Jump to content

a-znachrichten.com creates new chrome browser window on some links


Go to solution Solved by jmcging,

Recommended Posts

HI,

I've had weird chrome behavior on some, not all links. I finally was able to video it happening so I could capture the action in the new chrome header. 

Edition    Windows 10 Pro
Version    21H1
Installed on    ‎6/‎17/‎2020
OS build    19043.1110
Experience    Windows Feature Experience Pack 120.2212.3530.0

Chrome is 92.0.4515.107 (Official Build) (64-bit) - Malwarebuytes is 4.4.3.125 with latest updates. I've uninstalled Chrome, did a clean chrome reset and note Edge does not have this behavior.  I ran full system scans using Malwarebytes, Bitdefender and nothing was found.  

What happens is I click a link and it will "redirect" to a new chrome window with no control or address bar, and I finally got a screen capture of it happeneing.  In addition to the URL that is shown in teh file I attached, on some links I saw multiple "search terms" (the words I saw and then something random. The end result is the link I wanted appears on the "original" instance of chrome, and then this new "redirect" chrome window is created and after showing some activity in the header section, settles into the basic google search home page.   So I have 2 instances of chrome running, but the new one has no controls/address bar etc. 

It's happeneing to me on 40% of the links I click but almost never again once it happened once.  Bestbuy was an instance where it happened a 2nd time.  I've no idea if tere are logs regarding what a browser is doing when this happens.

I cannot really find anything on the URL A-znachrichten.com  Not sure if Chrome is broke, or I'v e got a problem or what but thought I's try and get some opinions

weird url on pop up.png

Link to post
Share on other sites

Hello.    :welcome:             My name is Maurice.

This is not necessarily a cure-all.  However, I suggest you do all the steps listed below.

I see that Chrome browser has some involvement.  One of the first things we want to do is, to NOT have Chrome 'restore' the preceding session (s).  Especially in situations like this.  And we want to Delete the cache file & the browser history.   For now, some very basics.

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.9f59b1a99e5e32db2619eeab22b5a72f.png

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

[   6    ]

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Sincerely.

Link to post
Share on other sites

Found it was an extension Messages for Google called Google Messages Launcher.  Someone analyzed the extension and  replicated my issues.  I will say Bitdefender did block the script from communicating back home. It was abandoned on Github and a bad guy turned it.

https://chrome.google.com/webstore/search/google messages launcher?hl=en&_category=extensions

Link to post
Share on other sites

  • Solution

I had not seen the detailed post above, I have to capture it to not lose it. But I stumbled onto the solution primarily after a 3rd reset of the browser and an hour of esperimenting with adding and removing extensions. THen read the reviews of the one giving me an issue and found where others had the same problem and documented it.   Posted that here after doing that to share., but  missed the above post like I said.  Thanks for the chance to get help.   

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.