For the past week I have had a this YT video open randomly in Chrome: https://www.youtube.com/watch?v=2cXDgFwE13g Its just a Skrillex Music video so nothing iffy. This page will open via one of those Adfly pages. Virus scan finds nothing and there are no extensions in chrome that ive not used before. I cant figure out whats opening this video.
And just reinstalling chrome as well. Really odd one though, i've had similar but it's always been adware related and directing me to some dodgy search engine. See if chrome has some advanced settings (like firefox's about:config) and see if you can find youtube in there.
Some more info on this. I just had notepad open on its own with this in it: Code: <html><head><title>Wait</title><meta http-equiv="refresh" content="0; URL=http://newlux.serveblog.net"></head><body></body></html> And then seconds later the same adfly page opened in chrome and then linked to the same YT video. Im going to reset chrome, unistall. Run ccleaner and reinstall and see if it happens again. Also going to re-run a virus scan
Could you tell what search engine gives you trouble? Ask,Iminent..the lot? There is a trick,Chrome or another browser put a icon on your desktop,right? Well,the adware will add a string to the icon,launcher,shortcut to Chrome and it will open at desired webpage. Example C:\program files\chrome\browser\searchplugins\awesomehp.xml The simple way to get rid of these is to download Adwcleaner from BleepingComputers,run it, restart. Give us some feedback! Gl!
Well, the google chrome user files might have persisted between installs, the stuff in c:/users/dk_lightning/appdata/wherever Have a search for where they're located and try deleting them. Just checked as well, chrome doesn't seem to have an about:config page, because they don't want to. Might have to give up and uninstall it and use something else. Another one I just found is maybe a key you have on your keyboard is stuck down in some form and is scripted to open chrome at that adfly page. Have a check with this program, might be useful http://technet.microsoft.com/en-us/sysinternals/bb963902
Use Revo Uninstaller,with in-depth option to un install any software,will detect and erase ALL registry and delete them.
I dont like chrome for the reason of clearing history and cache on exit is not simple and easy like in FF you have
This is the best option. Download Hijack this, run it and paste the log into Hijack analyzer. Then take alook at what may have embedded itself into the registry, probably a rootkit. Copy and paste the log here and click analyze. http://www.hijackthis.de/
Malwarebytes, HijackThis, Spybot Reset all browsers Empty all temp folders Check MSCONFIG for startup programs Check HOSTS files for rouge entries System Restore to before you visited that pr0n page
I think i got it Using autoruns for windows I saw something that looked a bit "iffy" There was a file in my start up folder called "Runtime.exe" Scans of the file showed nothing wrong with it but since deleting the file that same YT page has not just opened on its own. How very odd!
Left over from a virus from the looks of it. The contents wouldn't have been dodgy, it was just trying to get ad money. But startup folder should only run at startup though, dunno why it was doing it randomly.
Sounds like a rootkit, reason why wasnt being picked up possibly embedded in the registry. It allows malware to activate before your pc actually boots into windows which is why no security suites detect them. Did you try Hijack analyzer and look carefully through the findings?
If you still have the file they might like to know about it, send it to them perhaps. Just don't send it to them in an email offering larger penile enhancements.
Here is a log from hijack this. Nothing looks out of order from what I can see. Code: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 21:32:32, on 24/07/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Raptr\raptr_im.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe C:\Program Files (x86)\Steam\Steam.exe E:\Origin\Origin.exe D:\Documents\Downloads\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235" O4 - HKCU\..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe --startup O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Naga\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [EADM] "E:\Origin\Origin.exe" -AutoStart O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncservice.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9200 bytes
It could be fine but id take alook at these. C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Naga\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart Found a problem here about it popping up crap from an FB user. https://www.facebook.com/jessicairvineandmusic/posts/503246686369446 They are probably ok but worth looking into as they all came up as ???? and people seem to be having trouble with spotify.