Google search keeps redirecting to Yahoo search

[HashSlingingSlasher]

Hello all, as the title sais i'm having an issue where anything I search re-directs to Yahoo search.
I've already tried using AdwCleaner and Malwarebytes to no avail. Any help is appreciated and Thank you in advance!

[Android8888]

Hello @HashSlingingSlasher and welcome back to Malwarebytes Forums.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

In first place I would advise you to read the instructions on this thread https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ and execute the steps indicated in the order listed.

Please let me know if that helped you to solve the issue.

Thank you.

Rui

[HashSlingingSlasher]

Hello Rui!

Thanks for helping, I tried doing everything on the link you gave me but nothing popped up on Malwarebytes or AdwCleaner.

[Android8888]

Hello again.

Okay, please go to this thread I'm Infected - What do I do now? read the instructions, perform the scans and attach the requested logs for my review.

Thank you.

Rui

[HashSlingingSlasher]

Addition.txtFRST.txt

[Android8888]

Hello @HashSlingingSlasher.

 

Going over your logs I noticed that you have qBittorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features

If you wish to keep it, please do not use it until your computer is cleaned.

 

 

Next,

Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the extension グランブルーファンタジー[ChromeApps版]
A confirmation dialog appears, click Remove.

 

Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
• Right-click on the FRST executable and select Run as Administrator;
• Click on the Fix button;
  
  Credits: Aura
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Please attach the Fixlog.txt in your next reply;
  

 

Things I would like to see in your next reply:

Let me know if you were able to remove the Chrome extension listed above.

Please attach the Fixlog.txt produced by FRST.

Let me know if you are still having the search redirects to Yahoo.

Thank you.

Rui

 

fixlist.txt

[HashSlingingSlasher]

I removed the chrome extension and it's still re-directing me to Yahoo.

Fixlog.txt

[Android8888]

Hello @HashSlingingSlasher.

Please do the following:

Download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

• Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
• Right-click on the file RogueKiller_portable64.exeand select Run as administrator to start the tool.
• Click Yes to accept the User Account Control security warning that may appear.
• Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
• Wait until the scan has finished. Note: This scan may take some time to complete;
• Warning: Do NOT remove any entry it found. They may not all be malicious and need to be carefully analyzed.
• Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
• Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
• Close RogueKiller.
  

Copy and paste the contents of RKlog.txt to your next reply.

Please attach also the latest Malwarebytes log and AdwCleaner log so I can take a look on them.

Thank you.

Rui

 

[HashSlingingSlasher]

RogueKiller V12.12.6.0 (x64) [Feb 26 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 03/03/2018 12:01:40 (Duration : 01:11:15)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] 9e0afbc04e7c78c7625e9456a3989c34
[BSP] 829426525b1e43bf5e6704345a850b9c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EZRX-00DC0B0 +++++
--- User ---
[MBR] e3134b7356d78d9d8e0533904210ba1b
[BSP] 3c6e2d5a04ef870c5c5cf3a294cb7485 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907176 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3906103296 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

AdwCleaner[S3].txt

Malwarebytes log.txt

[Android8888]

All logs are clean.

Okay, let's try the following:

Please visit each of the following sites and reset ALL your browsers back to default.

If you are not using one of the browsers but it is installed, then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection.

Internet Explorer
How to reset Internet Explorer settings
 
Microsoft Edge
How to Reset Microsoft Edge in Windows 10
 
Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.
 
Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

• First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
• Scroll down until you see the  button and then click it to clear your data from the server and remove your passphrase.
• Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
• Press the Windows key + R at the same time, to bring up the run dialog box.
  
  • 
    
    
  
  
• Type in (or copy/paste) the following text and press Enter:  %localappdata%\Google\Chrome\User Data\Default\
  
  

1. Press Ctrl + A to select all the files and folders.
2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them. This is what it should look like: ". This will unselect them. This is what it should look like:

   
   
   

3. With all the files selected (except for your Bookmarks!), press the Delete key and click Yes to delete the files and folders.
   

Restart your computer now and make sure there are no longer any redirects or other browser issues. Please keep me updated.

[HashSlingingSlasher]

I just restarted and after a couple tries it looks like i'm no longer being re-directed!
Thank you so much Rui.

[Android8888]

Good. You're most welcome!

You can now run a program like Personal Software Inspector (PSI) or FileHippo Update Checker or UCheck to see what programs need to be updated.

 

After performing the updates you can delete the tools used in the removal by running DelFix. This tool will be removed by itself after its scan is complete.

Follow the instructions below to download and execute DelFix.

• Download DelFix and move the executable to your Desktop;
• Right-click on DelFix.exe and select Run as Administrator;
• Check ONLY the following options :
  
  • Remove disinfection tools (this option will remove the tools used in the cleaning process).
  • Create registry backup (this option will create a backup from the Windows Registry).
  • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    
• Once the options mentioned above are checked, click on Run;
• After DelFix is done running, a log will open. I don't need to see it. Just close it.
  

 

If all is running well and to help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

 

Keep your Windows Operating System and Antivirus program up-to-date.

Keep Malwarebytes Anti-Malware (MBAM) updated and perform a regular scan to your system as it will make it harder for malware to reside on your computer.

A tutorial on using MBAM can be found here and a complete guide here

Please Note:[/color] Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Are there any more issues to address or that's all?

Rui

 

 

[HashSlingingSlasher]

That is all Rui, once again thank you for your help

[Android8888]

You're welcome.

Come back whenever you need.

Regards,

Rui

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks