Jump to content

Android: chrome redirect (not same as others posted on here)


Recommended Posts

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Hello! This happened to me this morning as well. I did a ton of googling to find a solution and it was a mix and match of things. I think I've found my problem, (not sure if it'll be different fo

Hi All First post. Hopefully not too many more.  Getting redirects to numerous sites e.g. cometocleannow.com vbg.dorputolano.com rouonixon.com ....the redirect happens often wh

Hey @rosho01, @shellsort, @LopjoMeboy, @One1two, @Anon00, @TRSands, @dolceping21, @Zzudwa, @brandin09, @Doobs, @Syed01, @ferdo, @markratx, @Grifta, @jarapper, @mohan37, @SamsungUser476895673, @CloverB

Posted Images

On 12/22/2020 at 3:51 PM, rosho01 said:

btw, how did you guys find this thread? 

did you search on the same urls i posted?

I searched for the URL it was trying to open, vbg.dorputolano.com and found your posting.

Thank-you for figuring this out.

  • Like 1
Link to post
Share on other sites

I had an additional problem. Whenever I unlocked my phone, it would automatically open a Chrome browser to this garbage site.

Either way, same as above, I searched the url and found this post, and uninstalled Barcode Scanner. Problem fixed.

Thank you.

  • Like 1
Link to post
Share on other sites

I flagged this to the app's creator, and he refuses to believe that it's happening. He says that it's a clone of his app or something.

Either he's BSing, or he honestly doesn't know that someone has done something to his app. Either way, hopefully he will fix it. Only solution is uninstall for now.

  • Like 1
  • Thanks 1
Link to post
Share on other sites

I'm new to forums really so bear with me. I don't see the actual steps Anon00 posted that solved it. I checked my google activity and i see apps (formatted like app.google.function.com or com.google.helpr, etc) but I don't see anything I can do to clear/remove them.  I did delete Barcode scanner and I am waiting to see if that vbg.dorputolano.com thing returns but if there is a fix by Anon00 I don't see what it is

Link to post
Share on other sites

@mbam_mtbr
The dev is saying that he hasn't updated it since 2019, and that something else must be exploiting something in his code to push this. The result is currently the same, but this is just a heads up incase he fixes the issue then this would be mislabeled as adware in your system.

Bug report discussing this issue: https://github.com/zxing/zxing/issues/1345

  • Like 2
Link to post
Share on other sites
  • Staff
1 hour ago, Grifta said:

@mbam_mtbr
The dev is saying that he hasn't updated it since 2019, and that something else must be exploiting something in his code to push this. The result is currently the same, but this is just a heads up incase he fixes the issue then this would be mislabeled as adware in your system.

Bug report discussing this issue: https://github.com/zxing/zxing/issues/1345

Thanks for letting me know.  I'm confident that if he fixes the issues, our detection will not detect a cleaned up version.

Nathan

  • Like 1
Link to post
Share on other sites
On 1/12/2021 at 9:29 PM, Grifta said:

I flagged this to the app's creator, and he refuses to believe that it's happening. He says that it's a clone of his app or something.

Either he's BSing, or he honestly doesn't know that someone has done something to his app. Either way, hopefully he will fix it. Only solution is uninstall for now.

some of the adverts go to reputable companies (virgin media in this case, for me) - i wonder how these companies benefit from these nefarious practices w/o any consequences? bit like ads on torrent sites i guess, probably go through an agency/3rd party and absolve of all responsibility. 

 

and a Q for the mods @mbam_mtbr - how can this persons app get infected en route to being downloaded? would that not mean a bigger vulnerability in the pipeline/infra possibly impacting every app (with similar code weaknesses) which is downloaded? or is the guy talking BS? 

 

Link to post
Share on other sites

btw, when googling this issue a while back, it seems there are similar malware on other barscanner apps going back a few years - perhaps its to do with how these bar code apps are designed? and they are then infected en route to being downloaded - however this occurs, not sure.  

Link to post
Share on other sites

I got several emails directing me to specific posts but those don't say anything about what I can do.  Am I missing something?  deleted barcode scanner and went to site settings and removed all the sites listed that were suspicious, when was all but google.com and youtube.com.  I'll monitor chrome for the problem but hopefully it won't happen again

 

Link to post
Share on other sites
11 hours ago, jarapper said:

I'm new to forums really so bear with me. I don't see the actual steps Anon00 posted that solved it. I checked my google activity and i see apps (formatted like app.google.function.com or com.google.helpr, etc) but I don't see anything I can do to clear/remove them.  I did delete Barcode scanner and I am waiting to see if that vbg.dorputolano.com thing returns but if there is a fix by Anon00 I don't see what it is

 

"So I guess my solution is for you all to check your myactivity.google. com and look for when these sites popped up and what happened before or after them and then delete that app or whatever it is".

 

which bit dont you get?

Link to post
Share on other sites
  • Staff
3 hours ago, rosho01 said:

and a Q for the mods @mbam_mtbr - how can this persons app get infected en route to being downloaded? would that not mean a bigger vulnerability in the pipeline/infra possibly impacting every app (with similar code weaknesses) which is downloaded? or is the guy talking BS? 

 

It's not really getting infected in route.  What happens a lot of time is a legitimate app developer puts a free app on Google PLAY, and uses what is called an Ad SDK to gain revenue through ads.  The Ad SDK is simply a piece of code that is added into there app.  There are many good, reputable Ad SDKs that display ads within the app when it is opened.  However, sometimes these Ad SDK get a bit aggressive, and suddenly we have to flag it as Adware.  In this case, the Ad SDK must be removed with the code to not get flagged.

Another method is a legitimate app is introduced to Google PLAY, and downloaded by users.  But then at some point code is added by the app developer that displays aggressive ads.  When the app is updated, the once legitimate app now is Adware.

Hope that all makes sense,

Nathan

  • Like 1
  • Thanks 1
Link to post
Share on other sites

The entries in myactivity showed a lot of suspicious activity which I cleared and reset.  The thing is that what apps happened right before the trigger of the popups and ads was something I didn't understand. A few were Updater! but my list wasn't as clearly revealing as i believe yours is. so i was confused.

But I had checked my activity but I didn't scroll down enough to see site settings and so I very much appreciate your redicting me there. There is a site settings option in security/clear browsing history and that's where I kept going which of course didn't do anything.

Link to post
Share on other sites
11 minutes ago, jarapper said:

The entries in myactivity showed a lot of suspicious activity which I cleared and reset.  The thing is that what apps happened right before the trigger of the popups and ads was something I didn't understand. A few were Updater! but my list wasn't as clearly revealing as i believe yours is. so i was confused.

But I had checked my activity but I didn't scroll down enough to see site settings and so I very much appreciate your redicting me there. There is a site settings option in security/clear browsing history and that's where I kept going which of course didn't do anything.

do you still have a problem after uninstalling the barcode app? 

Link to post
Share on other sites

I haven't seen it -Yeah.  So my hat off to Anon00. 

Is there a safe way to test my phone  to see if their ad processes/apps are still embedded on my phone. 

As a die note, I'm getting a bit more of an understanding how a forum works!

 

  • Like 1
Link to post
Share on other sites
9 hours ago, jarapper said:

I haven't seen it -Yeah.  So my hat off to Anon00. 

Is there a safe way to test my phone  to see if their ad processes/apps are still embedded on my phone. 

As a die note, I'm getting a bit more of an understanding how a forum works!

 

well then it looks like the issue is resolved, which is good. 

run malwarebytes and/or AV scans to check for other issues. 

theres plenty of info on how to do this on here. any other issues, search these forums. 

Link to post
Share on other sites
On 1/14/2021 at 10:45 PM, mbam_mtbr said:

It's not really getting infected in route.  What happens a lot of time is a legitimate app developer puts a free app on Google PLAY, and uses what is called an Ad SDK to gain revenue through ads.  The Ad SDK is simply a piece of code that is added into there app.  There are many good, reputable Ad SDKs that display ads within the app when it is opened.  However, sometimes these Ad SDK get a bit aggressive, and suddenly we have to flag it as Adware.  In this case, the Ad SDK must be removed with the code to not get flagged......

thanks for the explanation Nathan, makes perfect sense. 

Link to post
Share on other sites

I didn't see the barcode app in My Activity, but i had the app installed and say this behavior starting today, so I've removed it with fingers crossed.  Big thanks for helping solve this issue (assuming it worked)!

  • Thanks 1
Link to post
Share on other sites
  • 2 weeks later...

Just wanted to chime in, Galaxy S8+ user, my phone all of a sudden started doing the same thing the OP said...deleted that app and so far, so good.   I did install the mobile version of MWB yesterday (before reading this thread) and it didn't pick it up though, kind of disappointing.

Link to post
Share on other sites
  • Staff

Hey Everyone,

We updated our detection to pick up more samples of Android/Adware.AdQR.FBG.  This will be effective in future database versions.  If it still isn't being detected, please send me an Apps Report BEFORE deleting so we can add/update detections.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1. Open the Malwarebytes for Android app.

2. Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.

Thanks for the support everyone!

Nathan

Link to post
Share on other sites

This started happening to my Samsung S8, I think after I used the QR code reader to bring up a restaurant menu website.

I started keeping track of the websites that were opening, and then the times.  It wasn't long before a search brought me here.

  1.        ultimate-cleaner.com    
  2.         mobiland.online    
  3.         taicheetee.com    (this one came up A LOT)
  4.         rouonixon.com    
  5. 2021-02-01    10:34:00 AM    delightcmain.xyz    
  6. 2021-02-01    11:04:00 AM    vbg.dorputolano.com   -->  25twentyday.com
  7. 2021-02-01    11:34:00 AM    vbg.dorputolano.com   -->  25twentyday.com
  8. 2021-02-01                             Uninstalled "BARCODE READER" (I think I might have installed this when I first got the phone, not realizing that the S8 came stock with a "built-in" code reader?)
  9. 2021-02-01    12:04:00 PM    No webpage spawns.    
  10. 2021-02-01    12:05:00 PM    Clicked QR Scanner from the Samsung 8 Menu Bar. The camera opens and appears to read codes as expected.    
  11. 2021-02-01    12:49:00 PM    No webpage spawns up to this point.

Thanks for the help everyone.

Link to post
Share on other sites

I never had this app : "Barcode Scanner" on my LG G5; however I get the same problem with "doportunalo". I followed your suggestions and looked in chrome history, but didn't find anything matching with any app... except Google Play Store. In desperation,  I've turned off "Google Play Store" & "Goolgle Chrome", and now I have no more ads !

Thank you guys for your help...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.