Outline ·
[ Standard ] ·
Linear+
Auto open browser and direct to a webpage., Need some help for fixing
TSvincent09
|
Apr 28 2016, 04:39 PM, updated 8y ago
|
|
Nearly I got meet 1 problem that even I just boot up the pc and leave it without click anything, after certain time ( not a fix time ) it will open a my firefox and direct go to a web page. the link is "kb-ribaki.org" then redirect to "zodiac-game.info".
I have try some software like adwcleaner, cclener, superantispyware, malwarebytes all also didnt found this problem out. So I feel like something already set in my registry there ( but I didn't know how to figure out to find it ... ) Lucky is it just open once per boot up pc , mean restart it will come out again, after that it wont come out again until next boot. I have check the processes window there found out when the pop-up come again, I can see the processes come out 1 more explorer.exe and command line look like " windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding ". I feel this is maybe the virus or malware want to open a explorer start link to the page. But I using firefox then it will continue another processes which command line look like "firefox.exe" -osint -url "http://kb-ribaki.org/", then this the command to make my firefox open the link. But how to find out where the command start from ?
Need some suggestion besides format pc.
Thank you.
|
|
|
|
arepit
|
Apr 28 2016, 04:42 PM
|
|
try to check our msconfig
see what is the start up process
|
|
|
|
TSvincent09
|
Apr 28 2016, 05:01 PM
|
|
msconfig there nothing special, all is normal startup.
|
|
|
|
Mr.7
|
Apr 29 2016, 04:45 PM
|
|
check under programs. any suspicious installed softwares?
|
|
|
|
TSvincent09
|
Apr 29 2016, 06:39 PM
|
|
Nope. Nealy also no install anything. I already format the pc but see anyone know the solution for future use... really no idea how it come and kick it out ....
|
|
|
|
mashimarow
|
Apr 29 2016, 07:17 PM
|
|
Since you already reformat the PC, there is no way to test how to remove it
You can check at the registry HKEY-machine > Software > Microsoft > Windows > Currentversion > RUN see if it is lurking there
|
|
|
|
TSvincent09
|
Apr 29 2016, 09:42 PM
|
|
QUOTE(mashimarow @ Apr 29 2016, 07:17 PM) Since you already reformat the PC, there is no way to test how to remove it You can check at the registry HKEY-machine > Software > Microsoft > Windows > Currentversion > RUN see if it is lurking there Ok I note down first, if happen again I can check there again. But touch wood I don't want meet it again >..< Although I can block the site at firefox with add-on but I feel annoying it pop a tab at there....
|
|
|
|
mashimarow
|
Apr 30 2016, 07:38 AM
|
|
Those Russian are great hacker, could be some website you entered got hacked and write in script inside self install add on to surfer
|
|
|
|
TSvincent09
|
May 1 2016, 12:54 AM
|
|
QUOTE(mashimarow @ Apr 30 2016, 07:38 AM) Those Russian are great hacker, could be some website you entered got hacked and write in script inside self install add on to surfer Hmm, quite hard to remember where I have been when keep do research thing in random webpage.... I think they write something on registry there... like those pop up window or open browser direct redirect you go certain webpage.
|
|
|
|