Getting redirected from websites without even clicking on anything

Raul Mkryan

Estimable
Sep 1, 2014
10
0
4,560
Hi, I Keep getting redirected to cheap sites like aliexpress, alibaba, ilivid and the likes after loading my desired website for 2 seconds, I don't even have to click on anything, it just redirects me without doing ANYTHING... I've tried adwcleaner and malware bytes to no avail... I cant even express how frustrating this is, really... It does not affect websites like google, facebook, youtube etc but it does affect 99% of other websites, in fact, I'm writing this on my smartphone since I couldn't stay on Tom's Hardware for more than 2 seconds.

If this matters I'm on win 8.1 and it happens both in Chrome and Firefox. I really, really need help guys. I wasn't sure where to post this, so if it's in the wrong section pardon me.
 
Solution
Hi,
This is a long and tedious process, but under each virus, listed in SpyHunter, you will see a little plus button, press on it, and it will tell you where each virus is, and you can manually remove it.
Here are some hints.
If it says the virus is stored in Cookies, then all you have to do is clean the cookie ceche of all your browsers.
If it says somthing about the virus being stored in HKCR, then the virus is stored in the regestry.
I do understand if you would rather not do this manually, and I will attempt to aid you further.
Hope this Helps

Raul Mkryan

Estimable
Sep 1, 2014
10
0
4,560
Thanks for replying and sorry for getting back to you so late.

I did install SpyHunter, and it has found 289 threats which surprised me since I'd run 2 other adware/malware programs and cleaned everything found... It's still scanning thought, whenever it's finished I'll "fix" them. Hope this helps.

P.S. at the moment it's not redirecting me for some reason, but it's happened again, it stopped doing what I've described for a day or 2 then started again.
 

itmoba

Estimable
Aug 14, 2015
153
0
4,660
I don't fancy SpyHunter in particular, though it's a good place to start. I suggest you use HijackThis (free); thereafter, report the unabridged results (screenshots or a list, either will suffice). This will give me/us a fair idea of what kind of nasty junk is lurking about. I suggest you also download Avira Rescue System and burn it to a CD or DVD. I/we will relate to you how to proceed once you've told me/us what HijackThis reports.


■ You can download Avira Rescue System from here: http://www.avira.com/en/download/product/avira-rescue-system

■ You can download HijackThis from here: http://sourceforge.net/projects/hjt/
 

7malligk

Honorable
May 4, 2015
39
0
10,610


Hi,
You can try those software.
And yes, please give us photos of what reports SpyHunter and Hyjack This report.
 

Raul Mkryan

Estimable
Sep 1, 2014
10
0
4,560
HijackThis' log: Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:10:34 AM, on 9/2/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Raul\Downloads\Firefox\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: KDWin - Keyboard Driver 2014.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5759 bytes

SpyHunter's screenshots (Couldn't use the fix option since I hadn't purchased it): https://www.dropbox.com/sh/huha8n3u5x4undz/AABl9_m_orxKmoqxw-sZpmR-a?dl=0

Also, I can't use any CD/DVDs since I don't have any optical drive that works, sadly.
 

7malligk

Honorable
May 4, 2015
39
0
10,610
Hi,
This is a long and tedious process, but under each virus, listed in SpyHunter, you will see a little plus button, press on it, and it will tell you where each virus is, and you can manually remove it.
Here are some hints.
If it says the virus is stored in Cookies, then all you have to do is clean the cookie ceche of all your browsers.
If it says somthing about the virus being stored in HKCR, then the virus is stored in the regestry.
I do understand if you would rather not do this manually, and I will attempt to aid you further.
Hope this Helps
 
Solution

itmoba

Estimable
Aug 14, 2015
153
0
4,660
Some malware cannot be removed from within. For this reason, the HD's files need to be accessed from outside, via a live-distribution. Provided this is the case, if s/he cannot make a CD/DVD, then, their only alternative is to do so via a USB drive live-distribution. That doesn't mean that it'll work, nor does it mean that they must follow this procedure. This is simply some friendly advice -- nothing more, nothing less. The real question here is how to fix things in the most efficient and least painful manner possible for the user (i.e., if they don't know anything about security, then, they'll probably want something that's automated and simple to use).
 

Raul Mkryan

Estimable
Sep 1, 2014
10
0
4,560
OK, I'll start manually deleting everything that SpyHunter has found. Is there anything else that you'd suggest doing? Or should I make a bootable USB after cleaning this junk from OS doesn't help?

E: I couldn't find this path, could it be because I've cleaned my Firefox cookies?
tuIiwxa.png
 

7malligk

Honorable
May 4, 2015
39
0
10,610
Hi,
It is in a hidden folder,
to see hidden folders, follow these steps,
Open Folder Options by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

Click the View tab.

Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
Hope this Helps
 

Raul Mkryan

Estimable
Sep 1, 2014
10
0
4,560
Phew, cleared every single one of them both from app data and the registry... Couldn't find some cookie locations but I hope clearing cookies from within 3 browsers (IE, FF, Chrome) will do the trick.
Thanks a lot everyone for helping me. If it comes back I'll post again to get further assistance from you. :)