Jump to content

Redirects in Firefox,Chrome and explorer


Recommended Posts

Hi I'm having a real problem with redirects in Firefox, Chrome and now Explorer...

I'm using w10 and I think the problems started when I downloaded a file I thought was a PDF document but wasn't. I think I saw a command shell appear behind my browser for a split second and then it was gone.

Anyhow It's random, sometimes I'm redirected when a popup is activated other times when a tab for a link is created. I've noticed when I do a google search in the main window of firefox  another search bar appears above the main window. Sometimes when I click to go to a page the newly loaded page stutters before loading and the links on that page no longer highlight on rollover properly, clicking a link brings up a warning from Firefox saying the popup was blocked, in the options pulldown the address says the link goes to www.smartnewtab.com not the intended page. Denying access seems to reset the original page and now links highlight properly and clicking on the very same link takes me to the right page.
I have Bitdefender and this is always setup in the most aggressive mode, and when I realized I had a problem I also downloaded the your free version of MalwareBytes. I have scanned my drive constantly for 2 days and nothing comes up on either software. I have deleted firefox and chrome reinstalled them turned off the plugins and extensions, checked in program uninstall for unknown programs and can’t see anything obvious. I’ve gone into safe mode scanned the drive with both Malware and Bitdefender found nothing and performed a browser reset again. But the problem persists.
I tried a system restore to a date before I tried to download the PDF but came up with a (0x80070570) error although I've read this wont effect any malware.
This morning explorer just locked up completely taking several goes to close it down, it now redirects constantly.
I was reading about DNS redirects I've looked at my modem settings and they all point to the right DNS addresses for my provider, I have changed my Firefox settings options/advanced/Network/Connection/settings to "no proxy" and this seems to have stabilized the situation in Firefox. But can you help me to get rid of this adware?


Link to post
Share on other sites

Hello and :welcome:


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Yep, your PC is infected with one really popular infection nowadays.

Let me know if this fix worked for you.


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Link to post
Share on other sites

This was the infection:

AutoConfigURL: [S-1-5-21-1018089863-2072475568-2991891626-1001] => hxxp://non-block.com/wpad.dat?881981623fb6936484bff279ff1589b016113406
ManualProxies: 0hxxp://non-block.com/wpad.dat?881981623fb6936484bff279ff1589b016113406

Yes, you can continue with normal usage of your PC. 

No, this infection doesn't infect other drives.

If you didn't execute any file attached within such emails, then your other machine should be fine.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.