Browser redirecting to fake Flash installation sites

Shyzer

New Member
Thread author
Nov 5, 2014
8
Hey guys, over the past few weeks I've had tabs in Google Chrome randomly redirect to spammy domains ending in .be (the base URLs change with every occurrence, but they are always similar) that prompts me to "update" my flash player. In addition to the scan logs, I've uploaded two screenshots of the redirected pages that I'm being led to.

Upon running MalwareByte, it found PUP.Optional.Spigot and PUP.Optional.Speedial.A, which I quarantined. However the redirections still randomly occur.

Any help would be greatly appreciated. Immense thanks in advance!
 

Attachments

  • FRST.txt
    43.7 KB · Views: 71
  • spam1.png
    spam1.png
    211.9 KB · Views: 96
  • spam2.png
    spam2.png
    234.9 KB · Views: 97
  • Addition.txt
    36.9 KB · Views: 89

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Please re-run
51a46ae42d560-malwarebytes_anti_malware.png
Malwarebytes' Anti-Malware.
  • Click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

Shyzer

New Member
Thread author
Nov 5, 2014
8
Hello TwinHeadedEagle, thanks for helping me out! As requested, here is the scan log form Malwarebytes latest scan, which was yesterday.
 

Attachments

  • malwarebytes-nov4-scan.txt
    1 KB · Views: 72

Shyzer

New Member
Thread author
Nov 5, 2014
8
No, I did not. I will reset it now. After resetting it, do I need to leave all the settings to their default mode until we solve this?

Also, not sure if this helps, but these are all the domains that I have been redirected to over the past few weeks. They all were the exact same page asking to install Flash.
  • quick-computer-repairs.be
  • quickinstantupdates.be
  • fastpcupdatenow.be
  • fast-update-apps.be
  • simpleinstant-update.be
 
Last edited:

Shyzer

New Member
Thread author
Nov 5, 2014
8
This computer is not plugged into a router, my bad! It has a direct ethernet connection to my modem.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Try resetting modem.


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    91 bytes · Views: 69

Shyzer

New Member
Thread author
Nov 5, 2014
8
I reset my modem to factory default settings, then followed your instructions. I've uploaded the Fixlog.
 

Attachments

  • Fixlog.txt
    681 bytes · Views: 63

Shyzer

New Member
Thread author
Nov 5, 2014
8
Running well, though my computer was never running slow or sluggish before.

I was only getting 1 or 2 redirects daily, so I will continue using the computer heavily over the next 24 and 48 hours and report back. I can't thank you enough for the help so far!
 

Shyzer

New Member
Thread author
Nov 5, 2014
8
I encountered yet another instance of the browser hijack today. I'm starting to believe this is a form of malvertising. possible from Google Adsense, as other sites like Slate.com have been hit. Googling the domains in question also returns only results from the past few weeks of others encountering the same issue.

I know this is outside your purview, but would you have any suggestions for programs or tools to run in the background that could possible identify the source of the redirect?
 

Shyzer

New Member
Thread author
Nov 5, 2014
8
Sorry, I'm not sure what you mean by that. If you're asking what it appears like, here is a screenshot from today's hijacking (all other instances have been exactly the same, except with a different root domain every time.)
 

Attachments

  • 8479ffaac80e11c4263ad17d8c7f27fc.png
    8479ffaac80e11c4263ad17d8c7f27fc.png
    234 KB · Views: 84

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top