Possible Browser Hijack?

[KayTees]

Long story short, don't know whenever I sign into my user account and open Chrome. I get redirected to some russian mail site.

No clue on how I got this. Ran MalwareBytes, got rid of the folder in my /Local, resetted browser settings, signed out of Google account, removed all extensions but no luck.

[warzkaz]

did you install pirated game on your pc?

[KayTees]

did you install pirated game on your pc?

Nope, no pirated games. 

[don_svetlio]

run Malwarebytes

[warzkaz]

Nope, no pirated games. 

free/pirated programs?

[DigitalHermit]

check for adware and PUPs...

do a scan with malwarebytes and check all of your web browser shortcuts..

[Section35]

Cyka Blyat? /s

 

Srs though check for Spyware and such. Check your ipconfig too.

[RedSphyxis]

you might have installed a probram that has adware on it.

 

it won't be necessarily detected by Malwarebytes. Some shady programs have these stuff attached 

[Naeaes]

If malwarebytes keeps missing the thing, it could be this simple trick: the shortcut you use to open chrome could be changed to point to the URL instead of chrome.exe. Of course, in addition to the startup page being changed to it. I had it happen to me once after installing some free software. Malwarebytes spotted the executable that did the change but not the change itself. I finally found it after using the File Explorer search for the parts of the URL in question. I can't remember what the program or the URL was but the the URL contained the part number for my main SSD.

[KayTees]

This is what it says in the Extensions for IE.

 

run Malwarebytes

That's the first thing I did.

 

free/pirated programs?

None installed recently.

 

check for adware and PUPs...

do a scan with malwarebytes and check all of your web browser shortcuts..

Tried doing that, no luck. 

 

If malwarebytes keeps missing the thing, it could be this simple trick: the shortcut you use to open chrome could be changed to point to the URL instead of chrome.exe. Of course, in addition to the startup page being changed to it. I had it happen to me once after installing some free software. Malwarebytes spotted the executable that did the change but not the change itself. I finally found it after using the File Explorer search for the parts of the URL in question. I can't remember what the program or the URL was but the the URL contained the part number for my main SSD.

 

Before it shows the "mail.ru" URL, there is something that redirects it but its too fast for me to cancel to reveal that link.

[Naeaes]

Before it shows the "mail.ru" URL, there is something that redirects it but its too fast for me to cancel to reveal that link.

Nasty. There's probably a rediction chain in there. So if you click back, it'll send you back to the last link which directs you back to 'mail.ru'. Usually it's possible to get to the root by clicking back several times very fast. There's probably more eloquent ways but I can't think of any right now. 

[KayTees]

Nasty. There's probably a rediction chain in there. So if you click back, it'll send you back to the last link which directs you back to 'mail.ru'. Usually it's possible to get to the root by clicking back several times very fast. There's probably more eloquent ways but I can't think of any right now. 

Update:

 

The link before seems to be a avdile.ru link. Also found this "Account Unknown". Tried to remove it but doesn't allow me.

 

[TetraSky]

This is what it says in the Extensions for IE.

 

That's the first thing I did.

 

None installed recently.

 

Tried doing that, no luck. 

 

 

Before it shows the "mail.ru" URL, there is something that redirects it but its too fast for me to cancel to reveal that link.

That's IE, you are using Chrome. What about the extension in Chrome? I can't read.

Also, yup, you're infected.

[KayTees]

That's IE, you are using Chrome. What about the extension in Chrome? I can't read.

Also, yup, you're infected.

Possible solution?

[KayTees]

@warzkaz @TetraSky @Naeaes @DigitalHermit @huilun02 @Section35 @RedSphyxis 

 

Another update, seems like whenever I remove a "person", Chrome restarts and the "Extensions" come back.

 

 

[DigitalHermit]

looks like something got on there..

[VulcanAndroid]

Long story short, don't know whenever I sign into my user account and open Chrome. I get redirected to some russian mail site.

No clue on how I got this. Ran MalwareBytes, got rid of the folder in my /Local, resetted browser settings, signed out of Google account, removed all extensions but no luck.

Is this only a problem with Chrome? Does IE, Edge, or Firefox (or whatever other browsers you have) behave in this same fashion? If not and the problem is only linked to Chrome try uninstalling Chrome the reinstall making sure that you have cleared out all cache settings so that you have completely clean version of Chrome.

[KayTees]

Is this only a problem with Chrome? Does IE, Edge, or Firefox (or whatever other browsers you have) behave in this same fashion? If not and the problem is only linked to Chrome try uninstalling Chrome the reinstall making sure that you have cleared out all cache settings so that you have completely clean version of Chrome.

For Chrome, IE and Torch. Already tried clean removal.

[Chrysolite]

Try running a free trial of Kaspersky Total or Bitdefender Total. Should detect it