Some kind of malware redirecting me to a website.

sogeking90

Member
Member
Messages
23
I've done a full Malwarebytes scan and it is fully updated. This is the site I get redirected to:

** REMOVED ** May be dangerous to click!

I'm using Chrome. I am seeing a dos window open, I only see it for a second but it seems to say something like "dinoraptorz"
 
Last edited by a moderator:

My Computer

System One

  • OS
    Windows 8
Hey mate,

understand you are being redirected to a bad site... no need to post it here, in case someone accidentally clicks on it.

Try going to chrome's settings (and also change IE's options as well!) and change your homepage to something else. Additionally, find an antivirus scanner if you don't have one yet, and use that in addition to malwarebytes. Use full scans, not the quick scans. These will take quite a bit longer. Let me know how it goes.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7-3820 CPU OC @ 3.80GHz
    Motherboard
    Gigabyte G1.Assassin2
    Memory
    Corsair Dominator 16GB Quad Channel DDR3
    Graphics Card(s)
    Nvidia by EVGA - GeForce GTX 670 4GB
    Sound Card
    On board Creative SB X-Fi
    Monitor(s) Displays
    acer 24" H243H
    Screen Resolution
    1920 X 1080
    Hard Drives
    Main 500GB Hybrid Drive @ 7,200RPM
    Secondary OCZ SSD Vertex 3 Max IOPS
    PSU
    Silent Pro 1000w gold 80+
    Case
    Azza Hurrican 2000
    Cooling
    Liquid CPU cooler & fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Tek Republic Wired Laser Mouse
    Internet Speed
    5ms Ping 5.15Mb/s Download .64Mb/s Upload
    Browser
    Internet Explorer
    Antivirus
    Defender, Malwarebytes
Also look in your uninstall software in control panel, my wife had the same problem and Malwarebytes or any AV did not find a piece of software in which got install that kept changing the browsers home page. Best of luck to you.
 

My Computer

System One

  • OS
    Windows 8.1 Pro 64 Bit
    Computer type
    Laptop
    System Manufacturer/Model
    Sager NP2740
    CPU
    Intel Core i7 4702HQ 2.2 GHz
    Motherboard
    W740SU
    Memory
    8 GB 1600 MHz
    Graphics Card(s)
    Intel Iris Pro 5200
    Sound Card
    High Defenition Audio
    Monitor(s) Displays
    IPS Display
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 840 EVO 250 GB mSATA
    Internet Speed
    60 Mbps cable, NETGEAR Night Hawk AC1900
    Browser
    Firefox 38.0.5
    Antivirus
    Windows Defender & Malwarebytes Pro
^ examples are toolbars, such as Babylon, or even trusted ones like google. Recommend anything toolbar-related be uninstalled. Security program add-ons aren't so bad, if you are the one to install the add-on* as part of your website security in browsers, and, once again, it isn't a toolbar ;)

*Avast! comes to mind when I describe a security program-related add-on.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7-3820 CPU OC @ 3.80GHz
    Motherboard
    Gigabyte G1.Assassin2
    Memory
    Corsair Dominator 16GB Quad Channel DDR3
    Graphics Card(s)
    Nvidia by EVGA - GeForce GTX 670 4GB
    Sound Card
    On board Creative SB X-Fi
    Monitor(s) Displays
    acer 24" H243H
    Screen Resolution
    1920 X 1080
    Hard Drives
    Main 500GB Hybrid Drive @ 7,200RPM
    Secondary OCZ SSD Vertex 3 Max IOPS
    PSU
    Silent Pro 1000w gold 80+
    Case
    Azza Hurrican 2000
    Cooling
    Liquid CPU cooler & fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Tek Republic Wired Laser Mouse
    Internet Speed
    5ms Ping 5.15Mb/s Download .64Mb/s Upload
    Browser
    Internet Explorer
    Antivirus
    Defender, Malwarebytes
Sorry, it is not changing my homepage. I'll just be browsing the web and a DOS window will pop up for a second and that website opens on my browser.

I just finished a full scan on Windows Defender. 3983231 items scanned, 0 threats.
 

My Computer

System One

  • OS
    Windows 8
Is there a way to reset chrome like there is in IE? If so, try it. Additionally, does IE have this problem?

And you've changed the homepage in chrome to something you want?
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7-3820 CPU OC @ 3.80GHz
    Motherboard
    Gigabyte G1.Assassin2
    Memory
    Corsair Dominator 16GB Quad Channel DDR3
    Graphics Card(s)
    Nvidia by EVGA - GeForce GTX 670 4GB
    Sound Card
    On board Creative SB X-Fi
    Monitor(s) Displays
    acer 24" H243H
    Screen Resolution
    1920 X 1080
    Hard Drives
    Main 500GB Hybrid Drive @ 7,200RPM
    Secondary OCZ SSD Vertex 3 Max IOPS
    PSU
    Silent Pro 1000w gold 80+
    Case
    Azza Hurrican 2000
    Cooling
    Liquid CPU cooler & fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Tek Republic Wired Laser Mouse
    Internet Speed
    5ms Ping 5.15Mb/s Download .64Mb/s Upload
    Browser
    Internet Explorer
    Antivirus
    Defender, Malwarebytes
Does the DOS window still pop up ?

Recommend a scan with Kaspersky free online scanner. Kaspersky Security Scan | Free Virus Scanner | Kaspersky Lab US


Uninstall and reinstall Chrome. You can choose to save your settings, not sure I would. Also, check instructions to insure you are setting your home page correctly.
 

My Computer

System One

  • OS
    Win 8.1 64bit
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Intel i3, 2348
    Memory
    4GB
    Graphics Card(s)
    Intel HD3000
Hmm I looked on startup programs. There is something called 'CLIstart' I searched it and apparently people with ATI cards have it, but I have a Nvidia card. Suspicious?
 

My Computer

System One

  • OS
    Windows 8
What is the path to the file?

If you aren't using it, Ccleaner gives a nice interface to starup entries and makes it easy to disable and delete entries. If you disable the entry does it stay disabled and does it resolve your issue?
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
That happened to me too, i got it fixed.

Save this autorun.exe on your desktop Autoruns for Windows

◾Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
◾Open the folder and double-click on autoruns.exe to launch it.
Vista/Windows 7/8 users right-click and select Run As Administrator.
◾Please be patient as it scans and populates the entries.
◾When finished scanning, it will say Ready at the bottom and list all entries under the Everything tab.
◾In the top menu, click File > Find... and type the file name of the startup you want to remove, then click Find Next.
◾Alternatively, you can scroll through the list and look for any entry related to the file you need to remove.
◾If found, right-click on the entry and choose delete.
◾Exit Autoruns and reboot your computer when done

or can try also to fix-it on hijackthis this run key O4 - HKLM\..\Run: [Babakan] cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20131027 (exit) else (start GameRoover - && exit)
 

My Computer

System One

  • OS
    Windows Vista
Honestly if you have malware which isn't detected or hard to remove I would do a full reinstall of the OS. This might seem a bit too much but you never know if something isn't left even after a 3rd party software "cleaning". Once infected, other malware tend to pop-up and many silently (such as keyloggers that record your passwords). Especially in your case since it doesn't seem to be a simple homepage hijack, there's definitely something launched via cmd.
After your reinstall use a disk imaging application to take a snapshot of your clean OS (save it to a safe location like a usb stick or external drive) and use it whenever there's a problem (takes minutes instead of a lengthy full installation).
 

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop
Back
Top