Zemana took it out. Spoiler: original post I've been having a browser hijacker for a week now and I'm unable to remove it, but I'm not even sure what the virus is. I tried searching the signs I've noticed of the virus on my Mac but I'm not getting any results relating to it. I'm not sure what name this virus is and how to remove it. Signs of the virus: -Google searches automatically redirects to search.searchbind.net and then to Yahoo with the search results. Doesn't happen every time. -Tab popups when clicking anywhere on a webpage, link or not. This happens on every site including this site. They happen almost every time during the first minute of the browser running. Spoiler: Tab names Some popups have the following site names in Browsing History: -Wizard101's sign up page -Liveadexchanger (tab name is Loading) -Putrr18 (tab name is Only 18+) -Roblox's sign up page -"cpmofferconvert" -"Tweakbit" (tab name is Driver Update) -"daily-chance" (tab name is also Only 18+) -redirects from Pipeschannels -c-4fambt redirects (tab name is Your Windows 10 can work faster!) -redirects from SearchBind (occurs on Google and Bing) -Messages saying that my drivers or flash player is out of date would appear. Most of these give me the message if I'm for sure want to close the tab. -Adblock is running, nothing seems to change with it off. The virus has no affect to anything outside of the browsers. Popups and redirects seem to stop after a certain period of time of the browser being open. I did the following things to get rid of it (not in order, but everything is up-to-date): -ran rkill -Kaspersky's tdsskiller -Avast's Smart Scan -Avast normal scan -Avast's boot scans -Windows' Safe Mode (ran the anti-viruses in this mode while at it) -Junkware Removal Tool -AdwCleaner tool -Malwarebytes itself -Malwarebytes' boot scans -Browser scans by both Avast and Malwarebytes -HitmanPro -Zemana -Resetted every browser -Reinstalled every browser (fixed Opera's starting issue) -Checked registry (found nothing suspicious) ^None of these worked, not even rkill. Not to mention that Windows is unable to load an old restore point. It would say "System restore completed" but the screen would then blank and then restart saying that the restore was unsuccessful. I thought that this was the search.yahoo, searchinterneat-a akahamid or liveadexchaner's viruses but it isn't. The guides to remove those didn't work. The Programs and Features panel didn't show anything suspicious. Can someone help me on what to do to remove this? Spoiler: how I got the virus/possible clue I remember downloading a texture pack for Minecraft called Realistico. The site gave me two options: a free version and a paid version. I went for the free version (Realistico Lite), which refused to give me the zip unless I turn off the adblock so I did. I then clicked the "download," but I was recieved an iso of the texture pack's name and ran it...it opened a torrent browser full of site links so I went and closed it, restarted, deleted it (since Windows refused to delete the first time) and then ran the scanners. Nothing was found and the scanners said the iso was clean. I checked the download page and found out I clicked an advert and the actual download button was next to it...then the popups and redirects started occurring. The site I went to that had the download choices was https://matteorizzo.me/realistico/
It can happen... I seen it happen one or twice before.. Godzilla... it sounds it happens in all of the browsers, hijacking even HTTPS sites, so can't be a packet injection. Maybe try going through your installs and uninstall anything that you don't use / is not familiar... I would recommend something that has a residual files & registry entries cleaner because some installers likes to leave stuff behind. --- Post updated ---
i would HIGHLY recommend running malware bytes. I ran this on my computer one time and it found a key logger. Il send you a msg on steam. https://www.malwarebytes.com/ edit: wait i saw you ran this already.
Windows defender ain't gonna do anything if all of the other brands can't find it. Defender tends to be last at finding stuff like this. Anyways... reinstall Windows is probably the best resort at this point. Would recommend using a disk and not the in-place reset.
Better DBAN your hard drive and rebuild and Trust me DBAN nukes everything on your drive it will kill that virus in a single strike and then you can rebuild from there and invest in some better anti virus software, its what I would do in a situation like this okay, I use unconventional methods
Back up anything extremely important and reinstall Windows. Back up only the stuff that you absolutely need if at all, you never know if the virus ot whatever it is attached itself to stuff on your computer
Yeah... I remember having similar issues few years ago. Though I knew what was the issue, and at the time, no fix was possible. So my final solution : re-installing windows. I know it can be a pain if you have a lot of files and stuff... But yeah do your best. Ps: totally stupid question, have you tried with another browser?
He did say he reinstalled all the browsers... but it isn't possible with Edge or IE... so it could be likely he used others.
he realized that. Well... there's no more things that could kill the virus other than nuking the drive and reinstalling it again.
CaptanW is currently looking at the download that I likely got it from through a vm. In the meantime, I just found a weird file in the %temp% folder relating to a few browsers, probably caused by the torrent browser. It wouldn't let me remove it because Avast was using it so I deleted it in safe mode. I'm currently checking if this was the cause.
I had to reset my computer recently as well... I had this virus that slowed my PC to a crawl... I've had A LOT of browser hijackers though... And yeah, those websites pop up for me a lot when I have a browser hijacker.. Usually when I get a virus the only way to get rid of it is a factory reset, system restores don't work, and a ton of anti-virus' out there are scams, or are ironically, viruses themselves. Only trust windows defender. EDIT: is there a different homepage? That happens with browser hijackers a lot.
