Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: tradeadexchange

20 Oct 2015   #11
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Found some malware with Malwarebytes.




My System SpecsSystem Spec
.
20 Oct 2015   #12
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I see nothing on those list that I would have on my computers.
I would remove all of them.

That is my opinion but Jacee is our expert in Security.

I will just watch.
My System SpecsSystem Spec
20 Oct 2015   #13
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Uninstall IObit ... it may be protecting items you don't want. See this page for 'complete removal tool':
T-Tools BitRemover

After doing that, clean all that both AdwCleaner and Malwarebytes found.

Tell me if you're still being redirected.
My System SpecsSystem Spec
.

21 Oct 2015   #14
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Hallo Jacee

The problem is still there, after all my attempts to find or remove it.
Some of these suspicious lists were quarantined by malwarebytes.

But the first time I started Google Chrome it popped up again, with e second tabpage and some unwanted advertisement.

I'll have to try your T Tool recommendation however.

Pity that no-one of these anti-virus or malware scanners couldn't find that well known problem.
Spyhunter came up with a long list, but I don't trust that program, that more than once crashed the OS.
by removing vital keys. It's the same with many cleaners who claim to be safe.
Someone once said to me, the most secure way to mass up your registry may be a registry-cleaner.

Google Chrome came up with the message, that some program had changed something and recommended a reset.
Others reported that even that recommendation didn't solve the problem.

However I'm not sure, if some of these scanners did so, like Eset smart security? (homepage protection?)

It seems as if a sneaky hidden tab-page application or cookie? sometimes loads together with the main-page or the search-page.
But nothing to find in the settings nor the register with that name tradeexchange.

But I'll go on with your help.
Thank you for your replies.

Jacee

Ran the T Tool which found zero.

Quote:
After doing that, clean all that both AdwCleaner and Malwarebytes found.
Tried those already.
Malwarebytes put some of it's malicious findings as mentioned before already in quarantine.

I did a reset on Chrome and was very happy to see that all passwords and bookmarks are still there on my accounts. Also the add-ons, however switched off.
Try those also for a while in off state.
My System SpecsSystem Spec
21 Oct 2015   #15
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Nope it's still there after the reset.

But I found out that the escapekey lead me to the fake advertisement site of a local shop.
So actually activated the popup menu to redirect further. Of course another winner.

Tradeadexhange is a suspicious kind of malware, used by real advertisements as well as malicious ones.
So, if any of these ever get your email, they sent you unwanted winning fake victory's.
My System SpecsSystem Spec
21 Oct 2015   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You didn't post any of the logs .... so did you get rid of Tradeadexhange?
My System SpecsSystem Spec
22 Oct 2015   #17
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

I did have numerous logs.
However none of them mentioned that malware.
It's impossible to copy the links that Spyhunter found.
Since I didn't buy that crap.

No I'm still not rid of that malware, but I don't use Google Crome anymore, unless I use that wireless addon to my tv. Chromecast
I reported the case also to the Google-team but no solution was found yet.
Numerous others also reported the same issue.
Chrome seems to be more vulnerable but the trojan could effect any browser.
Software suppliers made a lot of propaganda to sell their "easy solution" but no-one worked.

With Hitman Pro, which is nothing more than a pack of otherwise known scanners, is a risk to your OS.
Especially Spyhunter would delete dozens of "illegal extensions" which will ruin your register, since many of them are vital.

Yesterday I switched back to a recent restore and deleted soms useless scanners or software.
See if I still can find the logs I stored.
Is there a way to block that redirecting from specific websites?
I tried one, but it didn't work. Only homepage protection.

The problem is and maybe I can copy such a link? is that tradeadexchange.com is integrated into a Google link.
So it won't be easy to filter a link, because it contains a double one.
Any link will be unique with other malware or fake winnings.
I added a rule to the Host file, but it didn't help for obvious reasons.

I Installed Spywareblaster, see what is does?
But Tradeadexchange.com is not in the blocklist, you can't edit the list, only unselect some protections.

I have no options at the moment.

Is it possible to log the event?
I mean the moment of freezing?
If I have to kill Google Chrome, the info is gone.
Only the cookie would be there, or the history.

Thanks for the reply.
My System SpecsSystem Spec
22 Oct 2015   #18
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

This is what Hitmanpro found
Just some downloaders.

HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> PendingDelete
HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> Deleted
HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
HKU\S-1-5-21-4182600377-2336131417-2761949497-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> PendingDelete


*One reason why I didn't trust Spyhunter, was that endless list of presumed threats.
Wondered why so many other well known scanners wouldn't mention such supposed threats?

Some mention Wow6432Node as threat.
But it is for what I know an indication to a 64 bit system?
My System SpecsSystem Spec
22 Oct 2015   #19
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Jacee as I stated before is the expert but I'm not understanding this from your post #17.

Please explain. What is a "illegal extensions" ?

Quote:
Especially Spyhunter would delete dozens of "illegal extensions" which will ruin your register, since many of them are vital.
My System SpecsSystem Spec
22 Oct 2015   #20
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Oh that'what you'll see in the root directory of the register. File-extensions
.so and so
If the other scanners didn't report them, why should Spyhunter than do this?
There are so many of them (maybe hundreds) and you won't even know which program they are related to.
So if the scanner is not familiar to certain extensions, it claims them as a threat.
But what I do know is that every time you delete them all, your system will be screwed up.

Others are only cookies, which I always effectively delete with CC
My System SpecsSystem Spec
Reply

 tradeadexchange




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"TradeAdExchange" Pop Up Tab in Chrome
I use Chrome for pretty much all my web browsing on my desktop, and I've been through moments where I've had adware type extensions install themselves silently through my browsing. I know to uninstall the extension from Chrome settings and to delete the folder from Chrome's directory, but this one...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:53.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App