chrome aliexpress redirection

[apranaxos]

Hi,
2 Describe your issue: Random openning of aliexpress tab happens all the time when clicking on a link in any tab, like, i.e., a google search or any website page.
Although Windows 7 os is on C HD, Chrome is on E HD.
Different softwares finds somes threats and cleaned them out, but chrome redirecting still remains.
I noticed, when softwares I runned allow to see it, that , as they never let choose what to scan (except one, that found nothing in chrome folder), they scan C HD, but don't seems to scan chrome E HD Folder.
2 malware name detected by Kaspersky or another security product:
No idea where to find results of scan already performed, except for malwarebytes (scan result joined)
3 Mention the date the issue started:
I think, it started 2 days ago, january 21st.
4 Describe what steps have you taken :
I used spyhunter5, that won't do nothing until 24h after its installation, so I'll use it tomorrow,
IObit Malware Fighter,
malwarebytes (scan result joined),
Zemana AntiMalware,
adwcleaner_8.0.1,
EmsisoftEmergencyKit,
HitmanPro,
Farbar Recovery Scan Tool FRST (I also attached FRST reports),
I just followed softwares instructions.
I hope I didn't breach any rules, I tried to follow instructions given to the best of my ability.
Thanks in advance for your precious help.

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If the problem persists and Chrome is Synced with other Devices reset it.

Chrome Secure Preferences detection always comes back

When Malwarebytes finds some malicious (mostly adware or PUP) settings/startpages/searchengines in your Chrome, it will address this. (Note, Malwarebytes doesnt really delete the Chrome Secure Preferences file when a detection occurs) However, some of you may notice it will always come back after...

forums.malwarebytes.com

Sign in and sync in Chrome - Computer - Google Chrome Help

When you sign in to Chrome with your Google Account, you can get your info on all your devices and use additional Chrome features. When you sign in You can get your bookmarks, passwords, and

support.google.com

Execute the suggested fix.

Restart the computer normally.
===========

If the files are in Malwarebytes' quarantine folder delete them.

Malwarebytes Anti-Malware Help - Quarantine

Let me know if the problem persists.

 

[apranaxos]

Hi nasdaq,
I just followed your instructions, I need some time now to verify if the pbm still persist.
I let you know, as soon as I think the pbm is solved.
Thank you for your kind help.
Information For other members getting the same problem :
Yesterday, I found that the redirection comes from a new tab go.koten.zone, that open randomly, alone, which redirect in an other new tab to best.aliexpress.com
I used adguard adblocker user rules settings to block it with the following regex: ||go.koten.zone^$empty
It seems not working 100%, but it gets better, happening less often, less annoying.

 

[nasdaq]

Keep me posted.

 

[apranaxos]

It seems to have been cleaned, but I need some more time to be sure, I'll post in a couple of days to tell you.
Thank you nasdaq.

 

[nasdaq]

This topic will be kept open for an other 6 days.

 

[apranaxos]

Hi, I come back to share feed back:
I get tab opening, but not very often, at the following URL:
data:text/plain;base64,
Empty white page (a nothing page)
I suppose that nasdaq instructions, plus malewarebytes software cleaning , plus the adguard adblocker user rules regex setting I used: ||go.koten.zone^$empty, plus all the softwares listed previously, had a result.
This is not 100% cleaned, but it is really a minor anoyance.

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Driver Booster 7 (HKLM\...\Driver Booster_is1) (Version: 7.2.0 - IObit)
---
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

 

[apranaxos]

Done here is the attachment.
Thank You nasdaq

 

[nasdaq]

Looking good. Is the problem solved?

 

[apranaxos]

From now, it seems to be just perfect, I just need a little more time to experiment, I'll be back to report in a couple of days.
Thank you nasdaq.

 

[nasdaq]

Please do.

 

[nasdaq]

Are you still with me?