Malware Redirection

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• FRST.txt
• Addition.txt

 

Go head and attach both reports to your reply.

 

You are quite welcome.

Firefox is being shown as your default browser. Is the redirect occurring with this browser and have you tried other browsers?

Please consider and do these things.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

1. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
2. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
3. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
4. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Malwarebytes AdwCleaner

-------------------

• Please download AdwCleaner and save it to your Desktop
• Close all open programs and browsers
• Right click on the icon and select Run as administrator
• Click Scan now
• Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
• When completed click View Scan Log File
• Copy and paste the contents in your reply
• Click Skip Basic Repair if it appears then close the program

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

• Please download the attached file and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
• Right click on FRST and select Run as administrator
• Click Fix and once completed your computer will reboot
• The tool will create a log on the desktop called Fixlog.txt
• Copy and paste the contents of the report in your reply. If it is too large please attach it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Which Browser?
• AdwCleaner report
• Fixlog

 

I am not sure how to Edit a post, although the full telephone number is not listed. You might want to hit Report and explain it.

It is possible the web browser Sync functions are reintroducing the redirect. Are you being redirected when using a browser on your phone or just your computer?

Please do this.

===================================================

Checking Chrome Sync Status

--------------------

• Launch Chrome web browser
• Type chrome://settings/syncSetup in the address bar and hit Enter
• Report whether the page says Turn on sync... or Turn off

===================================================

Checking Firefox Sync Status

--------------------

• Launch Firefox
  
• Click Tools, Settings, then Sync
• Report whether the setting indicates Sign in or Sign out

===================================================

Things I would like to see in your next reply. :thumbsup2:

• Redirect on phone?
• Sync status for Chrome and Firefox

 

Thank you for the information.

If I may explain what we are possibly facing.

Sometimes repeated redirects despite corrective action is due to a compromised modem or router. This is a less common cause but a possibility. If your phone is accessing the Internet through the same network router as your computer let me know.

Web browser sync functions can be good and bad. It seemlessly mirrors your browser settings across devices so that your experience is the same no matter which device you are using, i.e. computer or phone. A problem can arise if there is malware or a corruption in the synced data. You can clean something bad from your browser on a computer but when that device syncs with the cloud the unwanted entry will be injeted right back into the browser settings. It is necessaary to break this cycle and when multiple devices are involved the cleaning process needs to be repeated on all affected devices. We are going to first deal with Chrome to see if this is what we are facing.

===================================================

Exporting Google Chrome Bookmarks

--------------------

• Launch Chrome
• Type chrome://bookmarks in the address bar and hit Enter
• Click on the 3 dots to the right of Search bookmarks and select Export bookmarks
• Save the file onto your Desktop using the default information

===================================================

Removing Chrome Extensions and Resetting Chrome Sync

--------------------

• Launch Chrome
• Type chrome://settings/syncSetup in the address bar and hit Enter
• Next to your user name select Turn off and confirm the action
• In the address bar type chrome://settings and press Enter
• On the left side select Reset settings
• Select Restore settings to their original defaults
• Uncheck Help make Google Chrome better by reporting the current settings if you don't want to provide that information
• Click Reset settings
• Click on https://chrome.google.com/sync
• If necessary sign into Google account login screen
• Click Continue on the bottom of the page
• On the Chrome data in your account screen scroll down to the bottom of the page and select CLEAR DATA then OK to confirm the action
• In a new Chrome tab type chrome://settings/syncSetup in the address bar and hit Enter
• Click Turn on sync...
• Select Yes, I'm in
• Once the Sync has completed check your browser performance
• Note: This process will have to be repeated on any other device syncing to Google Chrome

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Export Bookmarks?
• Chrome Data cleared?
• Update on Chrome behavior

 

We will wait on Firefox with both your computer and phone until we have finished working on Chrome. Just be sure to not use Chrome on your phone or other devices until we figure out what is happening with that browser on your computer.

 

You can use Firefox while we test things with Chrome.

We want to hold off on using Chrome on any other devices except your computer while we complete the steps I posted. If, after completing those steps, Chrome works as it should on the computer (no redirects) then we know we need to do the same thing with whatever other devices sync your Chrome settings.

Our plan:

Isolate the use of Chrome to only your computer pending the outcome of our testing
Complete the steps I posted
If redirects don't stop we continue investigating
If redirects stop, we have identified the problem as being related to the Sync function
Whatever non-computer devices also Sync Chrome to the cloud we will need to reset those browsers as well

 

We are not working on your phone but rather your computer. Did you complete the steps on your computer?

 

Greetings.

At the end of my instructions I post what information you can provide that will help determine what may come next.

Before we address any other devices I need to know whether or not those steps resolved the redirect on the computer. What we do next depends on what happens with the computer.

 

What web site were you being redirected to? Did the redirect happen when you tried to go to one particular web site or did it occur with different web sites your were trying to go to?

Do you have an Android or Apple phone?

I am ending for the evening but please do this.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

• Please download the attached file and save it in the same location as FRST.exe <<< Important
• Right click on FRST and select Run as administrator
• Click Fix and once completed your computer will reboot
• The tool will create a log on the desktop called Fixlog.txt
• Copy and paste the contents of the report in your reply. If it is too large please attach it.
• Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
• Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Web site you were redirected to
• Android or Apple phone?
• Fixlog

 

Thank you for the information you sent via Personal Message.

It would be helpful if we slowed down just a bit and simply focused on your computer. Trying to address this on multiple fronts all at once makes things more difficult and confusing. For instance, unless you look very closely at the message you would think this is a new notification when in fact it appears to be a repeat of an old detection.

We are at a bit of a disadvantage because this is a sporadic redirection. It might be best to Refresh Firefox on your computer then put our efforts on hold to monitor things. If this is agreeable please complete the below.

===================================================

Refreshing Firefox

--------------------

• Please review this information to understand what refreshing Firefox will do
• Close any open Firefox windows
• Hold down the Shift Key and start Firefox
• In the pop up screen select Refresh Firefox
• Click Refresh Firefox
• Confirm the Refresh
• Firefox will close
• Click Finish on the information window and Firefox will restart
• Monitor for Firefox redirects

Let me know your thoughts.

 

Are these 2 separate issues, the redirect and phone notification?

Have you recently renewed your contract with Singtel?

 

Yes, I found this is a known issue and although it is an older concern I did not come across a resolution. The suggestion was to check the Mobile Internet Filter settings. Have you checked those settings or contacted Singtel?

Did the redirects start only after you renewed your contract?

 

Greetings.

It is possible the issue is related directly to the original web address you are navigating to rather than your computer/phone.

Currently the web address you are using ends in .li Please change it to either .gs or .lc and see if the redirects stop.

 

I'm not really equipped to address the phone. My only purpose in addressing it at all was to see if it would help resolve the Internet issue.

It looks like we will just have to give the computer time to see if the redirect occurs using the alternate web addresses.

 

I don't think it is a virus. I think it is related to a redirect initiated by the web site you are accessing.

 

No, this issue appears to be independent of your browser.

What you have been facing with both Singtel and Libgin are known issues that others have experienced. Others have reported changing the web site address as I previously suggested resolved the redirects. In other words it was the web address that was the problem (redirecting traffic) and not anything in the user's browser settings.

The way for us to troubleshoot is to use the alternate web addresses I suggested and see what happens.

 

Sometimes these issues are like muddy waters. It is difficult to see clearly and we have to feel our way around a bit. If the computer you are using continues to experience redirects then the next step would be to completely uninstall your browsers in a very thorough way (beyond the normal uninstall) to ensure we start from scratch. It is an intrusive process I am happy to start on but may not be a warranted step.

 

The only direction I saw was to check the Mobile Internet Filter settings but you said you have already done that.

 

See this thread, even though it is old.

One suggestion was to remove the Filter. It might be beneficial to contact Singtel directly.

 

If it is that the web site you are visiting has been compromised, the instructions on where to redirect you to are contained within that web site, not your computer. Browser redirects can be used so that certain web sites get a lot of hits and because of that the site you are being directed to receives greater exposure and/or gains financially because of the increased activity.