Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on April 23, 2015, 05:48:45 PM

Title: Infected browser.
Post by: REDACTED on April 23, 2015, 05:48:45 PM

This is a growing problem I've noticed. In my case, my chrome got infected with some kind of malware or virus which, no matter what I do, from time to time (doesn't matter what; complete a search on google or push a button on one of my own web-pages) re-direct me to some commercial site.

Nothing seems to bite on this, neither malwarebytes (anti-malware), avast (free), freefix or a bunch of less known software seems to notice its existence.

No programs have been installed since it happend to me, and it seems to spread within my account (i syncronize my chrome over three computers, all of wich got this bugger-infecstation now). Nothing appares in any logs (that i've seen so far) beside Chromes own log:

1. Explosm.net - Home of Cyanide and Happiness explosm.net (Clicked a link here)
2. ww(just so no-one copys it, regular www )w.totaladperformance.com/ad/display.php?r=316091 ww(Jus't don't go here)w.totaladperformance.com – This Crap appeared and redirected me to nr. 3
3. Profit Booster www(just so no-one copys it, regular www ).profitboosterapp.com

Anyone know what this annoying shit is, and how to remove it?

Thanks :)

Title: Re: Infected browser.
Post by: TwinHeadedEagle on April 23, 2015, 05:51:27 PM

Hello,


(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Title: Re: Infected browser.
Post by: Eddy on April 23, 2015, 05:51:38 PM

https://forum.avast.com/index.php?topic=53253.0

Title: Re: Infected browser.
Post by: REDACTED on April 23, 2015, 05:53:38 PM

Sorry Eddy, i forgot :\

Title: Re: Infected browser.
Post by: REDACTED on April 23, 2015, 05:57:45 PM

Here are the two first log-files.

Title: Re: Infected browser.
Post by: Eddy on April 23, 2015, 06:01:42 PM

No worries, we all forget things at times.
I bet Twinheaded will guide you now.
If not, I will grab his two heads and smash them against each other  ;D

Title: Re: Infected browser.
Post by: TwinHeadedEagle on April 23, 2015, 06:03:23 PM

(https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png) Scan with ZOEK

Please download ZOEK (http://hijackthis.nl/smeenk/) by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here (http://www.bleepingcomputer.com/forums/topic114351.html).

• Right-click on (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
chrdefaults;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Title: Re: Infected browser.
Post by: REDACTED on April 23, 2015, 08:46:36 PM

sorry, took some time, got a few TB to proccess :) but here is the zoek-log

Title: Re: Infected browser.
Post by: TwinHeadedEagle on April 23, 2015, 08:50:16 PM

How is your PC behaving now?

Title: Re: Infected browser.
Post by: REDACTED on April 23, 2015, 08:55:45 PM

It's still the same.... for now, it's cleverly disguised as a "miss-click" so doesn't happend more than 5-6 times a day (within 8-10 hours computer-time) I'll come back and update this post if it returns, but so far, thank you mate :)!

Title: Re: Infected browser.
Post by: diablostorm2004 on May 11, 2015, 09:31:51 PM

Hello, I hope it's okay that I post here, this is pretty much the only legitimate website I've seen to go over the problem I'm having. I've followed the steps listed in this thread, but I'm still facing the same problem.

I've attached the relevant log files, hopefully someone here can assist me.

Title: Re: Infected browser.
Post by: TwinHeadedEagle on May 11, 2015, 09:38:02 PM

@diablo

Start your own topic and attach all reports. Thanks!

Title: Re: Infected browser.
Post by: REDACTED on July 06, 2015, 07:43:24 AM

Why does AVAST block "totaladperformance" but doesn't eliminate it altogether as being a virus or whatever???
I've tried everything but can't get rid of "totaladperformance"
Windows 8.1 64 bit with Google Chrome

Title: Re: Infected browser.
Post by: TwinHeadedEagle on July 06, 2015, 10:30:50 AM

@reinier.tervooren

Please start your own topic and someone will assist you.