Golden Triangle Posted November 17, 2017 Share Posted November 17, 2017 Hi all, I'm hoping you may be able to help, it seems I picked up a virus a few weeks ago, I have a very good friend who is an absolute whizz with computers but even he seems to be stumped at the moment by this one. It seems to be a redirect virus, I am running Windows 10, apart from the redirect it also seems to be preventing other applications from loading fully, I will try to explain as best I can, I am not at all techie so please bear with me on this, I thank you all in advance for your help. Windows defender is running and the laptop has also been scanned by the latest fully updated version of SpyHunter4, nothing is being picked up. I had Google Chrome set up to open 3 tabs on start up, No.1 Google Chrome (from there I open my G mail account) No.2 BBC News, UK page & lastly FaceBook. Within FaceBook I play only one game, Criminal Case and my Mrs has her Candy Crush bit but that is all, maybe 6 weeks ago I opened FaceBook and clicked on the link to open Criminal Case (CC) a window opened telling me that I needed to install Flashpayer ( no mention of Adobe) there was no way to close the window apart from click on install, which foolishly I did. Now, when ever I click on BBC news and a couple of other sites I get a redirect window opening which is really really annoying. I will try and get a copy of the screenshot requesting the flash player and I will also get a screenshot of a ThaiVisa window that shows not all the ads and stuff have loaded correctly. Windows 10 has been uninstalled and reinstalled I don't know how many times as has Google Chrome, it seems that as soon as I enter my profile the bloody thing comes back again, could it have something to do with my router ?, internet provider, TMN fiber optic ? Anything at all, hoping you guys & gals can help, as the saying goes "many hands make light work". I'll put the screenshots under this initial post, thanking you in advance peeps Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 Link to comment Share on other sites More sharing options...
Slip Posted November 17, 2017 Share Posted November 17, 2017 (edited) Do a quick scan with malware bytes and post what it picks up. https://www.malwarebytes.com/mwb-download/ Edited November 17, 2017 by Slip Link to comment Share on other sites More sharing options...
petermik Posted November 17, 2017 Share Posted November 17, 2017 ADWCleaner....its a free download by Malawarebytes searches out unwanted ads Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 Just ran another scan with SpyHunter 4, this time after it it update definitions it found this "search.funsafetabsearch.com" I have removed it and have just run Malwarebytes.com, it found something so gonna go and have a look at the results. Link to comment Share on other sites More sharing options...
Here It Is Posted November 17, 2017 Share Posted November 17, 2017 Sorry, but glad my UK computer is a Mac. Never have these issues, ever. Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 This is getting above my pay grade now, I have my mate monitoring this thread so any further help is welcome, I cleaned with SpyHunter 4 and also with Malwarebytes but the beech is still their Link to comment Share on other sites More sharing options...
maxpower Posted November 17, 2017 Share Posted November 17, 2017 You mention that when you enter a profile it triggers the events after installing Windows. Can you be more explicit. Are you saying you can browse the web without issue before entering this profile. What about when you use Edge Link to comment Share on other sites More sharing options...
Slip Posted November 17, 2017 Share Posted November 17, 2017 Please post a report from MWB. Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 40 minutes ago, Slip said: Please post a report from MWB. Hi Slip, I tried to but can't find it now, I think I exported it to note pad but cannot recover it, I will try again. Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 46 minutes ago, maxpower said: You mention that when you enter a profile it triggers the events after installing Windows. Can you be more explicit. Are you saying you can browse the web without issue before entering this profile. What about when you use Edge Hi maxpower, within Google Chrome, Gmail etc you have your own profile with all your e mail addresses etc as you know, my mate had my laptop at his place, cleared it out, re installed stuff and then checked the BBC news page, MSN etc etc, all links were clean without opening a redirect, he was using his ISP and his own id, he brings it back to me, as soon as I log into Google Chrome and Gmail up it comes as bold as bloody Brass I don't know if the above makes sense to you (I hope so) as you can see from the screen shot above, that is NOT an Adobe window, and earlier today we actually went in and down loaded Adobe Flash player and that window still appears. Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 10 minutes ago, Golden Triangle said: Hi Slip, I tried to but can't find it now, I think I exported it to note pad but cannot recover it, I will try again. Link to comment Share on other sites More sharing options...
Meljames Posted November 17, 2017 Share Posted November 17, 2017 2 hours ago, Golden Triangle said: Windows defender is running and the laptop has also been scanned by the latest fully updated version of SpyHunter4, nothing is being picked up. I'd run the Malwarebytes like the above says, if that doesn't get it, run adwcleaner, superantispyware and hitman pro. You can down load free versions of them in a matter of minutes. If it's a malware problem one of them should catch it. Link to comment Share on other sites More sharing options...
maxpower Posted November 17, 2017 Share Posted November 17, 2017 Do you know how to change your DNS servers in Win 10. I ask this because when you move this PC back home your problems begin. Link to comment Share on other sites More sharing options...
Jdietz Posted November 17, 2017 Share Posted November 17, 2017 Read this article about the cause and removal: https://malwaretips.com/blogs/remove-fake-flash-player-update/ And for the Mac guy on his high horse: https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/ Link to comment Share on other sites More sharing options...
Here It Is Posted November 17, 2017 Share Posted November 17, 2017 (edited) 4 minutes ago, Jdietz said: And for the Mac guy on his high horse: https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/ No high horse needed. I merely stated you don't have this nonsense on a Mac. Up to you. Edited November 17, 2017 by Here It Is Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 6 minutes ago, maxpower said: Do you know how to change your DNS servers in Win 10. I ask this because when you move this PC back home your problems begin. No I don't but my mate probably will. Link to comment Share on other sites More sharing options...
Golden Triangle Posted November 17, 2017 Author Share Posted November 17, 2017 (edited) And to add insult to injury, malwarebytes is now blocking SpyHunter 4 if it wasn't so funny I would cry I did restore it, but every time I go to use SpyHunter it just blocks it again. Edited November 17, 2017 by Golden Triangle Link to comment Share on other sites More sharing options...
Meljames Posted November 17, 2017 Share Posted November 17, 2017 1 minute ago, Golden Triangle said: And to add insult to injury, malwarebytes is now blocking SpyHunter 4 if it wasn't so funny I would cry If you go into settings, you should be able to turn off 'real time' protection on the spyhunter. Then you can run the malwarebytes Link to comment Share on other sites More sharing options...
Slip Posted November 17, 2017 Share Posted November 17, 2017 14 minutes ago, Golden Triangle said: PUPs are not necessarily a huge problem. I see you have some other advice here, so will leave you to follow up on that. If it doesn't work we can always revisit. Link to comment Share on other sites More sharing options...
maxpower Posted November 17, 2017 Share Posted November 17, 2017 At this point I think you should at least eliminate the DNS servers at the adapter level and make sure they keep the setting you give them. Whats crazy about this is the fact that you have re-installed the OS. I just hope you are not re-infecting the machine by introducing an infected file or device after you have installed Windows. Link to comment Share on other sites More sharing options...
Jdietz Posted November 17, 2017 Share Posted November 17, 2017 22 minutes ago, Here It Is said: No high horse needed. I merely stated you don't have this nonsense on a Mac. Up to you. You didn't read the link, did you? Link to comment Share on other sites More sharing options...
RichCor Posted November 17, 2017 Share Posted November 17, 2017 Looks to me like your Windows 10 is infected with Windows 7, (at least that's what you posted in the screenshot). Link to comment Share on other sites More sharing options...
Here It Is Posted November 17, 2017 Share Posted November 17, 2017 Just now, RichCor said: Looks to me like your Windows 10 is infected with Windows 7, (at least that's what you posted in the screenshot). LOL. Link to comment Share on other sites More sharing options...
Slip Posted November 17, 2017 Share Posted November 17, 2017 3 minutes ago, maxpower said: At this point I think you should at least eliminate the DNS servers at the adapter level and make sure they keep the setting you give them. Whats crazy about this is the fact that you have re-installed the OS. I just hope you are not re-infecting the machine by introducing an infected file or device after you have installed Windows. Yes, thanks Maxpower- I missed this. This problem lives through a clean install? Link to comment Share on other sites More sharing options...
maxpower Posted November 17, 2017 Share Posted November 17, 2017 Just now, RichCor said: Looks to me like your Windows 10 is infected with Windows 7, (at least that's what you posted in the screenshot). I was wondering about that too. Maybe he got the shot from a Win7 machine. If not then the wheels have really fallen off. Link to comment Share on other sites More sharing options...
Peterw42 Posted November 17, 2017 Share Posted November 17, 2017 OP, spyhunter 4 is a rouge antivirus program (false results so you buy it), thats why malwarebytes is blocking it. Google it, lots of reputable malware removal sites say its rubbish. Remove it, malware bytes then hitman pro. Link to comment Share on other sites More sharing options...
RichCor Posted November 17, 2017 Share Posted November 17, 2017 Logging into a GMAIL or G-Suite account using Chome Browser will automatically load the chrome extensions normally used by that account on any computer with no warning. It's a pain in the arse, especially if I log into someone else's account to fix something for them ...then end up having to uninstall the stuff from my machine afterwards. So take a look at all the Add-Ons or Extensions your chrome browser has installed while logged into the google account. Link to comment Share on other sites More sharing options...
Slip Posted November 17, 2017 Share Posted November 17, 2017 4 minutes ago, Peterw42 said: OP, spyhunter 4 is a rouge antivirus program (false results so you buy it), thats why malwarebytes is blocking it. Google it, lots of reputable malware removal sites say its rubbish. Remove it, malware bytes then hitman pro. I'm kicking myself. My assumption was of course that 'a user' would know this, but I am entirely wrong in that. Full marks to you Peterw42 and 0 to me. Link to comment Share on other sites More sharing options...
Peterw42 Posted November 17, 2017 Share Posted November 17, 2017 Just now, Slip said: I'm kicking myself. My assumption was of course that 'a user' would know this, but I am entirely wrong in that. Full marks to you Peterw42 and 0 to me. Technically its a legit program but when you install it you say yes to lots of crap and redirects etc. If malwarebytes doesn't like it thats a good recommendation to get rid of it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now