Jump to content

Computer redirects to a random site once a week


Recommended Posts

27 minutes ago, kevinf80 said:

I`m not sure any of those fixes you quoted would help, your issue is more specific... I had a similar thread awhile back, again specific and no real reason could be found. That turned out to be down to Steam, a rogue setting was found in one of the caches. It only happened like yours at a set time.. Its frustrating for sure. If you can try another browser and the re-direct does not occur then a clean install of Chrome is probably the way to go...

Yes I will do that.  If Microsoft Edge doe not redirect within a week or two I will do a clean install of Chrome, or at least not use Chrome again.  And if Microsoft Edge does redirect, I'll reply to this thread again.

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

A clean install of Chrome is not straightforward, this is my method instructions...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en
Link to post
Share on other sites

22 minutes ago, kevinf80 said:

A clean install of Chrome is not straightforward, this is my method instructions...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

I already transferred my bookmarks and should the folder that the appdata folder is located in be the one with my name, default, or public?

Link to post
Share on other sites

So, while I was using Microsoft Edge I was browsing youtube when suddenly s.ytimg.com downloaded a Base.js javascript file that I promptly deleted.  I distinctly remember something like that happening on google chrome a while ago.  Could that possibly explain what is going on or is it benign?

Link to post
Share on other sites

Can you follow the instructions contained in the link from my last reply and block s.ytimg.....

Quote

The Way to Get Rid of S.ytimg.com


No matter what the purpose is, we are actually besieged by programs collecting our information and put at the edge of information theft, Android apps for example. Sometimes we have to use some of them but sometimes we do need to get rid of things that are so persistent and annoying even though no dangers have been found so far from s.ytimg.com. Below is the instruction to show how to get rid of s.ytimg.com.

 

 
  1. Right click on YouTube video to select Settings.
  2. In the Adobe Flash Player Setting, please check Deny and don’t forget to check “Remember”.

Next,

UNinstall Flashplayer from your system, you can get a fresh updated version from here: https://get.adobe.com/flashplayer/

Next,

Chrome does not use Flashplayer, it has it own version, PepperFlash.. Probably a clean install will make a difference...

Let me know if the problem persists...

Thanks,

Kevin...

Link to post
Share on other sites

3 minutes ago, kevinf80 said:

Can you follow the instructions contained in the link from my last reply and block s.ytimg.....

Next,

UNinstall Flashplayer from your system, you can get a fresh updated version from here: https://get.adobe.com/flashplayer/

Next,

Chrome does not use Flashplayer, it has it own version, PepperFlash.. Probably a clean install will make a difference...

Let me know if the problem persists...

Thanks,

Kevin...

There is no settings option when I right click youtube videos, but does it really matter?  It only happened once and isn't a constant problem, I just wanted to know if that base.js javascript could have been a potential explanation for what is happening with the weekly redirects, and you already said it isn't.

Link to post
Share on other sites

Javascript exploits are a typical portal for many infections, current ransomware infections are known to use that exploit. Download Malwarebytes Anti-Exploit, you can use the trial version, it will revert to the free version when the trail completes. I use the free version...

https://www.malwarebytes.org/antiexploit/

Let me know if the issue persists..

Link to post
Share on other sites

7 minutes ago, kevinf80 said:

Javascript exploits are a typical portal for many infections, current ransomware infections are known to use that exploit. Download Malwarebytes Anti-Exploit, you can use the trial version, it will revert to the free version when the trail completes. I use the free version...

https://www.malwarebytes.org/antiexploit/

Let me know if the issue persists..

I already have a Malwarebytes trial.  Does it not carry over to antiexploit?

Link to post
Share on other sites

1 hour ago, kevinf80 said:

Can you follow the instructions contained in the link from my last reply and block s.ytimg.....

Next,

UNinstall Flashplayer from your system, you can get a fresh updated version from here: https://get.adobe.com/flashplayer/

Next,

Chrome does not use Flashplayer, it has it own version, PepperFlash.. Probably a clean install will make a difference...

Let me know if the problem persists...

Thanks,

Kevin...

Apparently Flash is integrated into Microsoft Edge so I don't know if I can even uninstall it.  I can definitely disable it, but I'm not sure about uninstall.

Link to post
Share on other sites

4 hours ago, MadDemon64 said:

Apparently Flash is integrated into Microsoft Edge so I don't know if I can even uninstall it.  I can definitely disable it, but I'm not sure about uninstall.

So deactivating Flash doesn't work.  But I did notice a pattern: whenever youtube's icon in the upper left of a tab on Microsoft edge doesn't load it downloads the base.js file from s.ytimg.com

Link to post
Share on other sites

I was not aware that flash is integrated to MS Edge, although I have W10 pro I never use edge I only ever use Firefox... I cannot find any definite information to say that s.ytimg.com  or its actions are malicious, from what you explain does make it sound very suspicious... Run the following and post the results..

Run FRST one more time:

Type the following in the edit box after "Search:".

s.ytimg.com

Click Search button and post the log (Search.txt) it makes to your reply.

Next,

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit
 
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

CODE
:regfind
s.ytimg.com
*s.ytimg.*


 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Link to post
Share on other sites

27 minutes ago, kevinf80 said:

I was not aware that flash is integrated to MS Edge, although I have W10 pro I never use edge I only ever use Firefox... I cannot find any definite information to say that s.ytimg.com  or its actions are malicious, from what you explain does make it sound very suspicious... Run the following and post the results..

Run FRST one more time:

Type the following in the edit box after "Search:".

s.ytimg.com

Click Search button and post the log (Search.txt) it makes to your reply.

Next,

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit
 
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
     
CODE
:regfind
s.ytimg.com
*s.ytimg.*


 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt

 

FRST found nothing when I searched files:

Farbar Recovery Scan Tool (x64) Version:28-05-2016
Ran by Aaron (2016-05-28 18:23:37)
Running from C:\Users\Aaron\Desktop
Boot Mode: Normal
 
================== Search Files: "s.ytimg.com" =============
 
====== End of Search ======
 
and it also found nothing when I searched registry:
 
Farbar Recovery Scan Tool (x64) Version:28-05-2016
Ran by Aaron (2016-05-28 18:30:57)
Running from C:\Users\Aaron\Desktop
Boot Mode: Normal
 
================== Search Registry: "s.ytimg.com" ===========
 

====== End of Search ======
 
SystemLook also found nothing:
 
SystemLook 30.07.11 by jpshortstuff
Log created at 18:33 on 28/05/2016 by Aaron
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "s.ytimg.com"
No data found.
 
Searching for "*s.ytimg.*"
No data found.
 
-= EOF =-
Link to post
Share on other sites

51 minutes ago, kevinf80 said:

If you exclude YouTube what happens when you do general browsing, do you have any redirects or any suspicious activity..

Well so far I have yet to see anything happen when I'm not on youtube so I think Microsoft Edge just hate youtube.  And so far no redirects, but that's only on deviantart and only once a week, usually Thursday or Friday.

Link to post
Share on other sites

6 hours ago, kevinf80 said:

If the problem only seems to affect Deviantart website then it is possible that website is at fault. Can you contact the Deviantart forum, check if anyone else has same issue. We are not finding anything obviously wrong with you PC...

And Tumblr.

 

I will try to reinstall google chrome and see if that does anything.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.