Webpage Opening on it's Own

For the past week I have had a this YT video open randomly in Chrome:

https://www.youtube.com/watch?v=2cXDgFwE13g

Its just a Skrillex Music video so nothing iffy.

This page will open via one of those Adfly pages.

Virus scan finds nothing and there are no extensions in chrome that ive not used before.

I cant figure out whats opening this video.

 

Have you tried to clean browser`s cache, cookies?...

 

And just reinstalling chrome as well.

Really odd one though, i've had similar but it's always been adware related and directing me to some dodgy search engine.

See if chrome has some advanced settings (like firefox's about:config) and see if you can find youtube in there.

 

Some more info on this.

I just had notepad open on its own with this in it:

Code:

<html><head><title>Wait</title><meta http-equiv="refresh" content="0; URL=http://newlux.serveblog.net"></head><body></body></html> 

And then seconds later the same adfly page opened in chrome and then linked to the same YT video.

Im going to reset chrome, unistall. Run ccleaner and reinstall and see if it happens again.

Also going to re-run a virus scan

 

Well after all that, its still doing it!

 

Could you tell what search engine gives you trouble?
Ask,Iminent..the lot?
There is a trick,Chrome or another browser put a icon on your desktop,right?
Well,the adware will add a string to the icon,launcher,shortcut to Chrome and it will open at desired webpage.
Example C:\program files\chrome\browser\searchplugins\awesomehp.xml
The simple way to get rid of these is to download Adwcleaner from BleepingComputers,run it, restart.
Give us some feedback!
Gl!

 

Well, the google chrome user files might have persisted between installs, the stuff in c:/users/dk_lightning/appdata/wherever

Have a search for where they're located and try deleting them.

Just checked as well, chrome doesn't seem to have an about:config page, because they don't want to.

Might have to give up and uninstall it and use something else.

Another one I just found is maybe a key you have on your keyboard is stuck down in some form and is scripted to open chrome at that adfly page.

Have a check with this program, might be useful http://technet.microsoft.com/en-us/sysinternals/bb963902

 

Use Revo Uninstaller,with in-depth option to un install any software,will detect and erase ALL registry and delete them.

 

Run hijack-this and see the log.

 

I dont like chrome for the reason of clearing history and cache on exit is not simple and easy like in FF you have

 

This is the best option.
Download Hijack this, run it and paste the log into Hijack analyzer.
Then take alook at what may have embedded itself into the registry, probably a rootkit.

Copy and paste the log here and click analyze.
http://www.hijackthis.de/

 

Malwarebytes, HijackThis, Spybot

Reset all browsers

Empty all temp folders

Check MSCONFIG for startup programs

Check HOSTS files for rouge entries

System Restore to before you visited that pr0n page

 

I think i got it

Using autoruns for windows I saw something that looked a bit "iffy"

There was a file in my start up folder called "Runtime.exe"

Scans of the file showed nothing wrong with it but since deleting the file that same YT page has not just opened on its own.

How very odd!

 

Left over from a virus from the looks of it.

The contents wouldn't have been dodgy, it was just trying to get ad money.

But startup folder should only run at startup though, dunno why it was doing it randomly.

 

Did you scan with malwarebytes?

 

Yes, It found nothing

 

Sounds like a rootkit, reason why wasnt being picked up possibly embedded in the registry. It allows malware to activate before your pc actually boots into windows which is why no security suites detect them. Did you try Hijack analyzer and look carefully through the findings?

 

If you still have the file they might like to know about it, send it to them perhaps.

Just don't send it to them in an email offering larger penile enhancements.

 

Here is a log from hijack this.

Nothing looks out of order from what I can see.

Code:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:32:32, on 24/07/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)


Boot mode: Normal

Running processes:
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Raptr\raptr_im.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe
C:\Program Files (x86)\Steam\Steam.exe
E:\Origin\Origin.exe
D:\Documents\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
O4 - HKCU\..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Naga\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [EADM] "E:\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncservice.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9200 bytes

 

It could be fine but id take alook at these.

C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Naga\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Spotify] "C:\Users\Naga\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

Found a problem here about it popping up crap from an FB user.
https://www.facebook.com/jessicairvineandmusic/posts/503246686369446

They are probably ok but worth looking into as they all came up as ???? and people seem to be having trouble with spotify.