Can't get rid of this garbage chrome redirect/adware virus!

Showiz

Honorable
Sep 18, 2013
4
0
10,510
I'm using Windows 7 ultimate 64bit

Basically i downloaded some stupid patch for a game but it turned out to be fake with malware/adware viruses, my eset noticed it and it deleted a few files but the problem is still here.

The problem is:

- Whenever i try to search something in chrome's "Search bar" it searches in Yahoo instead, it redirects me away from google, if i manage to reach google.com and search for something in google it searches in yahoo! and sometimes it opens stupid ads and spam.
It has nothing to do with chrome's settings.

So this link pops up for a second when i search for something:
go.redirectro.com/v1/hostedse...7&keyword=test

What solutions i've tried:

1) Reinstalling chrome and reseting the settings = failed
2) Downloaded 4 different malware programs, "Hitman pro"/"Super anti spyware"/"Spy hunter"/malwarebyes", they all found cookies and small viruses each time, deleted them all = failed
3) Running those programs in safe mode ^ and deleting malware again = failed


I think the virus installs itself each time to the PC and to chrome, and idk how to get rid of it! i don't want to format...

I think it's hiding in "regedit" registry keys too but i can't find it, is there a program that shows you which recent registrys have showed up??



Thank in advance!
 
Solution
I would recommend not posting any links, as people might click it. Or at least filter the link so it wouldn't be clickable :)

I see that you have tried everything basic. Let's try a more thorough solution to this questions.

1. Restart your PC in “Safe mode with networking.”
2. Install and run RKill to kill malicious processes and services
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
4. Use browser specific cleanup tools and uninstall the browser completely.
5. Do a full scan with anti-virus software of your choice or use Windows Defender to clean up initial infections.
6. Scan your PC with Hitman Pro, Malwarebytes, and AdwCleaner...

Showiz

Honorable
Sep 18, 2013
4
0
10,510
I couldn't quote you idk why.
Everything starts with "#", it seems to be fine.
Suddenly my problem has been solved, but i will keep this thread opened for a few more hours to see if it's a perma fix or a temp one....


Thanks for reply!
 

somesh101

Estimable
Jul 16, 2015
3
0
4,510
uninstall adware programs. they quikly install without you knowing.
control panel-> unsinstall prgrams

basically uninstall anything you don't remember installing leaving
programs such as c++ redistributal
sql server.
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
I would recommend not posting any links, as people might click it. Or at least filter the link so it wouldn't be clickable :)

I see that you have tried everything basic. Let's try a more thorough solution to this questions.

1. Restart your PC in “Safe mode with networking.”
2. Install and run RKill to kill malicious processes and services
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
4. Use browser specific cleanup tools and uninstall the browser completely.
5. Do a full scan with anti-virus software of your choice or use Windows Defender to clean up initial infections.
6. Scan your PC with Hitman Pro, Malwarebytes, and AdwCleaner. Multiple anti-malware solutions will confirm that the threat was removed. Additionally, I recommend JRT and Zemana. And maybe SpyHunter (Long shot)
7. Use Norton Power Eraser for the 3rd layer of removal.
8. Clean up your Registry and Cached files with CCleaner
9. Do a disk check. Win + R and type the following: chkdsk C: /f /r /x
10. Restart your PC in normal mode and do an additional scan to confirm that the malware is gone
.
These steps should clean up any malicious files from your PC. If this doesn't work, let me know, ill try to write down a more thorough manual solution.
 
Solution

Showiz

Honorable
Sep 18, 2013
4
0
10,510



Yeah i already fixed it, but thanks!
You put alot of effort in it so i'll just make your post the "solution"
Also i didn't install a program, it was a game patch it was more "sneaky" it didn't show up in the "uninstall program".
But it randomly got fixed, i would say that the solution is first download like 4-5 anti malware programs, then start the Windows in safe mode and run them all and delete every malware, also backup/cloud sync your browser if you're going to reinstall it and it should fix the problem :).
And i suggest also going to your main "windows disk" "C" and search for weird new programs/users and delete them.
 

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165
Glad to see you fixed it OP -- you're correct that these types of adware/spyware can propagate themselves, either by re-downloading or re-enabling the malicious extension or through other means.

JoshRoss gives some awesome advice. :) CCleaner could help you clean up your registry and uninstall or knock out the offending program, too.

Finally, something to put in your toolbox for future use - a boot time scan! This can often help to eliminate these types of self-restoring threats. (Many tools offer this including Avast Free: https://www.avast.com/en-us/faq.php?article=AVKB132) We have a Browser Cleanup tool as well that can help scan for potentially unwanted extensions, if you wanted to check that out, Josh also mentioned this: https://www.avast.com/browser-cleanup
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Not every game patch has to be pirated. Indie games, custom modification patches, beta or other forms of game stages can require you to download manual patches.

And yeah, often in %appdata%, C:\, or similar places you can find various custom folders and malicious files.

Also it is a shame I couldn't help you fast enough!
 

rgd1101

Don't
Moderator


True, but game patch contain malware?
 

Showiz

Honorable
Sep 18, 2013
4
0
10,510


Relax, it's was just a fake borderlands 2 patch.
It was just hard to find but it was my mistake, i just rushed it.
 

rgd1101

Don't
Moderator


Much like anything else. only download from official site.
 

jessejamez

Estimable
Apr 23, 2014
1
0
4,510


hi JoshRoss. I just want to ask you... well, I'm not ... okay, so I used to know a lot about computers. I mean, back in the middle ages I was a programmer! I knew Basic, Cobol, Fortran, and a language called APL which i'm pretty sure stood for A Programming Language! In fact, the first computers I worked on were with punch cards and teletype machines! When PC's came out I built them for AST and became pretty fluent with DOS. I held out on going to Windows for the longest time because it was the first time there weren't obvious commands to make what I wanted to happen work! Clearly, I had to conform eventually and then I found IRC or MIRC and that was something I could get back into! There I was able to learn the things that were important like which software to have that would allow me to fix things, see things that were happening in the background, how the files were organized, that sort of thing. And I was confident that I knew what files did what.
This i getting too long and I'm sorry about that. What it comes down to is that I want to know what my computer is doing and what the files in it are. I have no idea when I look at my file list, whether they are supposed to be there or not! I also don't have the arsenal of fix-it programs anymore like I used to. You seem to know what I really want to know again. What I'm trying to say is, would you be interested in helping me out with that? A little or a lot... I would be so happy if you would. Perhaps there are some things I could share with you from the old days that you'ld like to know?
I know there's always Youtube... but ya can't trust everything you see on the internet, ya know? Anyway, I'd be much obliged! Let me know if you want and I'll send you my email address. Thanks!