Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: tradeadexchange

19 Oct 2015   #1
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 
tradeadexchange

Yesterday an unwanted redirect page showed up in Chrome, with a nasty pop-up window to eventually close it if you wanted so.
You couldn't continue Google Chrome without clicking on it.
Of course I didn't.
I opened Taskmanager and shot down Chromium.

The page was related to the malicious (virus?) XXX.tradeadexchange.com
Warning! don't try that address ever. That's why I put in XXX.
Searching my whole PC for any link or register-key didn't help.
Deleted cookies (one indeed contained that link) with CC
It didn't reappear (yet) but it's a nasty dangerous trojan if you get infected.
It could effect all browsers. (Hijacking)
Scanning on malware didn't help.
So I added a rule in the Host file to block it.
Also I added a filter rule in Ublock.
It may help to uncheck the option of allowing less annoying adds in ABP Adblock plus./options
However XXX.tradeadexchange.com won't be mentioned in their "allowed" list.

Seems that EMET from Microsoft (free) could block it, or malware bytes anti-exploit kit?
Don't use Hitman pro, it may ruin your OS register by deleting vital keys.
YAK is also suspicious.

Anyone suggestions?


My System SpecsSystem Spec
.
19 Oct 2015   #2
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Found out that my Waterfox was unwantingly reset.
All bookmarks, plugins, add-ons, cookies, templates were deleted.
So I restored from a backup. It's running again, hopefully without that nasty malware.
My System SpecsSystem Spec
19 Oct 2015   #3
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Here is a scanner I use to double or triple check for bad things. It's free but does take some time to run.

ESET Free Online Scanner :: Complete Malware Detection :: ESET
My System SpecsSystem Spec
.

19 Oct 2015   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
19 Oct 2015   #5
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Hi Jacee.
You know all the good security sites.
I use Malwarebytes, MSE, SAS, Adwcleaner, Eset online scan but I have never used Zemana AntiMalware.

Would you suggest using Zemana also?
Will it interfere with my other security programs?
My System SpecsSystem Spec
19 Oct 2015   #6
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

I clicked on this site with Chrome and immediately was confronted with a pornlink redirection new tabpage?
Code:
http://www.trackpremium.eu/landers/nl/page13/?s=212807908
So I will try your suggestions tomorrow.
Alas my backup didn't solve the problem with tradeexchange.
Spyhunter didn't found it either. Freeware scan, but no indication or free removal off course.

And yes tradeexchange.com was again as cookie installed.

Thank you for your reply
My System SpecsSystem Spec
19 Oct 2015   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

@ Bernardus, you have "adware". Your browsers have been 'hiJacked' with a naughty 'ad-on' redirect.

@ Jack (LbB) I've never used Zemana Antimalware, so I can't tell you anything about it.

I just wanted to alert Bernardus to the 'Trojan adware' that he's got on his computer and what it does.
My System SpecsSystem Spec
20 Oct 2015   #8
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Thanks for your reply Jacee
It's not only "naughty", I got some phishing mail too, as having won something from the local super.
But the source came from an obscure address somewhere in the states.
I'm using Mailwasher so I safely deleted it.
Of course it was that same tradeexchange b*sta*rd.

I have a clue, it may be related to tinypic.
That's nowadays filled with al kinds of nasty popups and adds.
Although I'm using ABP and UBlock to supress them.
Tradeexchange seems to have infected Chrome only until now.

I tried one of the suggested scanner-programs, which found a handful of non risk register links.
So I decided to delete them, backed them up also, with the result that the PC never completed his restart and was hanging in "Windows is starting" display endless.
I couldn't restore my latest backup also with a rescue disk cause my second drive must be analysed by Acronis?
I terminated that nonsense.
Finally disconnected my second HD and succeeded with an somewhat older backup.
Just wait and see if the older restored backup is free of that trojan.
There was no problem at all with the relative new second HD according to Windows check drive.
My System SpecsSystem Spec
20 Oct 2015   #9
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Tried Adwarecleaner as suggested.
It found a long loglist of suspicious reg Links and further unwanted files and software.
Indeed most of it related to Google Chrome.
Let is run the repair with crossed fingers.
At least the OS started again. See what the results will be?
Even Acronis resque disc program started without any problems.
So I have options enough to choose another backup.
My System SpecsSystem Spec
20 Oct 2015   #10
Bernardus

Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Well it's still there and indeed related to Google Chrome.
Adware cleaner was not successful in removing it.

It now redirected a new tab to a gaming site.
I never run games.
Code:
http://passport.game321.com/api/lp/angels/N/lp21.php
I'm going to try ESET online.

Funny because the backup I restored never showed that malware before.

Some keys have not been deleted

Sleutel Niet Verwijderd : [x64] HKCU\Software\Bitberry Software
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Bitberry
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Conduit
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Escolade
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\GoforFiles
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\ParetoLogic
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\powerpack
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Search Settings
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Softonic
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Video Player
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\IObit Apps
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\cain
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\PRODUCTSETUP
[!] Sleutel Niet Verwijderd : [x64] HKCU\Software\WEBAPP
[!] Sleutel Niet Verwijderd : HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\AppDataLow\Software\Search Settings
[!] Sleutel Niet Verwijderd : HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\AppDataLow\Software\IObit Apps

Found also this
My System SpecsSystem Spec
Reply

 tradeadexchange




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"TradeAdExchange" Pop Up Tab in Chrome
I use Chrome for pretty much all my web browsing on my desktop, and I've been through moments where I've had adware type extensions install themselves silently through my browsing. I know to uninstall the extension from Chrome settings and to delete the folder from Chrome's directory, but this one...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App