Shyzer

New Member
Hey guys, over the past few weeks I've had tabs in Google Chrome randomly redirect to spammy domains ending in .be (the base URLs change with every occurrence, but they are always similar) that prompts me to "update" my flash player. In addition to the scan logs, I've uploaded two screenshots of the redirected pages that I'm being led to.

Upon running MalwareByte, it found PUP.Optional.Spigot and PUP.Optional.Speedial.A, which I quarantined. However the redirections still randomly occur.

Any help would be greatly appreciated. Immense thanks in advance!
 

Attachments

TwinHeadedEagle

Level 41
Verified
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Please re-run
Malwarebytes' Anti-Malware.
  • Click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

Shyzer

New Member
No, I did not. I will reset it now. After resetting it, do I need to leave all the settings to their default mode until we solve this?

Also, not sure if this helps, but these are all the domains that I have been redirected to over the past few weeks. They all were the exact same page asking to install Flash.
  • quick-computer-repairs.be
  • quickinstantupdates.be
  • fastpcupdatenow.be
  • fast-update-apps.be
  • simpleinstant-update.be
 
Last edited:

Shyzer

New Member
This computer is not plugged into a router, my bad! It has a direct ethernet connection to my modem.
 

TwinHeadedEagle

Level 41
Verified
Try resetting modem.


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

Shyzer

New Member
I reset my modem to factory default settings, then followed your instructions. I've uploaded the Fixlog.
 

Attachments

Shyzer

New Member
Running well, though my computer was never running slow or sluggish before.

I was only getting 1 or 2 redirects daily, so I will continue using the computer heavily over the next 24 and 48 hours and report back. I can't thank you enough for the help so far!
 

Shyzer

New Member
I encountered yet another instance of the browser hijack today. I'm starting to believe this is a form of malvertising. possible from Google Adsense, as other sites like Slate.com have been hit. Googling the domains in question also returns only results from the past few weeks of others encountering the same issue.

I know this is outside your purview, but would you have any suggestions for programs or tools to run in the background that could possible identify the source of the redirect?
 

Shyzer

New Member
Sorry, I'm not sure what you mean by that. If you're asking what it appears like, here is a screenshot from today's hijacking (all other instances have been exactly the same, except with a different root domain every time.)
 

Attachments

Top