I am redirected to asnews.com.sg

[sinhead]

Bro I had a harrowing time with redirects since the last month. Nothing helped, not even malware checks in safemode.
Finally uninstalled firefox and chrome,

Installed opera with 2 addons - adblockplus and http switchboard
Adblockplus - ( Allow some non-intrusive advertising = switched off)
http switchboard - Enable strict blocking = on

Also updated my antivirus.

Finally I have been able to browse at peace.

 

[Vyom]

But did you know what "Exactly" was causing the problem?
They say, "If you don't know what the problem was, you never fixed it".

 

[nac]

Hola is a free VPN service.

Yes. But how do I remove it from "trusted zone" (there is an entry in that log file)

Manage scheduled tasks through CCleaner.
Also, check my adware/malware removal guide (in sig), you might get some help from there. Some BHO is messed up.

I will manage tasks through CCleaner.
I checked your thread/guide. It's like a lengthy process. But I will sure do it and post my feedback.

Bro I had a harrowing time with redirects since the last month. Nothing helped, not even malware checks in safemode.
Finally uninstalled firefox and chrome,
Installed opera with 2 addons - adblockplus and http switchboard
Adblockplus - ( Allow some non-intrusive advertising = switched off)
http switchboard - Enable strict blocking = on

Yeah, I learned there are many people who got affected with this redirection when I googled.
What you have done is pretty much the same as my suggested options. I have done them. It's been four days since last event. I want to think it's gone.

But did you know what "Exactly" was causing the problem?
They say, "If you don't know what the problem was, you never fixed it".

NO. I don't know what exactly causing the problem.

 

[dashing.sujay]

I will manage tasks through CCleaner.
I checked your thread/guide. It's like a lengthy process. But I will sure do it and post my feedback.

It's not that lengthy. Since it was supposed to be a 'guide', therefore the explanatory writing style.

Plus, you already have tried half options, so it won't take much time to try others, but go serially as explained in the thread.

 

[Flash]

Yes. But how do I remove it from "trusted zone" (there is an entry in that log file)

It's not a adware/malware. Since you've installed HOLA extension in the past, it may've logged the entry into the registry.
Anyway, if you want to remove -

Open IE> Options > Open Internet Options > Security tab > Trusted sites > Click on SITES button > It will show all the trusted sites which are added.

Remove the ones, which you don't trust

 

[nac]

It's not that lengthy. Since it was supposed to be a 'guide', therefore the explanatory writing style.
Plus, you already have tried half options, so it won't take much time to try others, but go serially as explained in the thread.

But I have done them while I was working in normal mode. Since it's suggested to try them in safe mode, I need free time to try them. So the reason for delay...

It's not a adware/malware. Since you've installed HOLA extension in the past, it may've logged the entry into the registry.
Anyway, if you want to remove -

Open IE> Options > Open Internet Options > Security tab > Trusted sites > Click on SITES button > It will show all the trusted sites which are added.

Remove the ones, which you don't trust

Wow!!! It's so simple. I should have googled... But after depending on tools to remove things lately, it didn't click my mind to google. Thank you.

 

[Flash]

But I have done them while I was working in normal mode. Since it's suggested to try them in safe mode, I need free time to try them. So the reason for delay...

Wow!!! It's so simple. I should have googled... But after depending on tools to remove things lately, it didn't click my mind to google. Thank you.

I've used to add my Cl!ent's IP-based site to trusted sites. That's how i know.

 

[nac]

It's not that lengthy. Since it was supposed to be a 'guide', therefore the explanatory writing style.
Plus, you already have tried half options, so it won't take much time to try others, but go serially as explained in the thread.

It's been more than one week since the last event. I hope the problem is fixed, but not sure. Went through your guide and here is my feedback. Please leave comment on what I should do about the things which I haven't fixed because of the reasons mentioned below.

1. Check your computer for any unwanted program installed
   Done.
   Checked in add/remove programs (control panel)
   Using CCleaner
   Finally, used revo.
   I don't see any unknown or suspicious program running. All the programs are the ones I use and some other are Microsoft's like dot net.
   
2. Reset your browsers and check for any unwanted or unknown addons. Make sure your remove all the suspicious addons; some of them might not get removed, but don't worry about that, we'll deal with them later.Done.
   All the add-ons are known, not suspicious.
   
3. Fire up CCleaner
   • Clean up the junk and reg entries using it. Note: It's never recommended to blindly delete the %temp% folder directly as they might contain some useful files used in background by some program. Done.
   • Go to Tools, now remove all the suspicious entries in Windows, Browsers (it basically shows add ons from the browsers, and some of the addons which do not show up in respective browsers, are shown here) and Scheduled Tasks. Scheduled tasks are most used by PUPs to keep running in background as one never checks them apart from normal windows start up. 95% of the items in scheduled tasks are usually not required. I don't see browser add on option in CCleaner and I don't see scheduled tasks.
   • Check start up services in msconfig. Make sure you hide all Microsoft services, then do any experiment. All the things are stopped in safemode.
   • Check Task Manager for any suspicious process running. Make sure you check file location of the process to be double sure about the authenticity of the process, and the effects of ending it. Don't see any suspicious process running.
     
4. Basic problems are fixed till this step, but 95% problems are not basic, because the way PUPs/adwares are deployed, they always leave a trace, thus the requirement of running some advanced tools. One important thing to note is that you must run tools in the order I'm mentioning because of the multiple reasons, viz, effectiveness and risk/side-effects.
   • AdwCleaner - Done.
   • JRT - Done.
   • Malwarebytes - Done.
   • Hitman Pro - Done.
     
     Some other tools which you may try if everything above fails:
   • Rogue Killer - Scanned but it shows things which I am doubtful whether to fix or not. Following are the snapshots of the scan result.
     
     
     Spoiler

     *i102.photobucket.com/albums/m108/tkphotos1/rkill%201_zpsknkyomcn.png
     
     *i102.photobucket.com/albums/m108/tkphotos1/rkill%202_zpsrkkblket.png
     
     *i102.photobucket.com/albums/m108/tkphotos1/rkill%203_zpskquivnov.png
   • YAC - It's not starting. I think because rogue killer killed the process.
   • TDSSKiller - Done.
   • Autoruns - Done. But It gives a big list. What should I do with this? I am not sure if I should mess with this.
   • HijackThis - Done. Saved the log file for now.

In some cases, addon from IE is not removable. All the enable/disable buttons are grayed out and there is nothing you could do. In this case, follow this method - *superuser.com/a/268408
Since the the add-ons are known, I didn't bother with this.

• In following locations - Program Files(x86), ProgramData, AppData, look for any gibberish files or folders, and delete them. They'll be most probably malwares/adwares. This I missed to do it safe mode. I will go back and do it.

 

[dashing.sujay]

[MENTION=125321]nac[/MENTION]

For CCleaner, you might be using old verion. See this

Spoiler

*lawrenceharvey.files.wordpress.com/2013/02/lawrence-harvey-ccleaner-tools.jpg

Rogue killer results are fine, it has history of some false detection. Try reinstalling YAC, then run it again.

Regarding Autorun, anything which appears highlighted in yellow color, simply uncheck that.

Everything else seems fine. Good try.

 

[nac]

For CCleaner, you might be using old verion.

Rogue killer results are fine, it has history of some false detection. Try reinstalling YAC, then run it again.

Regarding Autorun, anything which appears highlighted in yellow color, simply uncheck that.

Oops! I was just looking at the tabs on the left hand side, didn't look at the top. It's there... BTW I am using v5.xx

So I don't need clean/fix/delete anything from rogue killar scan result? YAC is fine, just that I couldn't run it because rogue killer killed the process (YAC started @ startup). If I don't run
Rogue killer before YAC, I think I am good to go with YAC without fresh installation.

Almost all the listed things are not highlighted. Only these three are in yellow.

Spoiler

*i102.photobucket.com/albums/m108/tkphotos1/a_run%201_zpsew75w1mk.png

And few things in red, like this

Spoiler

*i102.photobucket.com/albums/m108/tkphotos1/a_run%202_zps8sxi6msd.png

 

[dashing.sujay]

Yes, you can go ahead with YAC without running Rogue killer.

In autoruns, you just have to uncheck the ones highlighted in yellow, that's it. But the result here is not here nothing sort of suspicious.

 

[Zangetsu]

Just for the info.

there is a new malware on internet "SupTab" which redirects user to malicious websites.

 

[nac]

Couldn't run YAC in safe mode. May be because of rogue killer. So uninstalled YAC and checked for suspicious files and folders in appdata, program data and program files. It's been two weeks since the last event. Thanks everyone Thanks a lot.

Hope it's gone. If it ever comes back, I will post here.

And thanks very much for suggesting adblocker. Even though I am aware of such tool, I never bothered to try it. Because of this issue I tried it after your suggestion, now digit forum loads faster, youtube loads faster. Excellent.

 

[dashing.sujay]

^Which adblock plugin you are using ?

 

[nac]

^Which adblock plugin you are using ?

Mozilla add ons, adblock plus. *addons.cdn.mozilla.net/user-media/addon_icons/1/1865-64.png?modified=1439313282

 

[amjath]

My office laptop yesterday while browsing Chrome redirected me to asnews.com.sg. I did not had adblock installed. I sure they are redirected because of spammed ads all over the internet.

IMO install adblock white-list the websites which you want to donate them by ads. Others simply want money from ads.