usa-aa.s3-website-us-east-1.amazonaws.com/?grp=5 and google.

a9ch4f

Estimable
Sep 28, 2014
18
0
4,570
Recently, when I launch Google Chrome, it will first go to usa-aa.s3-website-us-east-1.amazonaws.com/?grp=5, and then will nearly immediately go to Google Chrome. Why is it doing this and is it bad?
 

be92e

Estimable
Dec 27, 2014
2
0
4,510



This isn't something to ignore though. I have the same problem. I set up Google Chrome to open with specific startup pages and they were working just fine. Then all of a sudden the weird message pops up in the url and now it takes forever just for ONE page to pop up. The other startup pages doesn't bother to show up and when I check the settings, it's the same thing I put in with no change, so it has to be this url.
 

Pope187

Estimable
Jan 1, 2015
1
0
4,510
I'm having the same problem! Im pretty sure its linked to this "Salus" Malware that keeps getting on my pc. malwarebytes doesn't detect it, but i can find it in the program files with an odd string of numbers and letters. i had to end the process of an exe in the task manager THEN delete the program folder. though it keeps finding its way back on. anyone know more about this Salus?
 

a9ch4f

Estimable
Sep 28, 2014
18
0
4,570


That's very odd, I did not encounter this. Malwarebytes doesn't catch everything though. Today I got some paid antivirus and it managed to find 24 dangerous items that Malwarebytes didn't find. Try running a custom scan and scan for 'rootkits,' I believe that those are usually the 'root' of any web browser problem.

If that doesn't work, consider scanning with a different free anti-virus software (one that is reputable), or using a trial for a paid one. If all else fails, you should be able to completely reset your browser, which means it would wipe your history and cookies.

Also, maybe it is hiding in multiple files, which means it will be harder to completely eradicate. Also, I've heard some forms of malware are simply able to disable your antivirus, or just hide from it.

Good luck.
 

bucklejo77

Estimable
Jan 10, 2015
1
0
4,510


Did you ever find a solution? I am having the same problem.
 

rizzorr

Estimable
Mar 25, 2015
1
0
4,510
I cant believe this is best solution. OF COURSE IT IS A PROBLEM. This thing ruined a perfectly good laptop of mine.There are websites all over telling you how bad this is and how to remove it. Obviously someone associated with the virus managed to win top comment on this site I am not sure what determines best solution but management of toms guide needs to monitor it more. Im disappointed in toms guide for allowing this to happen. I depend on this site to be one of the more reputable.


 

hardnfast

Estimable
Apr 11, 2015
1
0
4,510
I have fixed this for both Explorer and Chrome, probably Firefox fix is the same. It's really simple.

What it does is put an argument to the browser in the shortcuts. All browsers can take a URL as a command line argument. Right click on the shortcut you're using to open the browser in the start menu, and under the shortcut tab you'll see a target. You should see the path to your browser (in quotes) followed by some variant of usa-aa.s3-website-us-east-1.amazonaws.com/?grp=5. Remove everything after the closing quote around the browser. Test by using this shortcut to open your browser.

For a link pinned to the taskbar: Unpin the browser link (right click on the icon and click unpin). This should send the link back to the start menu. Follow the above steps on this shortcut. To repin, just use the shortcut to open the browser, right click on the icon, and select pin.

This assumes that you've already run antivirus, etc., to remove the app that actually set this up to begin with. If not, it will just eventually get put back.
 

hopdk

Estimable
Jun 25, 2015
1
0
4,510
I worked on this problem for hours and finally found that only the IE shortcut pinned to the task bar was affected. Go to
C:\Users\%username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar then right click on the IE icon and go to Properties and remove http:\\usa-aa.s3-website-us-east-1.amazonaws.com/?grp=3 from the Target. Save the changes...problem solved. You will need to change the view on the user folder to show hidden files and folders to get to the AppData folder.
 

mh46107

Honorable
Aug 26, 2012
1
0
10,510
So i recently noticed the same thing on my computer, or close to. I did netstat -an and saw 54.83.15.146:5222. which is an ipaddress and port access for those that may not know. Anyway, then i did nslookup on 54.83.15.146 and it resolved with roughly the same as amazonaws.com. Well since i know it's communicating through port 5222, which is the XMPP or other chats that most people don't use, i just decided to close that port to cut its connection rather than figure out where it came from. I will try to scrub my PC later, but this is a good temp fix to essentially shut it off. in order to block this port in windows firewall, go to advanced settings, in both outbound and inbound rules:
1. create new rule
2. port
3. create one for both TCP and UDP in both the inbound and outbound rules for port 5222 since both UDP and TCP can use it.

Whatever that thing is, is now shut out of where ever it's attempting to go from your PC
 

deborahjbd1

Honorable
Apr 10, 2013
1
0
10,510
Malwarebytes, Adwcleaner, AVG free, and Trendmicro Housecall all miss this. I am having cloudfront, amazonaws, and akamai technologies when at google search page. Not getting it on this site so I will try the suggestion from hardnfast above.