Jump to content

Pushwhycom Pushame.com Pushgaga.com etc. chrome redirects


Recommended Posts

Hi,

I have been getting the pushwhy.com, pushame.com, pushgaga.com redirects very frequently on a majority of the sites I visit.

These are not the only redirects though. Other random links come up too.

I ran malwarebytes scan but it didnt detect anything. I downloaded Spybot, Microsoft malicious tool, adaware but nothing could find anything wrong.

Attached are FRST.txt and addition.txt files from my Farbar Recovery Scan Tool.

I already removed all extensions, cleared all cookies and history, reset my chrome to default settings, even uninstalled and reinstalled chrome - also deleted all chrome folder in windows appdata. Nothing helped.

Its only happening in chrome. Please assist.

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Let me know if the problem persists.

Link to post
Share on other sites

On 2/23/2019 at 9:28 PM, nasdaq said:

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Let me know if the problem persists.

Hi Nasdaq,

Thank you for your reply.

If my chrome sync is OFF, then do I need to read any further in the link you have provided?

I never keep my chrome sync ON, it is always OFF.

Link to post
Share on other sites

5 minutes ago, MediaOne said:

Hi Nasdaq,

Thank you for your reply.

If my chrome sync is OFF, then do I need to read any further in the link you have provided?

I never keep my chrome sync ON, it is always OFF.

and yes, the chrome reset instructions that are in that link are already done.
chrome search engine, homepage, startup page, everything has been checked.

Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

thanks.

i just read the fixlist you have given.

Looks like you have a feeling the jpfpebmajhhopeonhlcgidhclcccjcik extension is the problem.

That is a valid extension called Speed Dial and Malwarebytes has already confirmed its not a PUP/malware. Please check this: 

Are you sure you want me to run the Farbar fixlist with that? I dont want to lose my customized extension.

Please let me know.

 

Link to post
Share on other sites

Hi,

Thank you for the information.
I checked and it's a false positive.

Delete these lines from the Fixlist.txt and save the file.

CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"


CHR Extension: (Speed Dial 2 New tab) - C:\Users\ganat\AppData\Local\Google\Chrome\User Data\Default\Extensionse.

Link to post
Share on other sites

Thanks Nasdaq, besides these 2 FPs, there is nothing left in the fixlist to be fixed.

The anydesk.exe FirewallRules is a "No File" which doesnt exist anymore.

I may be wrong in my understanding of how FRST works, but in my logical reasoning, if fixlist doesnt tell FRST to fix something, it won't be able to resolve the problem.

Please advise.

 

4 minutes ago, nasdaq said:

Hi,

Thank you for the information.
I checked and it's a false positive.

Delete these lines from the Fixlist.txt and save the file.

 

 

Link to post
Share on other sites

Hi,

We tried everything but:

Your copy of Chrome has probably been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

Link to post
Share on other sites

33 minutes ago, nasdaq said:

Hi,

We tried everything but:

Your copy of Chrome has probably been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

i really appreciate your efforts to help sir. But I had already uninstalled chrome and reinstalled before I started this thread.
But the redirects came back with the new install. I hadnt even reimported my bookmarks or anything to be completely safe. I had even manually deleted all related chrome folders in my program files and Appdata before reinstalling.

But not sure how it again messed up. Can malwarebytes come up with a really good solution to here please?

Link to post
Share on other sites

3 minutes ago, nasdaq said:

Are you still with us?

I am but unfortunately, your last reply didnt help much, since you again suggested disabling chrome sync, even though Ive told that I never keep chrome sync ON.
Even when reinstalling Chrome, I do not turn on Sync, so that is out of question.

I am still getting redirects and another one that is bothering me a lot is called humparsi.com.

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets reset these settings.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If Malwarebytes still blocks these attempts please post the log for my review.

fixlist.txt

Link to post
Share on other sites

1 hour ago, nasdaq said:

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets reset these settings.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If Malwarebytes still blocks these attempts please post the log for my review.

fixlist.txt 1.43 kB · 2 downloads

thanks, heres the fixlog.

Fixlog.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.