Approx 30 minutes ago, I had what appears to be a security breach. While browsing the THG forum, I had 3 new tabs randomly open. 2 of those tabs were for the website readsurvey.com and the 3rd tab was for hotchatdate.com. The pages did not load from ads on THG as I had my adblockers enabled due to the excessive number of intrusive ads that THG displays. I changed the DNS settings in my router to Norton's ConnectSafe DNS and blocked the offending sites, all within my router's configuration. The readsurvey site is still completely accessible, even though my router is configured to block it. While I was typing this post, I had 2 more tabs opening for the website lp.ilividnewtab.com/ Any assistance would be greatly appreciated. I have BitDefender Total Security 2015, Malwarebytes Antimalware Premium, McAfee SiteAdvisor and multiple tracking protection lists in IE. This "issue" seems to be affecting both IE and Chrome. I've run Emsisoft Emergency Kit to scan for malware, but it came back clean. I'm seriously at a loss here. Short of wiping both my harddrives, I'm running out of ideas.
Well, what I said won't solve your problem. But the thing is, I don't use any kind of malware, virus or anything-bad-from-internet protection. I have the firewall in my router enabled, and that's it. I used to have Malwarebyte's AntiMalware and two others running every week, and they found one or two things. For about 8 years I haven't been using anything. One or two (maybe more) months ago I decided to download Malwarebyte's AntiMalware just to check, and it found nothing. Firefox, AdBlock, Ghostery and (if you have enough patience and knowledge) NoScript are enough.
LOL? Did you not read his post? He has an AV running, along with several scanning programs, was visiting a trusted site, and STILL got infected. How people can believe this garbage to this day is beyond me.
You're right. That doesn't help with my problem. I can't even find a point of infection. That's the worst part.
I had a small issue recently with a webpage opening on startup, the webpage itself redirected to an attack page, ad block mostly took care of it though and closing it made it go away and not come back. It was under msconfig under the name "windows operating system", and shortcutted to opening a weblink on my browsers. Removing that wasn't just it. It was also in regedit, hidden away, I had to search for the website url to find and remove it. Basically, check that these sites aren't all coming from the same URLs and search for them in regedit, see if you can find them. Antivirus turned up nothing on this one btw. Only a google search of the site URL did.
Just a thought..... something has been written into the registry and becomes active when something in particular runs, you probably won,t see it as a running process. I would try scouring through the registry manually to see if anything strange is sitting in there. Not always picked up by scanners.... pretty much agree with scatman839
Reset your browser, also sounds like you may have a rootkit. Boot into safe mode with networking and run hijackthis along with adw cleaner. Dont forget to paste the hijackthis log into hijack analyzer.
One of the sites popping up being a survey site pretty much always comes back to malware. What have you downloaded and installed in the last while. I remember reading that there are fake 3DS emulators that do just what you described, there was also a free VPN service posted in the free software thread that did the same thing, even after it was removed.
The last things I installed were AutoCAD and SketchUp.... I've been working on designing a new desk and PC case. I decided to finally do scale drawings with measurements and everything. I tried to use AutoCAD for Chrome, which kept resulting in my computer locking up. I tried in Win8.1 and Win10, both with the same result. That's why I installed SketchUp, which I found isn't capable of doing what I want, how I want. So, I installed a trial version of AutoCAD, which I've quite familiar with. That was Sunday. This crap started happening Monday night. @brunopito - the 3 websites that keep opening new tabs are in the OP...
if i were you i would try to boot into safe mode and start scanning the system with Malwarebytes Chameleon feature, it's somewhere in the Malwarebytes Anti-Malware folder, just start it as admin and hope it finds something.
This issue spanned 2 Windows installs. It initially occurred in Windows10TP. I rebooted after Win10 locked up trying to configure router settings. Then it re-occurred in Windows8.1 while I was configuring my router. Windows10 has a problem with locking up while trying to fill in form data. Not sure what's going on with that. The browser being used appears to make no difference at all. I'll give the suggestions made a try when I get home. I'm at work right now. If anyone else can think of something that might work, go ahead and post. I'll try anything that doesn't result in a complete loss of data. I'm trying to keep that as a last resort for now.
Check your IPV 4 DNS settings. I know you changed your DNS settings in your router but this will override them if set. Run these cleaners: AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ JRT http://www.bleepingcomputer.com/download/junkware-removal-tool/ RogueKiller http://www.bleepingcomputer.com/download/roguekiller/
Got all 3 on a flash drive already from a computer I was working on last week. I've also got a flashdrive with bootable BitDefender. I've only got 1 desktop left running Windows and this is making me think about swapping it to Linux as well. Here's my current idea.... Pickup a PCIe network card and configure OpenSuSE as a Firewall to sit between my ISP provided router and my own router. Configure OpenSuSE with the acceptable DNS settings and let it handle all connections to the internet.
If two windows installs got infected, IMO it's either a rootkit or on some program / USB / DVD you're installing from I have heard a few people complaining about Chrome popping up ads the last few days, but if it's happening with IE too... Avast free has a great boot time scanner, Id try a rootkit scanner too
The problem with Avast is the need to install it first. I'll start with BitDefender bootable when I get home. From there, I'll run Chameleon, RogueKiller, ADWCleaner and JRT. If they all come back clean, I'll install Avast and let it have it's way with Windows. If all else fails, I'll reload everything. I'm using my free time at work to play with new security measures. If there's no obvious conflicts, I'll employ the new measures after fixing the current issues.
^ In such case you should try rescue CDs from AV companies. I know ESET, BitDefender and Kaspersky offer free ISO. I really like BitDefender`s one. Also you can spy after browser with the help of Procmon.exe to see: - what files it loads and reads at start; - what registry keys and values it reads at start; - what network activity it issues at start.
