Windows 10: Taobao infection

Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with Malwarebytes,SuperAntiSpyware,ADWcleaner, JRT,and Panda A/V (free) to no avail. Any suggestions?





:)

 

My Samsung Omnia7 browser crashes this morning

Not. Morning only use Taobao . Sometimes board the other pages so be it . QQ Qzone , Tencent friends .

 

My Samsung Omnia7 browser crashes this morning

Is it only happening with Taobao page? Can you visit other sites?

 

It looks like a browser toolbar. In IE try going to Settings>manage Add-ons > Toolbars and extensions. You should be able to delete it there. The other one I have seen lately resets your homepage. By going to control panel>Internet options general tab will allow you to reset the homepage.

 

Well, this is Maxthon but I tried resetting. Tried a few more things ........ then just deleted the browser and reinstalled. No idea where I got it or how it eluded everything I tried but it did. Its gone now, but thanks for the suggestion.

 

Try ZHPCleaner and RogueKiller too.

 

Maxthon has addons as well, a lot of which I would not consider using. Go to Menu - Tools - Extensions and see if theres any unwarranted addon there.

 

O.K. ......... Its back. Came back yesterday evening about an hour after I thought I'd gotten rid of it. It is only on the tabs after the main one and it turns off AdBlock Plus, (Its bundled into my Browser), but only on the unopened tabs. In addition to what I have already mentioned I've ran RougeKiller, ZHP Cleaner, BitDefender online rootkit scan,Malwarebytes Rootkit scanner, Malwarebytes Chameleon and at least a couple more that just don't come to mind. I've reset my Browser to defaults to no avail and even reinstalled Maxthon cleanly (no saved data).

It is only on my Maxthon, nowhere to be found on Edge,but as Maxthon is "my" browser, its a annoyance. Seems fairly "benign" too i.e. no re-directions or pop-ups but its not supposed to be there.

 

Have you tried running RKill & then run all the malware scanners to see if it can ferret it out? Could be it's not leaving because it's running & that blocks some removal attempts. Also, you might try running in safe mode & then run some of the scanners.

RKill Download

 

Do as Borg suggests, but DO NOT REBOOT THE PC after running RKill. Its main purpose is to flush ram from any running malware process, so you must run any malware cleaner after it, but without rebooting.

As a last resort, try booting with any Linux BootCD or similar and check the ProgramData and Users\<your account> folders (Specially AppData) for any weird looking file/folder that may be residing there. You can also flush the browser cache from there (usually stored under AppData\Local folder).

 

Nice seeing you here Borg 386!

Tried RKill (can't believe I didn't think of that........), ran Malwarebytes,SuperAntiSpyware,ADWcleaner,and my A/V after running RKill. Its still there.
Additional data ; My Windows Defender is grayed out , says its on in Windows, but RKill says its disabled. Also, I don't know if this is important or not but I cannot access Maxthons home page. Says its "unable to resolve domain name". Its the only page I can't get to.
Will be trying eLPuSHer's suggestions next.

 

RKill also says you are missing some services. Which ones are those?

 

Check this path: C:\users\{user}\appdata\roaming\maxthon3\apptg\taobao.exe

 

Well,haha,I'll be marking this as solved again. Never "found" the source, so just reset my machine. No big deal as I had a clean install planned for next week anyway. Did want to find out what it was though, but its gone (I guess). Couldn't access the Maxthon site period for a couple of hours "couldn't resolve domain name", so I'm now trying Firefox after a absence of many years. Haha, I DID find a very old Maxthon version........ 2.5.18 in fact. Its a real blast from the past and since installing it I seem to be able to access the Maxthon site. Not sure if I'll be updating this version or not as I'm having a much closer look at Edge and Firefox now.

Thanks to all who helped!

 

Hi if you want you can read this link it may help you or anyone else in the future
What can cause it and how to get rid of it
pchihi.com Information and Tips on How to Remove taobao.exe Quickly