Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How do I remove Go.Redirectro.com malware ? ( Ads, getting redirected

Started by Vladimir123 , Jul 28 2017 08:20 AM

  • This topic is locked This topic is locked

#1
Vladimir123
Posted 28 July 2017 - 08:20 AM

Vladimir123

    Member

  • Member
  • PipPip
  • 50 posts

Hello,

 

Recently I needed to install a voice pack for Balabolka ( a " text to speech " type of software ) and now apparently I infected my computer with malware.

As soon as I pressed " run " on the voice pack to start the installation, it installed itself fast and then closed.

 

This happens only in Google Chrome, Mozilla Firefox doesnt have this problem.

 

Basically, when I try to search something ( Google is my default search engine ), there's a " Go.Redirectro.com " text that shows up just before I get redirected to Yahoo search bar.

When I select some text I get a new window ( ads ), but fortunately AdBlockerPlus deals with it and shuts it immediately.

However, there are some ads that ABP just cant deal with, just like the ones I get when browsing this forum ( I cant even see threads/ sections, I only see ads, see the picture attached bellow ).

 

I also often get a  "  Error: can't open redirects.log file (webmaster800H)

 Possible reasons:
1) cron is not working (read FAQ)
2) there is no urls in this scheme
3) there is no such scheme or user " error

 

 

What I tried to do is:

- Ran a full scan with Avast ( startup scan too ), nothing found

- Ran a full scan with MalwareBytes, malwares were found and removed ( but I still have this ads and redirections problem on Google Chrome only )

- Used Rkill, nothing found.

- Used the Google Malware Removal Tool, nothing found

- Reset Google Chrome, still the same

 

Also, there is nothing left in the extensions list on my browser, just like there is nothing related to this in the Control Panel installed programs area.

 

This is very annoying and I dont know what else I could do to fix this problem, I would really appreciate getting some help here.

 

Thank you.


Edited by Vladimir123, 28 July 2017 - 08:28 AM.

  • 0

Advertisements

#2
zep516
Posted 28 July 2017 - 11:32 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Vladimir123
Posted 28 July 2017 - 01:48 PM

Vladimir123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Hello zep516, thank you very much for your reply.

 

I downloaded and ran the " Farbar Recovery Scan Tool ", the results are down bellow

 

FRST

Spoiler
 
Addition
Spoiler
 

  • 0

#4
zep516
Posted 28 July 2017 - 04:08 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2714493661-2863898918-2717460623-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2714493661-2863898918-2717460623-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2714493661-2863898918-2717460623-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2714493661-2863898918-2717460623-1000\...\MountPoints2: {e1e4b075-6d34-11e5-834e-002421ef3431} - E:\setup.exe
HKU\S-1-5-21-2714493661-2863898918-2717460623-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2389504 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2714493661-2863898918-2717460623-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2017-07-28 13:01 - 2017-07-28 13:01 - 0635919 _____ (ryyiwohJJ3LBT2UmL0jP                                        ) C:\Users\MSI\AppData\Local\Temp\browmodule.exe
2017-07-28 13:00 - 2017-07-28 13:00 - 0349384 _____ () C:\Users\MSI\AppData\Local\Temp\msclean.exe
2017-03-15 20:12 - 2017-03-15 20:12 - 14456872 _____ (Microsoft Corporation) C:\Users\MSI\AppData\Local\Temp\vc_redist.x86.exe
2016-11-12 17:18 - 2016-11-12 17:18 - 0000008 _____ () C:\Users\MSI\AppData\Roaming\00000602001520
2015-12-16 01:03 - 2015-12-16 01:03 - 0000054 _____ () C:\Users\MSI\AppData\Roaming\updater.cfg 
2016-05-17 07:40 - 2016-05-17 07:40 - 0000000 ____H () C:\Users\MSI\AppData\Local\BITA351.tmp
2016-01-15 19:24 - 2016-01-15 19:24 - 0000003 _____ () C:\Users\MSI\AppData\Local\updater.log
AlternateDataStreams: C:\ProgramData\Microsoft:B3Go8uX5qWtMBz79i9 [2142]
AlternateDataStreams: C:\ProgramData\Microsoft:lm3RkfyQ6er0bxLghryTaNTg [2020]
AlternateDataStreams: C:\ProgramData\Microsoft:YhQACfdgt6mrLVUJlwT2nXp [2224]
AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C [131]
AlternateDataStreams: C:\Users\MSI\AppData\Local\qOYT9SlngdTo6:LBkTeOmwrkdaPJ8zpS [1944]
AlternateDataStreams: C:\Users\MSI\AppData\Local\Temporary Internet Files:Wj4j7EpPXkTpsQrDCCBXjnC [2128]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Hi! My name is zep516 and Welcome to Geekstogo!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


    Next

    Download AdwCleaner from here. Save the file to the desktop.
    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    iO5EZayK.png
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be moved to Quarantine.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
    Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Post the :
Fixlog.txt
AdwCleaner log
JRT log
  • 0

#5
Vladimir123
Posted 28 July 2017 - 04:42 PM

Vladimir123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thank you very much for your help, I really appreciate it.

 

Fixlog.txt

Spoiler
 
AdwCleaner log
Spoiler
 
JRT log
Spoiler

  • 0

#6
zep516
Posted 28 July 2017 - 04:49 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

If the Chrome browser is still having problems we will need to reinstall it following these directions

Uninstall / reinstall Chrome

1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
3.Click Programs and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

If you have Bookmarks that you want to save, you want to do that first.

Export / Import Bookmarks. https://support.goog...wer/96816?hl=en

Then reinstall Chrome from here-->http://www.google.com/chrome/
  • 0

#7
Vladimir123
Posted 28 July 2017 - 05:19 PM

Vladimir123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I had to reinstall Google Chrome, but at least doing so made this problem go away. FINALLY !

 

Thank you very much for your help zep516, you are great.


  • 0

#8
zep516
Posted 28 July 2017 - 05:21 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#9
Vladimir123
Posted 28 July 2017 - 05:30 PM

Vladimir123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Alright, here's the text report

 

Spoiler

  • 0

#10
zep516
Posted 28 July 2017 - 05:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Well done an happy surfing. This topic is closing now. Thank-you for using the forum today.


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP