Jump to content

GOAC (Gocloudy) Cross-Browser Redirect Virus Help


Recommended Posts

Dear Sirs,

I'm struggling with a very weird form of redirect virus (page name appears to be GOAC before the redirect happens) which is taking place on all of my installed browsers. Reinstalling chrome and firefox didn't help. Happens on Microsoft Edge as well. 

I tried full scanning using Malwarebytes, Windows Defender, Kaspersky's Toolkit scanner tool, and no threats were found. 

The redirects are frequent and happening across all my browsers, any help would be greatly appreciated. 

Thanks in advanced,

PS: Using windows 10 home edition. 

Link to post
Share on other sites

  • Staff
 
Hello Vinchenzo
 
I would like to welcome you to Malwarebytes support, my name is William and I will be helping you out today.

.

In order for us to get started on your problem, I will need to get a couple of diagnostic reports from the computer to help me see where the problem could be and help me decide the best way to start.

Please download " Farbar Recovery Scan Tool (FRST)" from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move them to the desktop.)
.

Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.

.
For 32-bit (x86) editions of Windows: >> FRST.exe <<

For 64-bit (x64) editions of Windows: >> FRST64.exe <<

 

 

.

  1. Run the “FRST” download that works on your computer
  2. When the tool opens click Yes for the disclaimer in order to continue using “FRST”.
  3. Under the section called “Whitelist” make sure all boxes are checked
  4. Under the section called “Optional Scan” I would like you to have a check mark next to “Addition.txt”
  5. Press the Scan button.
  6. When the scan is done, it will save the reports to the same location as FRST (if you had saved “FRST” on your desktop, then the reports will be saved on the desktop).
  7. Please attach the “FRST.txt” and the “Addition.txt” log file to your next reply to me (it is best if you do not copy and paste it into an e-mail).

.

.
It would be better for you and for me if you can attach the reports to the email instead of copying and pasting them, the email system changes the format of them and makes them very hard to read.
.

If you are not used to attaching files to e-mails, then just look for a button in the toolbar above where you write your message that has a paperclip icon, and that should be the attachment button. You can also get the idea on how to attach files to an email from watching this video – >> How to attach files <<

.
When you reply back to me you should have Two reports for me
FRST.txt
Addition.txt

Please note : If you cannot download the programs from the links above then use these links

For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe
For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

Link to post
Share on other sites

Update: Since today it seems that while visiting random websites (legit, safe ones, like Blizzard main website, or other big websites) I'm getting a Google Safe error. It's always the same error regardless of the website I visit. Below is a copy of the error: 

 

The site ahead contains malware

Attackers currently on cdn.tongjii.us might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).

 

The message doesn't really change with the website. Same message. Perhaps this is related to the redirect malware I have, felt like you should know. 

Link to post
Share on other sites

  • Staff


I will do some checking just to be sure but I do not think it will fix your problems but we will rule it out anyway
.

The first program that I would like you to run is “Junkware Removal Tool”:

.

  1. Download “Junkware Removal Tool” and save it to your desktop. >> JRT.exe <<
  2. Shutdown your antivirus to avoid any conflicts.
  3. Right-mouse click “JRT.exe” and select Run as administrator
  4. If prompted by the UAC select Yes
  5. The tool will open, press Any Key to start the scanning
  6. Please be patient as this can take a while to complete.
  7. On completion, a log (“JRT.txt”) is saved to your desktop and will automatically open.
  8. Please attach “JRT.txt” to your next reply

.

The next program that I would like you to run is “AdwCleaner”:

.

  1. Download “AdwCleaner” and save it to your desktop.>> AdwCleaner <<
  2. Shutdown your antivirus to avoid any conflicts.
  3. Right-mouse click “AdwCleaner” and select Run as administrator
  4. Click on I Agree at the Terms Of Use
  5. When “AdwCleaner” opens I want you to click on Scan
  6. After the scan has completed I want you to click on Cleaning
  7. At the information screen click on OK
  8. Once done it will ask you to reboot, allow the reboot – it is very important
  9. After the computer restarts a report will be open, Save this report to your desktop and attach it to your next reply

.

Once both programs are complete then reply back to me with the two reports and remember to let me know how things are doing.

.
The Reports that I will be wanting are named.
JRT.txt
AdwCleaner[S0].txt

.

.
If you cannot download it from the links above then please use these links

Junkware Removal Tool – http://downloads.malwarebytes.org/file/jrt
AdwCleaner – https://toolslib.net/downloads/finish/1/get/MtP2wJKYTkhmJX1N1UVA8hGn09bIvEa7/

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

 

Link to post
Share on other sites

  • Staff

At this time, I would like you to check things out with the computer and let me know if you still have the same issue or if there is something else you would like me to check out for you while we are still here.

.

I would also like you to rerun “FRST” for me again and send me the new report for me to check over.

If you cannot find where you saved “FRST” the first time then here are the links again for you.
.

Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.

.
For 32-bit (x86) editions of Windows: >> FRST.exe <<

For 64-bit (x64) editions of Windows: >> FRST64.exe <<

.

  1. Run the “FRST” download that works on your computer
  2. When the tool opens click Yes for the disclaimer in order to continue using “FRST”.
  3. Under the section called “Whitelist” make sure all boxes are checked
  4. Under the section called “Optional Scan” I would like you to have a check mark next to “Addition.txt”
  5. Press the Scan button.
  6. When the scan is done, it will save the reports to the same location as “FRST” (if you had saved “FRST” on your desktop, then the reports will be saved on the desktop).
  7. Please attach the “FRST.txt” and the “Addition.txt” log file to your next reply to me (it is best if you do not copy and paste it into an e-mail).

.

When you reply back to me you should have Two reports for me and I need you to tell me how things are doing.
FRST.txt
Addition.txt

.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

 

Link to post
Share on other sites

Hello William,

The problem(s) I was having still persist. I'm still getting random redirects to goac or maxonclick, showing me random ads. Also getting that cdn.tongjii.us Google malicious website warning on many legit websites and stuff.

Attached are the two reports you requested, hoping a solution is in the horizon.

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Staff


I would like to clear the Cached Data and files from Edge

  1. Click the Hub icon . (the three horizontal lines upper right)
  2. Click the History icon . (Clock looking icon)
  3. Click the link labeled “Clear all history”.
  4. Check the boxes for each item you want to clear.
  5. Click the Clear button. The message “All Clear!” will appear at the top when the data has been erased.

The two main ones that I would like cleared are “Cookies and saved website data” and *"Cached data and files"

Please restart the computer for changes to take effect

.

https://www.wiknix.com/how-to-clear-cache-and-cookies-in-microsoft-edge-browser/
.

Regards,

William Rowland – “Gringo_pr”
Customer Success Specialist & Malware Removal Specialist

Link to post
Share on other sites

Hello there Gringo, 

I've done that and the problem still persists. I'm still getting redirects on all three browsers. Cleared twice and restarted twice. 

If it's happening on all browsers does that mean it's a rootkit or something even more serious than a simple redirect malware?

Link to post
Share on other sites

  • Staff

Hello

 

 

I would like to rule out the router just to be on the safe side. We can do this pretty easy by setting some of the settings to point to a known good DNS server. Even if this does not solve the problem you can keep it at these settings.
 
I would like you to set the router's DNS settings to point to *"Open DNS"*.

You can see how to do this with pictures here . - "Router Settings":https://support.opendns.com/forums/21618374-Router-Configuration-best-for-home-use

Just pick which router you are using and follow the instructions listed using the settings that they provide for your router

 

Link to post
Share on other sites

Hi there, I changed the DNS settings on my router and tested for 2 days or so and the redirects are not disappearing. Still happening on all browsers, and Google Safety browsing still detects that many sites i visit are full of malware and now the redirects are also taking me to new sites like (http://cdn.tongjii.us/tongji/tongji.js). 

I also went on the open dns welcome page to verify I was using their DNS, so apparently it's not DNS related. This sure seems like a headscratcher. Not sure what to do tbh. 

Link to post
Share on other sites

Hey there, I've done that and tested it for a while and the redirects/malware alerts are still happening. I also feel like my computer is getting less responsive at times etc.. Is there no way any virus/malware detection software can help me? do I have an unknown strain or what's happening exactly? I'm not really sure how I should go about dealing with this. Your help so far is greatly appreciated of course.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.