New
#11
Found some malware with Malwarebytes.
Found some malware with Malwarebytes.
I see nothing on those list that I would have on my computers.
I would remove all of them.
That is my opinion but Jacee is our expert in Security.
I will just watch.
Uninstall IObit ... it may be protecting items you don't want. See this page for 'complete removal tool':
T-Tools BitRemover
After doing that, clean all that both AdwCleaner and Malwarebytes found.
Tell me if you're still being redirected.
Hallo Jacee
The problem is still there, after all my attempts to find or remove it.
Some of these suspicious lists were quarantined by malwarebytes.
But the first time I started Google Chrome it popped up again, with e second tabpage and some unwanted advertisement.
I'll have to try your T Tool recommendation however.
Pity that no-one of these anti-virus or malware scanners couldn't find that well known problem.
Spyhunter came up with a long list, but I don't trust that program, that more than once crashed the OS.
by removing vital keys. It's the same with many cleaners who claim to be safe.
Someone once said to me, the most secure way to mass up your registry may be a registry-cleaner.
Google Chrome came up with the message, that some program had changed something and recommended a reset.
Others reported that even that recommendation didn't solve the problem.
However I'm not sure, if some of these scanners did so, like Eset smart security? (homepage protection?)
It seems as if a sneaky hidden tab-page application or cookie? sometimes loads together with the main-page or the search-page.
But nothing to find in the settings nor the register with that name tradeexchange.
But I'll go on with your help.
Thank you for your replies.
Jacee
Ran the T Tool which found zero.
Tried those already.After doing that, clean all that both AdwCleaner and Malwarebytes found.
Malwarebytes put some of it's malicious findings as mentioned before already in quarantine.
I did a reset on Chrome and was very happy to see that all passwords and bookmarks are still there on my accounts. Also the add-ons, however switched off.
Try those also for a while in off state.
Last edited by Bernardus; 21 Oct 2015 at 03:38.
Nope it's still there after the reset.
But I found out that the escapekey lead me to the fake advertisement site of a local shop.
So actually activated the popup menu to redirect further. Of course another winner.
Tradeadexhange is a suspicious kind of malware, used by real advertisements as well as malicious ones.
So, if any of these ever get your email, they sent you unwanted winning fake victory's.
I did have numerous logs.
However none of them mentioned that malware.
It's impossible to copy the links that Spyhunter found.
Since I didn't buy that crap.
No I'm still not rid of that malware, but I don't use Google Crome anymore, unless I use that wireless addon to my tv. Chromecast
I reported the case also to the Google-team but no solution was found yet.
Numerous others also reported the same issue.
Chrome seems to be more vulnerable but the trojan could effect any browser.
Software suppliers made a lot of propaganda to sell their "easy solution" but no-one worked.
With Hitman Pro, which is nothing more than a pack of otherwise known scanners, is a risk to your OS.
Especially Spyhunter would delete dozens of "illegal extensions" which will ruin your register, since many of them are vital.
Yesterday I switched back to a recent restore and deleted soms useless scanners or software.
See if I still can find the logs I stored.
Is there a way to block that redirecting from specific websites?
I tried one, but it didn't work. Only homepage protection.
The problem is and maybe I can copy such a link? is that tradeadexchange.com is integrated into a Google link.
So it won't be easy to filter a link, because it contains a double one.
Any link will be unique with other malware or fake winnings.
I added a rule to the Host file, but it didn't help for obvious reasons.
I Installed Spywareblaster, see what is does?
But Tradeadexchange.com is not in the blocklist, you can't edit the list, only unselect some protections.
I have no options at the moment.
Is it possible to log the event?
I mean the moment of freezing?
If I have to kill Google Chrome, the info is gone.
Only the cookie would be there, or the history.
Thanks for the reply.
This is what Hitmanpro found
Just some downloaders.
HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}\ (OpenDownloadManager) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> PendingDelete
HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> Deleted
HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
HKU\S-1-5-21-4182600377-2336131417-2761949497-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> PendingDelete
*One reason why I didn't trust Spyhunter, was that endless list of presumed threats.
Wondered why so many other well known scanners wouldn't mention such supposed threats?
Some mention Wow6432Node as threat.
But it is for what I know an indication to a 64 bit system?
Jacee as I stated before is the expert but I'm not understanding this from your post #17.
Please explain. What is a "illegal extensions" ?
Especially Spyhunter would delete dozens of "illegal extensions" which will ruin your register, since many of them are vital.
Oh that'what you'll see in the root directory of the register. File-extensions
.so and so
If the other scanners didn't report them, why should Spyhunter than do this?
There are so many of them (maybe hundreds) and you won't even know which program they are related to.
So if the scanner is not familiar to certain extensions, it claims them as a threat.
But what I do know is that every time you delete them all, your system will be screwed up.
Others are only cookies, which I always effectively delete with CC