Operating System
Windows 10
Infection date and initial symptoms
Not sure about the exact date, but sometime January/February 2019.

Initial symptoms:

- opens multiple tabs, each with one or more words from the original tab.

- Also generate what I think are corrupted web links along with the google search weblinks. The corrupted links show up both at the top and the bottom of the screen. In the pictures I will attach to this, I have marked the corrupt links with red and google links with green, but the text, font, size, etc. is recognizably different from the google search links.

The extra tabs may or may not produce one or more links similar or identical to the corrupted links upon the initial search. When they do not produce more of these corrupted links, it shows up as that common error screen like you get if a page doesn't exist.
Current issues and symptoms
I have been noticing a couple of patterns with this search find it thing.

1. It doesn't generate additional tabs for everything. I don't know exactly why it doesn't do this with all searches when it does with at least half of my searches. When it does, the symptoms are the same as listed in the initial symptoms.

2. There is a different number after the "us" in redirected tab. I have seen anywhere from there not being a number and up to number 9 (us. through us9.). A pop up shows up basically saying this thing wants to have access/send notifications, do you want to "allow it or block it," and of course I block it, but it still shows up later along with a new link. The pictures show a couple different examples of this.
Steps taken in order to remove the infection
I've used adwcleaner, CCleaner, malwarebytes, windows defender, and FRST(as recommended by the step-by-step on this site).
------------ None of these detect anything related to the search-find-it issue. I've used the cleaners multiple times over the last few days and multiple times a day, but it does not seem to be related to anything they can pick up, or it's just not detectable.

I've checked the extensions which the only one I downloaded after I started having these issues was ads killer plus. There are no other extensions that appear to be any sort of issue. ------ this made no difference

I've also reset the browser data as also listed in really any step-by-step you can find with the "reset" button as well as repeatedly clearing the cache and cookies. ------ this also made no difference

I am continuing to block the "allow or block" pop ups that show up, but they keep showing up with a new link and different numbers.
System logs
Yes, I've uploaded both FRST.txt and Addition.txt logs

waterlily_18

New Member
Hello.
Recently, I have been having some trouble with a search-find-it type of what I think is a browser hijacker. I am not sure how to get rid of it. It started around the time I realized that I also had this
Search powered by Yahoo virus/malware. Also during this time I was able to catch and remove a trojan virus. I am thinking these were all connected so I am trying to remove them all as soon as I can.

The search powered by Yahoo malware was refusing to uninstall and I don't know when it actually finally did uninstall. I took all of the steps and went to the control panel, uninstall a program, click uninstall/change, yes. I did this both on the control panel and on the apps and features tab on my computer. It stayed for several days before it stopped showing up in the control panel and apps tab.

I checked the extensions and reset the browser info, but nothing seemed out of the ordinary there.

During this time, I've been using several different anti-malware finders and cleaners (Adwcleaner, CCleaner, Malwarebytes, windows defender and FRST).

Am I missing something, and is someone able to help me learn how to get rid of it?

The pictures I am attaching to this post contain markings to help point out what the problem is. The red markings are to point out things that the virus/malware is doing (not all of these are marked), and the green markings are what the computer/google is supposed to be doing. One has a yellow marking showing that one of these pages did not have these extra generated tabs pop up.
------------- I chose the searches almost completely randomly to show what this virus thing may or may not target/effect.
(The black markings simply contain information related to my identity which I do not intend to give out. Please excuse this.)

Some of these symptoms make me wonder whether or not this virus is collecting passwords and other data, or if it is just there to lead you to places that will install other viruses that are made to steal information or to scam you into spending money or something like that. It is particularly concerning that it pops up when trying to log into your email and personal information accounts and such.


208688
------- The image above shows the additional pop ups (us9.) as well as the questionable links of a different size and font. ------

208689208691
--- search with a single word, single word additional pop up (us3.). Searches with more words generate more tabs, each with one or more words/symbols ------

208692
----bottom of the page, more of these links ----

208693
---- for whatever reason, this search link did not generate additional tabs. The link is related to data security and prevention against viruses. Possibly one of the types of links this virus either can't affect or is programed not to affect ------

208694
------ just a random search. this text is bolded more than the others, so I don't know for sure if it is part of this virus, but the size and font of the text looks relatively similar to the other pictures. -----

208695
----- pop ups (us.) for sites that you use for your personal information -------
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
Hello,


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments