Browser hijacker help

[Tilt]

I have bugged you guys a bit re computer security etc and finally the laptop has had a good clean-out. Start's up a lot better.

 

However i knew something was still wrong as the hard drive used to spin away and a good amount of memory / cpu being used whilst i was doing very little on it.

I got a critical update for google chrome the other day and upon researching it - xaarivkostume.net - and ensuring i did not get infected from this, i found confirmation my browser was hijacked. I slightly suspected this maybe the case.

i eventually came across malwarebytes ADWcleaner, which found among'st a few other things ask.com (iirc) in charge of my browser.

Removed, restarted and reset google settings (with help from the web) and all seems a hell of a lot quieter now.

I already use malwarebytes anti malware.

 

The only issue i have now occasionally (inc on Brisky) is when i click a post (for instance) it isn't always padlocked although is https (the page contains no links) and things are still trying to load and i have to press X to "stop loading this page". If i go back to secure padlocked page and then load again it usually comes back fully secured...........................Any ideas?

 

ADWcleaner maybe of use to someone..........and ESET online scanner has never picked this up.

 

Cheers guys.

 

 

Edited 30 June, 2017 by Tilt

[gadgetman]

What security suite have you been using? 

 

Because it clearly missed this, so I'd think able replacing it. 

 

Have you run all these in safe mode? 

 

Chrome is quite difficult to hijack these days, so you must have approved the hijack. You mentioned a critical update, but chrome downloads these automatically so I'm guessing you clicked on something promptings you to update Chrome? 

 

Install a trial of Norton or McAfee and run those. They should pick up any remaining issues. 

 

If still nothing, uninstall Chrome and reinstall it. Make sure if you sync with Google that you have 2 step verification enabled on your account via a 'clean device' before you log back in and resync your data 

[Aspman]

BHOs (Browser Helper Objects) are often missed by your standard antivirus.

 

MalawareBytes is very good at picking them up.

 

But truthfully BHOs can be a real ****** to get rid of.

[mbames]

I've seen Chrome redirect to a page and say "Critical Chrome update".  Normally when on the local newspaper sites (Dorset Echo, Salisbury Journal), so I have always wondered if the ad-stream had a dodgy flash advert in it which causes this to happen....

https://malwaretips.com/blogs/remove-fake-urgent-chrome-update-virus/

[Tilt]

Malwarebytes missed it, although i have the free version if that makes a difference? I suppose it could be less thorough.

 

mbames - the link is the one I looked at.........

 

I need to do another scan with adwcleaner to see if it has gone, hopefully for good. It is only a BHO I don't think majorly serious? Have had no security issues with banking, purchasing etc, touch wood.

 

20 hours ago, Aspman said:

But truthfully BHOs can be a real ****** to get rid of.

 

I may need further help on this...............will let you know after adw scan.

 

Cheers guys.

[Aspman]

Malwarebytes is pretty good. I don't think they skimp on the detection capabilities with the free one.

 

BHOs are still a risk and I personally wouldn't be happy to bank or shop knowing one was there.

 

When you've identified it you should be able to find a set of instructions online to get rid of the little bugger. But caution required. Many sites offering downloads to 'fix' malware/BHOs are actually delivering yet more malware so stick to reputable sites if you can and AV scan anything you do download.

 

The internet is full of ****s.

 

[gadgetman]

Do you have any antivirus software at all? 

[Aspman]

11 minutes ago, gadgetman said:

Do you have any antivirus software at all? 

 

You can get Sophos for free at home now.

 

https://home.sophos.com/

 

We pay about £80k a year for that at work.

[Tilt]

17 hours ago, gadgetman said:

Do you have any antivirus software at all? 

 

I do bud, but you will not recommend it..............mse. Rated very good for 2017 but to keep a machine clean, rather than actually find and clean it.

However, if you recall i had the issue with my mates teenage son inserting his memory stick into my machine (without asking me and before i could stop him.) whilst he was helping speed up and clean my laptop. His reply was a little suspect - saying it was "just a memory stick". He doesn't know that i know you can buy them for a fiver with malware installed to immediately take over a computer. And teenagers are most likely age to be hackers, not that he would try and rob me or that this bho was anything to do with him.

 

I also use Mwb anti malware, both updated and scanned frequently, and use Eset online scanner now and again.

 

I have ran Mwb adwcleaner this morning and seems to have got rid of it, fingers crossed.

 

Cheers guys.

[Tilt]

23 hours ago, Aspman said:

and AV scan anything you do download.

 

 

A little uneducated on my behalf, but would MSE not automatically do this using it's real time protection???

As mentioned, rated very good in 2017 for keeping a machine clean.

 

Thanks for the heads up on the BHO risks.

Cheers

Edited 5 July, 2017 by Tilt

[Aspman]

51 minutes ago, Tilt said:

 

A little uneducated on my behalf, but would MSE not automatically do this using it's real time protection???

 

 

When you assume.....

[KenONeill]

54 minutes ago, Aspman said:

 

When you assume.....

Also @Tilt

... you make an ass of you and Microsoft?

[gadgetman]

MSE was rated poorly recently (will try and find the article). 

 

Get some decent 3rd party AV suite. 

[VWD]

There's always SPYBOT which checks for browser Hijacks, and my favourite- Rogue killer , which gets rid of malware.

One thing to check is the packages offered by ISP. e.g. my ISP( PLUSNET) gives me MacAfee ( which does slow me down at start up for a little while) ,but after that sits and only intervenes if there's problems.

[gadgetman]

6 hours ago, VWD said:

There's always SPYBOT which checks for browser Hijacks, and my favourite- Rogue killer , which gets rid of malware.

One thing to check is the packages offered by ISP. e.g. my ISP( PLUSNET) gives me MacAfee ( which does slow me down at start up for a little while) ,but after that sits and only intervenes if there's problems.

Spybot isn't as good as it once was. 

 

I wouldn't  put all my trust in it

[Aspman]

I've McAfee from Plusnet but if I wasn't so lazy I'd ditch it.

 

It regularly starts sucking down 75% of CPU for no reason, the scanning engine starts up but doesn't scan. It just eats power till I kill it.

 

I'll probably try Sophos free or actually pay up for ESET or Kasperski.

[john999boy]

29 minutes ago, Aspman said:

I'll probably try Sophos free or actually pay up for ESET or Kasperski.

You could of course open a Barclays bank account and get Kaspersky for free. 

[SWBoy]

41 minutes ago, Aspman said:

I've McAfee from Plusnet but if I wasn't so lazy I'd ditch it.

I've only had a virus etc. infection once (touching wood...) and that was when using McAfee - and other colleagues have the same experience - so McAFee will NEVER go on any of our PCs again.

[gadgetman]

4 hours ago, SWBoy said:

I've only had a virus etc. infection once (touching wood...) and that was when using McAfee - and other colleagues have the same experience - so McAFee will NEVER go on any of our PCs again.

Without knowing what infection, no AV solution is 100%

 

Although the big players (McAfee, Norton, Kaspersky, Sophos etc) are the best at keeping you secure IME

[SWBoy]

3 hours ago, gadgetman said:

Without knowing what infection, no AV solution is 100%

 

Although the big players (McAfee, Norton, Kaspersky, Sophos etc) are the best at keeping you secure IME

Which is why I run two AV programs - so what one misses the other may catch. Yes I know all the advice is to only run one, but it works for me, my wife, my brother and his wife on all our Windows PCs.

 

We also run Sophos Virus Removal Tool occasionally (it takes along time to do a scan so it can't be a daily thing).

 

With that regime we have yet to suffer any infections.

[VWD]

15 hours ago, gadgetman said:

Spybot isn't as good as it once was. 

 

I wouldn't  put all my trust in it

I don't, but it does catch a few strange things. I now use my ISP provided MacAfee, which has a few other anti malware functions built in. But I also use Rogue Killer and occasionally both versions of Malware Bytes ( MBAM & MBAR) .

BUT- there's a new twist ot Ransomware- they've recognised that folk are now backing up to off line HDD ,so new method is to get in and read browser history, threatening to post on line any naughties, unless mug coughs up. Answer is to delete history, just in case .