PC. Same. i disabled uPnP, i shut down every port forward i had. i made sure both router and windows firewall were enabled. I made sure there were no Remote access enabled. I checked if there were rogue users on my router. Nothing. I have no idea what else to do. I've searched on google, didn't find any results related to what i'm facing specifically. I usually don't go out on forums asking for stuff like this, but honestly, i need help. I have lots of honest work to do and this thing is causing me a hassle bigger than it should. Extra things to add: - No, i dont have another computer to test under this network. Later today i'll ask my neighboor to connect to my wi-fi and see if the issue happens in there. - It seems to happen with every connection, even inside a game or when i'm making an ajax call, it just DIES randomly due to this stupid malware changing the header information; - SOME websites seem to be "immune" of this: Facebook, Google and Youtube. And no, it's not because https, i've seen it happening with some https websites too. - Before this happened, i remember my internet having random disconnects, i called my ISP and they said they were making maintenance. i wonder if it is possible for an ISP to do such a thing? And yes, trust me they could easily do it without consequences due it being a local town ISP where most people don't care about security issues. But i dont want to accuse them before being completely sure; - Everytime i turn on my computer, the connection icon says it's "without internet access" while it clearly works. Then after a few minutes it becomes normal. This wasn't a behaviour i've seen before this issue existed; - I tried loading my windows on safe mode with network. Same issue happens in there. One extra fun thing: NOW my router admin showed 2 connections on DHCP., Mine and an "Unknown" one. I disabled DHCP. The malware still works. - Before you ask for my FRST.txt, i'd rather not to. But if it's REALLY necessary, please provide me somewhere i can post it only for admins. It contains a lot of customer files that were trusted to me and i cannot even let people see their titles. There are too many for me to edit them out too. But if possible, i'd like to not post that. I believe that's all. Please give something for me to work here. I have no idea what to do.