Jump to content

Redirected when opening links


Recommended Posts

Hello. I'm having a problem with redirections. Everytime I click on a link (in this case aowow. org) I get redirected to suspicious sites that I'm not familiar with. Anyways I wish someone could help me. Noticed it first time just now. Tried running malwarebytes, hitmanpro etc, didn't work. I have no idea what to do.

Edited by karvapena
Link to post
Share on other sites

Hello karvapena and :welcome: Forum.

I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please DO NOT run any tools on your own and follow the directions in the order listed.

Make sure to run all the tools from the Desktop and with Administrator privileges.

 

Please follow the instructions in the link below, perform a scan with FRST and provide the two logs for my review.

I'm infected - What do I do now?

 

After performing the scan with FRST, read the instructions below to download and perform a scan with RogueKiller. Please DO NOT remove anything it finds.

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.


Please attach the RKlog.txt to your next reply.

 

Let me see the three logs (FRST.txt, Addition.txt and RKlog.txt) in your next reply.

Thank you.

Android8888

 

Link to post
Share on other sites

Hello karvapena.

Sorry for the late reply.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please DO NOT run any tools on your own and follow the directions in the order listed.

Make sure to run all the tools from the Desktop and with Administrator privileges.

With that being said let's start.


Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via right-click on Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.


I noticed that you have a malicious program installed on your system. I'll ask you to uninstall it since uninstalling such program before running malware removal tools will ensure a better clean-up. To uninstall it right-click on Start > Control Panel > Programs and Features.

  • Unigine Valley Benchmark


If you have an issue when uninstalling the program, please let me know.


Your System Restore is disabled. System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. Please read the instructions in the link below and enable System Restore on your computer.
How to Turn On System Restore in Windows 10?


Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;

 

Next,

Close all programs and browsers.
Please disconnect any USB or external drives from the computer before you run this scan!
Re-run RogueKiller; Right-click on the icon and select Run as administrator.
Click the Scan tab and then click the Start Scan button.
Wait until the scan has finished. This may take some time consuming.
When the scan completes checkmark the following entries:

Files:

[Tr.Gen0][File] C:\Users\omistaja\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found

Web browsers:

[PUP.Gen1][Chrome:Config] Default [SecurePrefs] : homepage [http://www.ask.com/?l=dis&o=100000017cr&gct=hp] -> Found

Click on Remove Selected button.
Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
Close RogueKiller.
Please copy and paste the contents of RKlog.txt to your next reply.

 

Next,

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Bleeping Computer and Aura
  • Once the scan is complete, a log will open. Please attach the log in your next reply;

 

Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;


To summarize, please attach in your next reply:
The fixlog.txt;
The RKlog.txt clean log;
The JRT.txt log;
The AdwCleaner clean log.

Let me know if the problems with the page redirects still exist.

Thank you.

Android8888

fixlist.txt

Link to post
Share on other sites

Hello karvapena.

I will ask you to read the instructions in the following links to clean the cache and history and reset your Firefox and Chrome browsers.

 

Mozilla Firefox:

How to clear browser history

How to reset Mozilla Firefox browser

 

Google Chrome:

How to delete browser history

How to reset Google Chrome

 

Next,

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.

  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.


Please attach the SVRT log in your next reply and let me know how if you are still having page redirects.

Thank you.

Android8888

Link to post
Share on other sites

Hello.

Thank you for that information.

No threats were found

This is a good sign.

Okay, let's see what is causing those redirects. I need to see a new set of logs from Farbar Recovery Scan Tool. Please re-run FRST64 as follow and attach a new set of logs.

Right-click on FRST64 and select Run as administrator to start the tool.
Click Yes to accept the User Account Control security warning.
Ensure to checkmark the Addition.txt checkbox under 'Optional Scan'.
Click on Scan button.

Please attach the two logs (FRST.txt and Addition.txt) in your next reply for my review.

Which browser(s) are you having the redirects? Can you post a screenshot of the page redirects?

Thank you.

Link to post
Share on other sites

It is registered to Elisa Oyj a Finnish telecommunications company. It appears to be the cause of the re-directions. If you guarantee that you don't trust it, I will include it in a fix.

Link to post
Share on other sites

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located);
  • Right-click on the FRST64 executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;

 

Please clear cache and cookies of all your Internet browsers.

Google Chrome:

How to delete browser history

 

Microsoft Edge:

How to Clear Cache and Cookies

 

Internet Explorer:

How to Clear Cache and Cookies

 

Please reset your Router. Unplugged the cable from the main power, wait about 30 seconds and reconnect it again.

 

How is it working now? Do you still have re-directions on Internet?

fixlist.txt

Link to post
Share on other sites

Then please do not proceed with that fixlist.

Now I will provide you a new fixlist.txt and if the problem persists I advise you to call your provider and explain the problem.

Link to post
Share on other sites

Okay I attached a new fixlist.txt to this post. Follow the instructions and use this one.

 

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located);
  • Right-click on the FRST64 executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;

 

Now clear the cache and cookies of all your Internet browsers.

Google Chrome:

How to delete browser history

 

Microsoft Edge:

How to Clear Cache and Cookies

 

Internet Explorer:

How to Clear Cache and Cookies

 

Please reset your Router. Unplugged the cable from the main power, wait about 30 seconds and reconnect it again.

How is it working now?

 

If the problem persists, try to call your Internet provider and explain to them the re-directions problem that you are experiencing including that message box.

Then, please let me know what they told you.

Keep me posted please.

Thank you.

Android8888

fixlist.txt

Link to post
Share on other sites

4 hours ago, karvapena said:

It seems like the redirects are gone now. Thanks for helping! :)

I'm glad to hear that! You're welcome! :)

Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Now you can delete the tools that were used in the malware removal process. Please proceed as follow:

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy and paste the entire content of the output log in your next reply;

Are there any issues or concerns with the computer?

Link to post
Share on other sites

Okay, if all is running well...


To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:
Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.