Windows 10: Suspicious website popping up in new tab when Chrome starts

Recently, I've been getting an odd page opening up when I start up Chrome after rebooting or being on standby.

Code: Redirect I searched into it and all I could find was pages about UnHackMe, which I ran and it found nothing.

What IS this thing, and how do I get rid of it?

:)

 

Pop-up will not close in Google Chrome

Received a pop-up from page at set-windowz-pc-error.info, regarding Suspicious Activity on my computer. Instructed to call 1-717-428-7136 to contact a Microsoft Technician. Can't close this pop-up! Can't access other tabs on Google Chrome. I am running
Windows 10 (64 bit) on HP computer. HOW DO I GET RID OF THIS POP-UP !!! Avast and Malware Bytes did not detect anything.

 

chrome "critical" update ?

I use chrome & yahoo.com. I keep getting a pop up that says it is a critical chrome update. Is this legit? I am afraid to click on it. I am suspicious

 

Out of curiosity I opened the link on my osMac MacBook Pro in Firefox and got a screen plus a recording saying my Mac is infected. It closed easily. I'd check Chrome's setting for the Home page to assure only the one wanted is all that's shown.

 

For me, it just shows a blank page. No audio. I'm guessing Adguard is keeping it from loading. Wonder why it's even allowing the tab to open in the first place?

I would think ESET would keep it from loading at all, or at least show that red "blocked link" page.

 

GuyInDogSuit,

Please download Malwarebytes Anti-Malware:
Malwarebytes | Malwarebytes 3.0 Premium 14-day Free Trial
Right-click on the MBAM icon and select: Run as Administrator
Click Yes to accept any security warnings that appear.


At the MBAM console, on the right pane, under the Scan Status, click: Current (it updates the tool)
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under Scan Options, turn on the button: Scan for rootkits

Click the Scan tab on the right pane, select Threat Scan and click: Start Scan


Note: The scan may take some time to finish, so please be patient.


If potential threats are detected, ensure to check all the listed items, and click: Quarantine Selected

While still on the Scan tab, click the View Report button
In the window that opens click: Export
Select: Text file (*.txt), and save the log to the Desktop.

The log is also viewed by clicking on it, then clicking the View Report button.
Please attach or post the log for review.
Note: If asked to restart the computer, please do so.


Also, please download AdwCleaner:
Malwarebytes | AdwCleaner
Download to your Desktop.

Double click on AdwCleaner.exe to run the tool.


Click the Scan button and wait for the process to complete.


When the can finishes and presents its results, if you see any program that you wish to keep, remove the check from it. Otherwise, once the Clean button is pressed, all checked items listed on the report are removed.


A log file is automatically opened after the scan finishes.
It is found at C:\AdwCleanerCx.txt (x is a number).
Please attach or post the content of the AdwCleaner report.

 

Try Adware Removal Tool, Go here, download and run the client

It will find any suspect objects, hit the CLEAN button

 

Damn it, I had the logs pasted here but Adware Removal Tool shut down Chrome and I lost them. They didn't find anything.

 

GuyInDogSuit,

Let's give this a whirl...

Please use the Farbar Recovery Scan Tool Download
Save FRST to your Desktop.

[Note: You need to run the version compatible with your system: 32 bit or 64 bit]

Double-click FRST to run it.
When the tool opens click Yes to the disclaimer.
Next, press the Scan button.

When done, the tool makes a log (FRST.txt) on the Desktop.

The first time the tool is run, it makes another log: (Addition.txt).

Please attach both reports to your reply.

 

Here's the results.
I'm going to see about purchasing MBAM in the future, seeing as how the trial runs out after 2 weeks.

 

GuyInDogSuit,

Before proceeding, any reason why System Restore is disabled?

 

I don't know. It wasn't ever enabled in the first place.

 

GuyInDogSuit,

System Restore (SR) is disabled by default on Windows 10. The Operating System does have Reset/Refresh this PC features which reinstall Windows 10, keeping files and most programs installed. However, IMO, System Restore is a useful tool when it comes to recovering from certain circumstances, and it appears you have the space for it.

Please take action to enable SR before running the FRST fixlist that follows.

To enable SR:
On the Desktop, in the Search here area of the TaskBar, type: System Restore
Press: Enter

When Create a Restore Point is displayed, click on it.
In System Properties > System Protection tab > Protection Settings, Protection is Off for Windows (C*Smile (System)
To change this, click: Configure
Tick: Turn on system protection

Below, drag the slider to a reasonable amount of space.
The larger, the more Restore Points, and the further back in time it can go.
(Example, for a drive larger than 250GB, would recommend at least 10GB of space.)

Click: Apply
Click: Create
Give the new Restore Point a name.
Wait for Windows to create the RP, and click: OK


Next, please do the following:
Press the Windows and R keys at the same time.
This opens the Run box.
Type Notepad and click OK.
Next, please copy the entire contents inside the code box below to Notepad:

Code: Start CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction <======= ATTENTION S3 dbx; system32\DRIVERS\dbx.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] S3 PCASp60; System32\Drivers\PCASp60.sys [X] C:\ProgramData\fontcacheev1.dat CustomCLSID: HKU\S-1-5-21-837606628-3980760942-254267324-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\andre\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncApi64.dll => No File EmptyTemp: cmd: ipconfig /flushdns Reboot: End[/quote] Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from E:\Downloads, vs. the Desktop. They both need to be in the same place, preferably the Desktop.

Next, run FRST and click Fix only once, and wait.

When done, the tool creates a log: Fixlog.txt
Please attach Fixlog.txt to your reply.

How is the system running?
Is the suspicious website still showing up?

After go.oclasrv.com appears on the system, the default DNS settings of browsers such Chrome and are altered.
Included the command ipconfig /flushdns considering this issue.


Also, open Chrome, click on the 3 horizontal dots and click Select More Tools > Extensions
If you see any malicious extensions please delete them.

Next, go to Settings.
Select Open a specific page or set of pages and click on: Set pages

If you find any malicious websites, delete them by clicking the X next to them.

 

I have 52.8 GB of space on my drive and I install games on there so they load faster. I can't say I have space for system restore.
I've already checked Chrome's settings and extensions, there's nothing there.

 

Did you run the Fixlist on FRST?

Can you attach the Fixlog.txt ?


Please download HitmanPro (Sophos):
HitmanPro Malware Removal Tool: Secondary Anti-Virus Scanner | Download HitmanPro 3.7
Save to the Desktop
Right-click the downloaded file and select: Run as Administrator

When it finishes running HP will display a list of Identified Threats (malware) or other entries found (i.e. cookies, PUPs, etc.).
Click on Next and select the option: Activate Free License

This begins the free 30 days trial, and removes all the Identified files from the computer.

After the entries are removed, click on the Save Log option.
Save the HitmanPro log to the Desktop.

Please attach the content of the HitmanPro report in your reply.

Now, close the program, and restart the computer.

Any changes?