tradeadexchange

Page 2 of 5 FirstFirst 1234 ... LastLast

  1. Bernardus
    Posts : 282
    Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       New #11

    Found some malware with Malwarebytes.

      My Computer
    Quote Quote

  3. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #12

    I see nothing on those list that I would have on my computers.
    I would remove all of them.

    That is my opinion but Jacee is our expert in Security.

    I will just watch.
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #13

    Uninstall IObit ... it may be protecting items you don't want. See this page for 'complete removal tool':
    T-Tools BitRemover

    After doing that, clean all that both AdwCleaner and Malwarebytes found.

    Tell me if you're still being redirected.
      My Computer
    Quote Quote

  6. Bernardus
    Posts : 282
    Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       New #14

    Hallo Jacee

    The problem is still there, after all my attempts to find or remove it.
    Some of these suspicious lists were quarantined by malwarebytes.

    But the first time I started Google Chrome it popped up again, with e second tabpage and some unwanted advertisement.

    I'll have to try your T Tool recommendation however.

    Pity that no-one of these anti-virus or malware scanners couldn't find that well known problem.
    Spyhunter came up with a long list, but I don't trust that program, that more than once crashed the OS.
    by removing vital keys. It's the same with many cleaners who claim to be safe.
    Someone once said to me, the most secure way to mass up your registry may be a registry-cleaner.

    Google Chrome came up with the message, that some program had changed something and recommended a reset.
    Others reported that even that recommendation didn't solve the problem.

    However I'm not sure, if some of these scanners did so, like Eset smart security? (homepage protection?)

    It seems as if a sneaky hidden tab-page application or cookie? sometimes loads together with the main-page or the search-page.
    But nothing to find in the settings nor the register with that name tradeexchange.

    But I'll go on with your help.
    Thank you for your replies.

    Jacee

    Ran the T Tool which found zero.

    After doing that, clean all that both AdwCleaner and Malwarebytes found.
    Tried those already.
    Malwarebytes put some of it's malicious findings as mentioned before already in quarantine.

    I did a reset on Chrome and was very happy to see that all passwords and bookmarks are still there on my accounts. Also the add-ons, however switched off.
    Try those also for a while in off state.
    Last edited by Bernardus; 21 Oct 2015 at 03:38.
      My Computer
    Quote Quote

  7. Bernardus
    Posts : 282
    Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       New #15

    Nope it's still there after the reset.

    But I found out that the escapekey lead me to the fake advertisement site of a local shop.
    So actually activated the popup menu to redirect further. Of course another winner.

    Tradeadexhange is a suspicious kind of malware, used by real advertisements as well as malicious ones.
    So, if any of these ever get your email, they sent you unwanted winning fake victory's.
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #16

    You didn't post any of the logs .... so did you get rid of Tradeadexhange?
      My Computer
    Quote Quote

  10. Bernardus
    Posts : 282
    Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       New #17

    I did have numerous logs.
    However none of them mentioned that malware.
    It's impossible to copy the links that Spyhunter found.
    Since I didn't buy that crap.

    No I'm still not rid of that malware, but I don't use Google Crome anymore, unless I use that wireless addon to my tv. Chromecast
    I reported the case also to the Google-team but no solution was found yet.
    Numerous others also reported the same issue.
    Chrome seems to be more vulnerable but the trojan could effect any browser.
    Software suppliers made a lot of propaganda to sell their "easy solution" but no-one worked.

    With Hitman Pro, which is nothing more than a pack of otherwise known scanners, is a risk to your OS.
    Especially Spyhunter would delete dozens of "illegal extensions" which will ruin your register, since many of them are vital.

    Yesterday I switched back to a recent restore and deleted soms useless scanners or software.
    See if I still can find the logs I stored.
    Is there a way to block that redirecting from specific websites?
    I tried one, but it didn't work. Only homepage protection.

    The problem is and maybe I can copy such a link? is that tradeadexchange.com is integrated into a Google link.
    So it won't be easy to filter a link, because it contains a double one.
    Any link will be unique with other malware or fake winnings.
    I added a rule to the Host file, but it didn't help for obvious reasons.

    I Installed Spywareblaster, see what is does?
    But Tradeadexchange.com is not in the blocklist, you can't edit the list, only unselect some protections.

    I have no options at the moment.

    Is it possible to log the event?
    I mean the moment of freezing?
    If I have to kill Google Chrome, the info is gone.
    Only the cookie would be there, or the history.

    Thanks for the reply.
      My Computer
    Quote Quote

  11. Bernardus
    Posts : 282
    Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       New #18

    This is what Hitmanpro found
    Just some downloaders.

    HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}\ (OpenDownloadManager) -> Deleted
    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
    HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> PendingDelete
    HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> Deleted
    HKU\S-1-5-21-4182600377-2336131417-2761949497-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
    HKU\S-1-5-21-4182600377-2336131417-2761949497-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> PendingDelete


    *One reason why I didn't trust Spyhunter, was that endless list of presumed threats.
    Wondered why so many other well known scanners wouldn't mention such supposed threats?

    Some mention Wow6432Node as threat.
    But it is for what I know an indication to a 64 bit system?
      My Computer
    Quote Quote

  12. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #19

    Jacee as I stated before is the expert but I'm not understanding this from your post #17.

    Please explain. What is a "illegal extensions" ?

    Especially Spyhunter would delete dozens of "illegal extensions" which will ruin your register, since many of them are vital.
      My Computer
    Quote Quote

  13. Bernardus
    Posts : 282
    Microsoft Windows 7 Ultimate 64-bits 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       New #20

    Oh that'what you'll see in the root directory of the register. File-extensions
    .so and so
    If the other scanners didn't report them, why should Spyhunter than do this?
    There are so many of them (maybe hundreds) and you won't even know which program they are related to.
    So if the scanner is not familiar to certain extensions, it claims them as a threat.
    But what I do know is that every time you delete them all, your system will be screwed up.

    Others are only cookies, which I always effectively delete with CC
      My Computer
    Quote Quote

 
Page 2 of 5 FirstFirst 1234 ... LastLast

  Related Discussions
I use Chrome for pretty much all my web browsing on my desktop, and I've been through moments where I've had adware type extensions install themselves silently through my browsing. I know to uninstall the extension from Chrome settings and to delete the folder from Chrome's directory, but this one...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:37.
Find Us