Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 Auto open browser and direct to a webpage., Need some help for fixing

views
     
TSvincent09
post Apr 28 2016, 04:39 PM, updated 8y ago

*~ When I was young ~*
******
Senior Member
1,710 posts

Joined: Apr 2006
From: Klang, Selangor D.E.


Nearly I got meet 1 problem that even I just boot up the pc and leave it without click anything, after certain time ( not a fix time ) it will open a my firefox and direct go to a web page.
the link is "kb-ribaki.org" then redirect to "zodiac-game.info".

I have try some software like adwcleaner, cclener, superantispyware, malwarebytes all also didnt found this problem out. So I feel like something already set in my registry there ( but I didn't know how to figure out to find it ... )
Lucky is it just open once per boot up pc , mean restart it will come out again, after that it wont come out again until next boot.
I have check the processes window there found out when the pop-up come again, I can see the processes come out 1 more explorer.exe and command line look like " windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding ". I feel this is maybe the virus or malware want to open a explorer start link to the page.
But I using firefox then it will continue another processes which command line look like "firefox.exe" -osint -url "http://kb-ribaki.org/", then this the command to make my firefox open the link. But how to find out where the command start from ?

Need some suggestion besides format pc.

Thank you.
arepit
post Apr 28 2016, 04:42 PM

Casual
***
Junior Member
397 posts

Joined: Feb 2005
From: On the top of the world



try to check our msconfig

see what is the start up process
TSvincent09
post Apr 28 2016, 05:01 PM

*~ When I was young ~*
******
Senior Member
1,710 posts

Joined: Apr 2006
From: Klang, Selangor D.E.


msconfig there nothing special, all is normal startup.
Mr.7
post Apr 29 2016, 04:45 PM

Regular
******
Senior Member
1,242 posts

Joined: Sep 2013
From: Quantum Universe
check under programs. any suspicious installed softwares?
TSvincent09
post Apr 29 2016, 06:39 PM

*~ When I was young ~*
******
Senior Member
1,710 posts

Joined: Apr 2006
From: Klang, Selangor D.E.


Nope.
Nealy also no install anything.
I already format the pc but see anyone know the solution for future use...
really no idea how it come and kick it out ....
mashimarow
post Apr 29 2016, 07:17 PM

Regular
******
Senior Member
1,742 posts

Joined: Aug 2006
From: Selangor


Since you already reformat the PC, there is no way to test how to remove it

You can check at the registry HKEY-machine > Software > Microsoft > Windows > Currentversion > RUN see if it is lurking there
TSvincent09
post Apr 29 2016, 09:42 PM

*~ When I was young ~*
******
Senior Member
1,710 posts

Joined: Apr 2006
From: Klang, Selangor D.E.


QUOTE(mashimarow @ Apr 29 2016, 07:17 PM)
Since you already reformat the PC, there is no way to test how to remove it

You can check at the registry HKEY-machine > Software > Microsoft > Windows > Currentversion > RUN see if it is lurking there
*
Ok I note down first, if happen again I can check there again. But touch wood I don't want meet it again >..<
Although I can block the site at firefox with add-on but I feel annoying it pop a tab at there....

mashimarow
post Apr 30 2016, 07:38 AM

Regular
******
Senior Member
1,742 posts

Joined: Aug 2006
From: Selangor


Those Russian are great hacker, could be some website you entered got hacked and write in script inside self install add on to surfer
TSvincent09
post May 1 2016, 12:54 AM

*~ When I was young ~*
******
Senior Member
1,710 posts

Joined: Apr 2006
From: Klang, Selangor D.E.


QUOTE(mashimarow @ Apr 30 2016, 07:38 AM)
Those Russian are great hacker, could be some website you entered got hacked and write in script inside self install add on to surfer
*
Hmm, quite hard to remember where I have been when keep do research thing in random webpage....
I think they write something on registry there... like those pop up window or open browser direct redirect you go certain webpage.


 

Change to:
| Lo-Fi Version
0.0123sec    0.67    5 queries    GZIP Disabled
Time is now: 28th March 2024 - 06:09 PM