Jump to content

rd.safewhay and etc. Chrome redirect


HearMyCry
 Share

Recommended Posts

I am a new user of this forum, so forgive me if I do something wrong. Avast security have been blocking malicious urls for about a month, every time I restart Chrome. The urls almost always consist of: http://rd.safewhay . com/speedbooster/andfile.php?brand=Opera&model=Mini 5&isp=Shaw Communications inc.&country=CA&browser=Opera Mini&voluumdata=BASE64dmlkLi4wMDAwMDAwMC1iODg3LTQwOWYtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjAzYWU4ODAwLTkxYjQtMTFlNy04NzMxLTI5NWY0MDBkZGU3NV9fY2FpZC4uYWViOTFkMWItZmU1NS00MmFjLTkyZmQtZDlkMzBhZDY3YzRhX19ydC4uUl9fbGlkLi5hNWRhYmNmNS1kYWU0LTQzMDEtODFkOS1kZTBmYTU5NTM5MzBfX29pZDEuLjA4OTQwYjJkLTk3NjktNDgzNS1iODIyLTk3MGY0NTBhN2M3YV9fdmFyMS4uODUzMzc0MjBfX3ZhcjIuLjE2MDc3MDdfX3ZhcjMuLkVOX19yZC4ubXAzLXNrdWxsXC5ceHl6X19haWQuLl9fYWIuLl9fc2lkLi5fX2NyaS4uX19wdWIuLl9fZGlkLi5fX2RpdC4uX19waWQuLl9fcGVpZC4uX19pdC4uX192dC4uMTUwNDU2MTIxMTY5NA&campid=85337420&zoneid=1607707&lang=EN&extid=15045612091614217835141384375475169 , 

http://rd.safewhay.com/speedbooster/andfile.php?brand=Opera&model=Mini 5&isp=Shaw Communications inc.&country=CA&browser=Opera Mini&voluumdata=BASE64dmlkLi4wMDAwMDAwMC1kNjQ5LTQ1MzgtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLmExZWEyMDAwLTkxYWItMTFlNy04NzNkLTlhOWYyNmJhOTI1OV9fY2FpZC4uYWViOTFkMWItZmU1NS00MmFjLTkyZmQtZDlkMzBhZDY3YzRhX19ydC4uUl9fbGlkLi5hNWRhYmNmNS1kYWU0LTQzMDEtODFkOS1kZTBmYTU5NTM5MzBfX29pZDEuLjA4OTQwYjJkLTk3NjktNDgzNS1iODIyLTk3MGY0NTBhN2M3YV9fdmFyMS4uODUzMzc0MjBfX3ZhcjIuLjE2MDc2NjNfX3ZhcjMuLkVOX19yZC4ubXAzYm9tYlwuXHh5el9fYWlkLi5fX2FiLi5fX3NpZC4uX19jcmkuLl9fcHViLi5fX2RpZC4uX19kaXQuLl9fcGlkLi5fX3BlaWQuLl9faXQuLl9fdnQuLjE1MDQ1NTU1MTMyNTc&campid=85337420&zoneid=1607663&lang=EN&extid=15045555081614217835161220493113313 , http://yxq.cejd.gdn/?v=316G3249FF&KW=1607663&s1=1504412995161421783524015416747147 ,  

http://rd.safewhay.com/look/cleanse.php?model=iPad&brand=Apple&isp=eSecureData&ip=162.221.203.97&voluumdata=BASE64dmlkLi4wMDAwMDAwNi1mMWYxLTRhNGItODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjkwMmZkODAwLThjMDEtMTFlNy04OGM3LTdjN2M5N2ZhZTdjZV9fY2FpZC4uM2E2NWFhNTAtNDU1NS00YTllLWI5ODktNGZjMTQwMTM5NTdmX19ydC4uUl9fbGlkLi43OTY5ZDViNS0wODc3LTRhMjctODY2ZC0yNTJkNWY5YjMzMDZfX29pZDEuLjAwMTA5NTkzLTU2NmEtNGEyZC1hNjdhLWIxODBhODM2ZTRhM19fdmFyMS4ud2hpc2tleS15ZWEtRDBSbXhiUEJfX3ZhcjIuLmh0dHA6Ly8xNjA3NzA3LGh0dHA6Ly8xNjA3NzA3XC5cYWRleGNoYW5nZXByZWRpY3Rpb25cLlxjb21fX3ZhcjQuLk5PTi1BRFVMVF9fdmFyNS4uUE9QVVBfX3JkLi5jXC5cY29kZW9uY2xpY2tcLlxjb21fX2FpZC4uX19hYi4uX19zaWQuLl9fY3JpLi5fX3B1Yi4uX19kaWQuLl9fZGl0Li5fX3BpZC4uX19wZWlkLi5fX2l0Li5fX3Z0Li4xNTAzOTM0ODY5MDYw ,  http://yxq.cejd.gdn/?v=316G3249FF&KW=1301619-2194861140-0&s1=15025916932732444513103493775982838 , 

http://rd.safewhay.com/speedbooster/loading.php?brand=Opera&model=Mini 5&isp=eSecureData&country=CA&browser=Opera Mini&voluumdata=BASE64dmlkLi4wMDAwMDAwMC01ZDQyLTQ5ZWItODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLmJkZjdjMDAwLTdjZDgtMTFlNy04ZWY0LTUzYjM1OWZiZjA2N19fY2FpZC4uYWViOTFkMWItZmU1NS00MmFjLTkyZmQtZDlkMzBhZDY3YzRhX19ydC4uUl9fbGlkLi5hNWRhYmNmNS1kYWU0LTQzMDEtODFkOS1kZTBmYTU5NTM5MzBfX29pZDEuLjk3MDU4Mzk5LWIwNzgtNDA2OS1hMTFiLTJhNGRiMTljZGJhYl9fdmFyMS4uODUzMzc0MjBfX3ZhcjIuLjE2MDc3MDdfX3ZhcjMuLkVOX19yZC4ubXAzLXNrdWxsXC5ceHl6X19haWQuLl9fYWIuLl9fc2lkLi5fX2NyaS4uX19wdWIuLl9fZGlkLi5fX2RpdC4uX19waWQuLl9faXQuLl9fdnQuLjE1MDIyNjg2MTU2Mzk&campid=85337420&zoneid=1607707&lang=EN&extid=15022686102732444513218970805527312 , and more. I scanned my mac with everything I had, Avast, Malwarebytes, Etrecheck, nothing worked. I tried searching for the urls like those, and found little to nothing that could've helped, since I'm not a tech expert. I am wondering if it's because of an extension. I deleted and reinstalled Chrome, but nothing worked. I am in need of assistance and hope that someone, anyone, could help. 

 

Edited by Dashke
Link to post
Share on other sites

Hi ,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being asked.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage.


  • Step # Scan with Malwarebytes' Anti-Malware
    • Download and install Malwarebytes' Anti-Malware from the link below --
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update. Update the program should this happen;
      • Navigate to the Settings > tab Protection and ensure that all the options under Scan Options turned on
    • From the Dashboard, navigate to Scan and click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on Reports > Choose the Scan Report > View Report > Export > Export to .txt file, and save the report to your Desktop.
    • Copy and Paste the contents of the log in your next reply.


  • Step # Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.


Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.