Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser exploit on my new Win8. [Solved]


  • This topic is locked This topic is locked

#16
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

I wonder what did that?  Well, in any event thanks again for your help.  Here's the log:

 

# DelFix v10.8 - Logfile created 09/12/2014 at 14:12:54
# Updated 29/07/2014 by Xplode
# Username : Greg - APOSTROPHELESS
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleanerDebug.txt
Deleted : C:\TDSSKiller.3.0.0.41_06.12.2014_12.01.22_log.txt
Deleted : C:\TDSSKiller.3.0.0.41_07.12.2014_07.25.20_log.txt
Deleted : C:\Users\Greg\Downloads\Addition.txt
Deleted : C:\Users\Greg\Downloads\AdwCleaner.exe
Deleted : C:\Users\Greg\Downloads\adwcleaner_4.104.exe
Deleted : C:\Users\Greg\Downloads\Extras.Txt
Deleted : C:\Users\Greg\Downloads\Fixlog.txt
Deleted : C:\Users\Greg\Downloads\FRST.txt
Deleted : C:\Users\Greg\Downloads\FRST64.exe
Deleted : C:\Users\Greg\Downloads\JRT (1).exe
Deleted : C:\Users\Greg\Downloads\JRT.exe
Deleted : C:\Users\Greg\Downloads\OTL.Txt
Deleted : C:\Users\Greg\Downloads\OTL.exe
Deleted : C:\Users\Greg\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #6 [Scheduled Checkpoint | 12/08/2014 18:18:40]

New restore point created !

########## - EOF - ##########
 


  • 0

Advertisements


#17
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Any further questions before I close the topic as solved?
  • 0

#18
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Just how to deliver kudos beyond liking the post that solved the problem.  :spoton:


  • 0

#19
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

If you like my posts just click on the rep_up.png.pagespeed.ce.hPAGfLRh-lY8SpIK on the right side of my post(s). Thanks for the one kudo. That's really nice.

 

So - we are clear to close this topic as solved?


  • 0

#20
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Yep! Solved.  Close away.


  • 0

#21
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#22
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Please describe your problems as good as possible.
  • 0

#23
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

It's the same problem as before, but I've learned a little more.  Full description:

 

The problem occurs only in Chrome.  Chrome spontaneously opens two (and always two) tabs which direct to advertising pages.  The pages to which it redirects are generally either 1) malware pages themselves, trying to induce you to download a program, 2) scam pages which try to get you to call a toll-free number to get rid of alleged malware or 3) sketchy, scammy alleged dating sites.  Chrome need not be open for this behavior to occur.  On several occasions Chrome has opened itself and the only two tabs open are the ones which we're talking about here.  The behavior, I found out last night, travels.  When I sign in to Chrome on another machine the behavior occurs there.  It does not appear to be spreading in that other users on that same computer to which the behavior spread are not having the problem.  But it's too early to say that for certain.  I've gone through all the cures above.  In addition I've run an Avira scan, MalwareBytes and SuperAntiVirus free edition.  None has found a problem.  I've gone to various Chrome pages which seem to acknowledge that such a behavior occurs but have not been helpful in getting it to go away.


  • 0

#24
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
What do you mean with "sign into Chrome"? Do you have there an account?
  • 0

#25
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Yes.  If you sign in to Chrome with your Google ID your various bookmarks, extensions, and plugins follow you from machine to machine.  So, apparently, does this exploit.  For whatever it's worth, it does not seem to follow me to mobile devices, only to other PCs. 


  • 0

Advertisements


#26
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
So if you log into Chrome you have all Plugins installed which are related to the account. So if you log on PC A you will install all Plugins there, the same for PC B?
  • 0

#27
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Exactly.  I'm very grateful for your help but I have to wonder if someone more familiar with Chrome might be a better person to help solve this problem.

 

That said, my problem hasn't recurred today, despite me being online with Chrome for 8 hours.  I don't know if it's just a respite or if the problem has disappeared.


  • 0

#28
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Please list all Plugins/Extensions which are related to this account.
  • 0

#29
homebrew901

homebrew901

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Extensions: Adblock Plus, Avast Online Security, Avira Browser Safety, F.B. Purity-Clean Up Facebook, Google Cast, Google Docs, Google Play Music, Tampermonkey, Turkopticon

 

Plugins: Chrome Remote Desktop Viewer, Widevine Content Decryption Module, Adobe Flash Player, Chrome PDF Viewer, Native Client, Picasa, Google Update, Intel Identity Protection Technology, Wildtangent Games App V2 Presence Detector, Silverlight


  • 0

#30
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Disable all Plugins to see if Plugins are creating your problems.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP