browser hijacker chrome - redirects to bing, ask.com

[keea]

Hi,
A few days ago I noticed that my Chrome browser would get re-directed to either ask.com or bing. I removed all my extensions and ran a bunch of scans, some of which detected malware, which I deleted. But it hasn't solved the problem. I've reset chrome settings.

The problem persits...I've downloaded Guardio, which sees the browser hijacker (as search-location), and blocks the re-direction. But it is causing other syncing issues with my accounts, and i'd like to take care of the issue once and for all.

Any tips? Thanks alot

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer

Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.

Let me know if the problem persists.
===

 

[keea]

Thanks Nasdaq.

Here is the report from Malwarebytes
It didn't seem to have found anything.

Let me know if there's other steps I can take, thanks alot

 

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===



Please post the Fixlog.txt and let me know if the problem persists.

 

[keea]

The problem is still happening. Here is the Fixlog.

Thanks alot

 

[nasdaq]

Hi,

Let's search the registry:
Run the Farbar program. There is a Search Registry button on the FRST Console. Paste this term in bold in the box and click OK.

Search registry: ask.com


Post the logs for my review.

 

[keea]

I pasted ask.com in the box and ran the search registry.

Here is the log

Thank you!

 

[nasdaq]

Hi,

There was a syntax error in my fixlist.

Please do this.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

Restart the computer normally.

Let me know if the problem persists.

 

[keea]

Hi, I ran the fixme.reg file.
Should I also download Spyware Blaster if i don't have it on my computer?

The problem is still there - when I do a search in the box, i can see that it first links to search-location.com before redirecting to bing.
Thx!

 

[keea]

This is for example what it links to before going to bing;

http://www.search-location.com/v1/hostedsearch?aid=1463441&data=aWlkPTkyJnVpZD0xNzcyNjM5MTA=&sto=1&keyword=front+row+insurance

And if i open a tab it now goes directly to Search Marquis.

Is this any help?

 

[nasdaq]

Hi,

Go to this site and download the Combo Cleaner for MAC if appropriate.

Search-alpha.com Redirect (Mac)

www.pcrisk.com

 

[keea]

Unfortunately I have a PC and not a Mac, is there a version for PC?
Thanks

 

[nasdaq]

Hi,

As in post no 6. paste this in the search box and then click the search Registry Button.

search-location.com[

 

[keea]

Thanks, it doesn't seem like it has found anything.

When I open a Chrome tab, it now goes directly to Search Marquis (before it used to show up as google on opening).

Do you think it is worth reformatting the computer?
Or do you think there are still steps we can take to try to find this thing?

Thanks again for your help

 

[nasdaq]

Hi,

Possibly my fault if nothing was found.
There was an error in my syntax.


As in post no 6. paste this in the search box and then click the search Registry Button.

Change this search-location.com[

to

search-location.com


copy and paste the text to make sure.

 

[keea]

Hey thanks, ran it again !

 

[nasdaq]

Hi,

No need to reformat this computer.
Only Chome is the issue.

The problem could be coming from Syncing Chrome with other Devices.

If the problem persists and Chrome is Synced with other Devices reset it.
It could be any device, phone, tablet other computers etc... Make sure you check it our.

Chrome Secure Preferences detection always returns

Browser-related remediation (especially concerning preference/configuration files) can be particularly troublesome given the safeguards built into the browsers, along with syncing mechanisms and other complications associated with Internet browsers. The issue you're experiencing is likely caused ...

forums.malwarebytes.com

Sign in and sync in Chrome - Computer - Google Chrome Help

When you sign in to Chrome with your Google Account, you can get your info on all your devices and use additional Chrome features. When you sign in You can get your bookmarks, passwords, and

support.google.com

Execute the suggested fix.

Restart the computer normally.
===========

If all fails Delete and reinstall Chrome.

Uninstall Google Chrome

Uninstall Google Chrome - Computer - Google Chrome Help

You can remove Chrome from your computer (Windows, Mac, or Linux), or delete the Chrome app from your iPhone or iPad. Windows 11 On your computer, close all C

support.google.com

Select the Windows 10 Operating System and follow the directives.

Make sure you Restart the computer when done.

The reinstall chrome. Follow these directives.

Download & install Google Chrome

Download & install Google Chrome - Computer - Google Chrome Help

Google Chrome is a fast web browser available at no charge. Before you download, you can check if Chrome supports your operating system and you have all the other system requirements. How to ins

support.google.com

Select the Windows operating system and install a fresh copy.

If at any time you need instructions please ask before proceeding.

Keep me posted.

 

[keea]

Hey, I've followed these instructions, and uninstalled and re-installed chrome. and my new tabs still lead to Search Marquis.

What would you suggest at this point?
Thanks

 

[nasdaq]

Hi,

Firefox being your default browser try the following.

Clean the Firefox Cache.

Clear your web browser's cache, cookies, and history

On this page:

kb.iu.edu

<<<>>>


Mae sure it's not a Syncing issue.

If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

Remove a synced device from your Mozilla account | Mozilla Support

Disconnect a device from your Mozilla account and stop syncing its data.

support.mozilla.org

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button. (Your call)

Reset the sync if you want.

Restart the computer normally.
<<<>>>

Remove Firefox using the instructions one this page.

Uninstall Firefox from your computer | Firefox Help

This article describes how to uninstall the Firefox application from your computer and also how to remove the personal information that Firefox stores.

support.mozilla.org

Restart the computer normally.

If the problem is not solved try this.

Make sure that you have reset Firefox's syncing.

If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

Remove a synced device from your Mozilla account | Mozilla Support

Disconnect a device from your Mozilla account and stop syncing its data.

support.mozilla.org

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button. (Your call)

Reset the sync if you want.

Restart the computer normally.
<<<>>>

In the event that all fails:

Remove and re-install Firefox it may be compromised.

Navigate to this page.

Follow all the directives

Troubleshoot and diagnose Firefox problems | Firefox Help

This article includes a series of steps you can follow, that will help you fix most problems with Firefox.

support.mozilla.org

You can then reinstall Firefox if you want it.

p.s.
This process will not remove your Firefox profile data (such as bookmarks and passwords), since that information is stored in a different location.
Follow the suggested directives.
<<<>>>

 

[keea]

Hi, I've never used Firefox. I was using Chrome.
I've switched to Brave which seems to have solved the issue.
It's just frustrating that I can't use Chrome in the end. But thanks alot for your help!