Annoying browser hijack.

[Phentos]

Today I've been getting hammered by some adware or browser hijack. What happens is that at random times when I want to open a new tab, the tab I was on previously will redirect to some stupid gambling website, a sweepstakes website, or to a page advertising some junk Chrome extension. Today is the first time this has happened, and I haven't installed anything over the last several weeks. I did visit a website (extremetech.com) that hit me hard with ads, even though I have Adblock Plus with only a select few websites whitelisted.

 

To address this I've deleted my Chrome user data from the past week, and I've run Malwarebytes 4 times along with Ad-aware, Junkware Removal tool, RKill, and Hitman Pro. Hijackthis revealed nothing out of the ordinary.

 

Malwarebytes is the only program so far that has actually found anything. On the first scan it found 4 PUPs for some crap called NewTabTV. Rebooted after first scan. Second and third scans found nothing. Rebooted again. Fourth scan found 4 more PUPs for Mindspark. Rebooted for a third time. 

 

So far nothing, but I won't be surprised if this continues.

 

 

[yathis]

What did you d/l or install?

 

Look at your programs running and delete. RIght click bottom bar, Start Task Manager.

[Phentos]

6 minutes ago, yathis said:

What did you d/l or install?

 

Look at your programs running and delete. RIght click bottom bar, Start Task Manager.

I've already been over that. First thing I thought of.

 

I haven't installed anything in over a week.

[DrMacintosh]

This is for a Windows PC correct?

 

Have you deleted Chrome? Does this occur in other browsers?

[vaiwalker]

check the properties of your browser. could have some weird extension added to it. and you definitely have something still installed. check your startup services, your startup list in task manager, your hidden folder's under %appdata%, delete any folder that looks malware-ish. might have to go into safemode to do it.

[Phentos]

14 minutes ago, DrMacintosh said:

This is for a Windows PC correct?

 

Have you deleted Chrome? Does this occur in other browsers?

Yes, Windows 10. 

 

Yes I reinstalled Chrome. The problem does not occur on other browsers, mostly because I never use them. I only used Edge to download Chrome.

5 minutes ago, vaiwalker said:

check the properties of your browser. could have some weird extension added to it. and you definitely have something still installed. check your startup services, your startup list in task manager, your hidden folder's under %appdata%, delete any folder that looks malware-ish. might have to go into safemode to do it.

I already checked for any strange extensions for my browser, I've run the Chrome cleanup tool, and I've looked through my startup programs. I have a very clean startup list, with only the bare essentials needed (plus CUE for my Corsair peripherals).

[DrMacintosh]

6 minutes ago, Phentos said:

mostly because I never use them.

well use Edge for a while and see what happens. 

 

Otherwise if its just a Chrome thing then I think you are SOL. 

[xAcid9]

Does Adwcleaner reveal anything?

[Phentos]

37 minutes ago, xAcid9 said:

Does Adwcleaner reveal anything?

No.

 

Popped up a window just now telling me there's a date nearby for me. How wonderful.

39 minutes ago, DrMacintosh said:

well use Edge for a while and see what happens. 

 

Otherwise if its just a Chrome thing then I think you are SOL. 

I'd rather live with this issue than go back to using a Microsoft browser. 

[vaiwalker]

 

1 hour ago, Phentos said:

No.

 

Popped up a window just now telling me there's a date nearby for me. How wonderful.

I'd rather live with this issue than go back to using a Microsoft browser. 

check your programs list in control panel and sort it by date and see what's the last thing that was installed. it might not have been installed by you, probably some other program that a PUP.

[bcguru9384]

opn elevated cmd prompt

run 

netstat -n -b -t 3

keep this window open and when redirected see ip appear ....

add firewall rule for inbound from and to that ip

[DrMacintosh]

14 hours ago, Phentos said:

I'd rather live with this issue than go back to using a Microsoft browser.

That is some irrational thinking here. 

 

You could use any other browser, it was just a suggestion that you use Edge since its built in and is 1st party. 

[verytiny]

maybe the malware changed your proxy settings so you should check that

[Phentos]

Fixed the issue by reinstalling Chrome and deleting all of my user data. Sucks, but oh well.

 

Thanks for the suggestions everyone.