JS redirect links on Microsoft Edge browser

[kristinb10]

Thank you. I already changed the DNS server when I was waiting for your response last week. I completed step 3, and turned off the push notifications. Attached is the fixlog.

Fixlog.txt

[AdvancedSetup]

Thank you for the log. The fix ran well and also found and fixed some other Windows issues.

Windows Resource Protection found corrupt files and successfully repaired them.
 

 

Please run the following

Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/
 

[kristinb10]

Thank you. attached is the log.

SecurityCheck.txt

[AdvancedSetup]

Please update the following software @kristinb10

• Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 v.14.32.31332.0 Warning! Download Update
• Zoom v.5.15.7 (20303) Warning! Download Update

Then RESTART the computer and check for Windows Updates and install any found.

Let me know how the computer is running now and if there are still any signs of infection or any other unresolved issues.

Thank you

 

[kristinb10]

I updated Zoom, but "Microsoft Visual C++ 2015-2022 Redistributable (x64)" is asking me to install it, should I go ahead and do that? I don't know what it is or that I had it. Thanks.

[AdvancedSetup]

Yes, please go ahead and install the Visual C++ runtime update

 

[kristinb10]

Ok I installed both of those. I checked for Windows updates and this update keeps failing. It has been for awhile now and I am not sure what to do about it.

[AdvancedSetup]

Let's go ahead and run one more antivirus scan.

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 

Select the     Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt   Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.   That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed...   Thank you

 

 

[kristinb10]

There were 2 files, hope these are correct.

report_2024.03.20_15.53.39.klr.enc1.txt report_2024.03.20_13.34.23.klr.txt

[AdvancedSetup]

Yes, that is correct. Nothing was found.

 

How is the computer running now?

Are there still any signs of infection or any other unresolved issues at this time?

 

 

 

[kristinb10]

Ok thank you. Is there anything I can do for that windows security update to successfully update?

My computer seems to be running okay but I still have the suspicious links as bookmarks on my Microsoft edge browser. I’d like to get rid of these bookmarks or Edge completely… I can send a pic of them if you’d like. I am just concerned because my research on this issue leads me to the info below. I’m not sure how these even got on my browser (and the fact that my Netflix /email was hacked a month ago). So I just want to get those removed now and be sure that my info is not being stolen.

“In order to cause an effective infection, the JS/Redirector malware may infect your computer, using various different types of websites and URLs. The way it is done is that the cyber-criminals compromise various websites that you may visit and embeds JavaScript code in them, resulting in causing the infection by simply visiting those websites. This method of infection is known as file less as there are no files that are dropped on your computer upon infection initiation. All you have to do is visit the suspicious web page.

Furthermore, since it’s a Trojan Horse, JS/Redirector may begin to perform other activities on your computer system, such as:

• Collect the keystrokes you type.
• Obtain your browser history.
• Obtain your online search history.
• Steal information directly from your browser, like passwords, etc.
• Steal financial information.

In addition to this, the malware may also update itself in order to further obfuscate itself and avoid detection on your computer. Whatever the case may be, security experts recommend that you must immediately check your computer for malware after removing JS/Redirector from your PC and change all your passwords as well as enable two-factor-authentication where possible.”

[AdvancedSetup]

Delete any shortcuts you don't like or did not create yourself.

I'm not asking you what it might do etc. I'm asking you if it's happening. The logs and scans say it's not happening do you have proof that it's happening.

The KB85034441 update fails for a lot of people. It's due to sizing of the partitions that Microsoft is having issues with. I would simply wait for Microsoft to fix it on their own as it can be potentially complex to do on your own and if you make a mistake you risk losing all your data.

 

The logs don't show every single file or shortcut on the system and names alone don't make something bad, thus I cannot just simply delete things I don't like as you may actually want them.

 

Let's try the ESET scan again

 

 

Please run the following ESET Online Scanner and perform a Full Scan

 

Click the following link to save the installer for ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get started. 
• When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
• On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
• When prompted for scan type, Click on the Full Scan button
• Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
• Have patience.  The entire process may take a few hours or more.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log and give it a name and location you remember.
• If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
• Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
• Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Please attach the ESET scan log you saved at the end to your next reply

 

[kristinb10]

Ok, attached is the log.

So, if I just delete these bookmarks that were put on my browser, will that be enough to make sure nothing else is going on in the background? I do not have proof that it is happening but that is my exact concern since these type of viruses don't usually don't show up in files. All I know is that I didn't place the bookmarks there. I never clicked on them. But it concerns me how they got there and what could be happening in the background. I attached a picture of the bookmarks and the links when you hover over them if that helps.

eset.txt

[AdvancedSetup]

Yes, the clean up of the original detection appears to have been lacking.

I assume this is Microsoft Edge?

Please clean up the browser as much as you can manually.

https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd

 

[kristinb10]

Yes, Microsoft Edge. I had cleaned up the browser before but I just did again. I cleared all browsing data and turned off a lot of settings. Not sure what else to do? Should I manually delete those bookmarks if I can?

I also noticed new items on my taskbar that I didn't put there. I have not clicked them. One of them is Amazon again.

[AdvancedSetup]

Yes, please delete all bookmarks you did not create, unpin all items on Start or Taskbar you did not create

 

[kristinb10]

Ok I unpinned the ones on the taskbar and deleted all bookmarks in Edge. These were all the bookmarks that were on my favorites, and there was another folder under "HP" that also had bookmarks that I didn't place there, if that is helpful.

 

[AdvancedSetup]

Let's go ahead and run one more scan just to be sure but I think the computer should be okay at this point. Just some left over unwanted items.

 

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

[kristinb10]

Attached are the logs. The Adw scan finds the same 2 PUPs every time.

Addition.txt FRST.txt Malwarebytes Scan Report 2024-03-22 190033.txt AdwCleaner[C04].txt

[AdvancedSetup]

Please find and remove ALL of the AVG bookmarks

Please clean Google Chrome

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Thank you

 

[kristinb10]

Ok. Is there a specific place where the AVG bookmarks are? 

Also, I'm confused about this note- exactly which steps do I have to follow before turning on Chrome sync?

NOTE: If you use Google Chrome to log in to any Google service from any other computer or profile with the same account, please repeat these steps below before turning on Chrome sync on those computers or devices as well. Failure to do this can cause issues or problems to continually reoccur. Each device must be cleaned separately.

 

 

[AdvancedSetup]

It means if you log into any other computer with Google Chrome or a Smart phone then those devices need to have Google cleaned up too.

I thought you said there were some AVG bookmarks. If they are there you can delete them.

 

[kristinb10]

Can you specify exactly which steps need to be taken on Chrome on my other devices before resetting Chrome sync? I am confused by the post. I want to make sure I understand what to do on my phone so that I don't mess things up or cause issues like it states.

Also, I do not have the option to "Reset Sync" in Chrome. Mine says "Clear Data" instead. Is that the same thing?

[AdvancedSetup]

Yes, Clear Data should be the same.

As for the phone, I'm sorry I don't have any article for that and I don't really support phones myself. I would think that there are similar methods though on the phone to clean up Google Chrome

 

[kristinb10]

Okay I will work on it this weekend