Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: redirect.cheapred.info hijack my browsers  (Read 13109 times)

0 Members and 1 Guest are viewing this topic.

alixa

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows 7
    redirect.cheapred.info hijack my browsers
    « on: August 17, 2017, 09:55:05 PM »
    this  redirect.cheapred.info  has infected my pc for months now and i cant get rid of it please help me it redirects me on some web sites like amd ... some wikipedia pages even some search  results from google please help me here is the logs

    First the adwcleaner

    # AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 18 03:43:09 2017
    # Updated on 2017/05/08 by Malwarebytes
    # Database: 08-17-2017.2
    # Running on Windows 7 Ultimate (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [948 B] - [2017/8/18 10:0:34]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

    Then security check log

     Results of screen317's Security Check version 1.014 --- 12/23/15 
     Windows 7 Service Pack 1 x64 (UAC is disabled!) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Java 8 Update 144 
     Java version 32-bit out of Date!
     Google Chrome (60.0.3112.101)
     Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbam.exe 
     Malwarebytes Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C: 6%
    ````````````````````End of Log``````````````````````[/u]

    and the last is the malwarebytes scan log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/18/2017
    Scan Time: 5:46 AM
    Logfile: 22.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2017.08.18.02
    Rootkit Database: v2017.08.02.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: mmm

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 242760
    Time Elapsed: 5 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: redirect.cheapred.info hijack my browsers
    « Reply #1 on: August 18, 2017, 01:19:02 PM »
    The Security Log show you have no AV running on your computer. Please download and install one of these.

    Before we continue download and install a free antivirus.

    Remember to only install one antivirus!
     
    1) Avast! Home Edition
    2) AVG Free Edition
    3) Avira AntiVir Personal
    4) MicroSoft Security Essentials   All versions and all languages.
    5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
    ****************************************************
    Download JavaRa
    * Unzip the file and open the JavaRa.exe
    * Click Remove Older Versions
    * JavaRa will search for and remove any outdated version of Java and remove any that are found.
    * Click Additional Tasks
    * Place a check next to Remove Useless JRE Files and click Go
    * Exit JavaRa
    * Delete the JavaRa files from the desktop
    *********************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    **************************************************
    What browser are you using. Does it re-direct using another browser?
    Windows 8 and Windows 10 dual boot with two SSD's

    alixa

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows 7
      Re: redirect.cheapred.info hijack my browsers
      « Reply #2 on: August 18, 2017, 02:32:37 PM »
      Thanks Dave for the help

      First i installed avg antivirus with the antimalware should i remove antimalware?

      second i installed JAVARa and i removed every java installed Should i install java again or no ?

      and i am using google chrome and yes i tried using Firefox and IE still have the same redirect

      and here is the junkremove Log

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 7 Ultimate x64
      Ran by mmm (Administrator) on Fri 08/18/2017 at 22:26:26.65
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 16

      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KRXLI83 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z29WRMQ (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKHU7M1A (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGV8J3GX (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJFJ1N5S (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUASO3KW (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAJU4SOZ (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\mmm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW12FIKY (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KRXLI83 (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z29WRMQ (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKHU7M1A (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGV8J3GX (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJFJ1N5S (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUASO3KW (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAJU4SOZ (Temporary Internet Files Folder)
      Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW12FIKY (Temporary Internet Files Folder)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Fri 08/18/2017 at 22:29:37.35
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: redirect.cheapred.info hijack my browsers
      « Reply #3 on: August 19, 2017, 01:25:23 PM »
      Quote
      First i installed avg antivirus with the antimalware should i remove antimalware?
      Not necessary. You can have many anti-malware programs running.
      Quote
      second i installed JAVARa and i removed every java installed Should i install java again or no ?
      Yes.

      ESET Online Scanner
      Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

          Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
          Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

              Enable detection of potentially unwanted applications;
              Scan archives;
              Scan for potentially unsafe applications;
              Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

         

          After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
         

          Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
         

          After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
         


          Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
         


          Once you're done, click on the Back button;
          Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;
      Windows 8 and Windows 10 dual boot with two SSD's

      alixa

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows 7
        Re: redirect.cheapred.info hijack my browsers
        « Reply #4 on: August 19, 2017, 02:31:42 PM »
        Thanks for reply actually there were alot of threats and i removed them no more redirect for now thanks to you but the problem that it keeps coming back any tip about more security against this infection ?? and thanks again for your help and here is the log you asked for

        ESETSmartInstaller@High as downloader log:
        all ok
        # product=EOS
        # version=8
        # OnlineScannerApp.exe=1.0.0.1
        # EOSSerial=63a66c72a0f71941a723a585c3c829d4
        # end=init
        # utc_time=2017-08-18 09:16:27
        # local_time=2017-08-18 11:16:27 (+0200, Egypt Standard Time)
        # country="Egypt"
        # osver=6.1.7601 NT Service Pack 1
        ESETSmartInstaller@High as downloader log:
        all ok
        # product=EOS
        # version=8
        # OnlineScannerApp.exe=1.0.0.1
        # EOSSerial=63a66c72a0f71941a723a585c3c829d4
        # end=init
        # utc_time=2017-08-19 01:19:53
        # local_time=2017-08-19 1:19:53 (+0200, Egypt Standard Time)
        # country="Egypt"
        # osver=6.1.7601 NT Service Pack 1
        Update Init
        Update Download
        Update Finalize
        Updated modules version: 34440
        # product=EOS
        # version=8
        # OnlineScannerApp.exe=1.0.0.1
        # EOSSerial=63a66c72a0f71941a723a585c3c829d4
        # end=updated
        # utc_time=2017-08-19 09:39:35
        # local_time=2017-08-19 11:39:35 (+0200, Egypt Standard Time)
        # country="Egypt"
        # osver=6.1.7601 NT Service Pack 1
        # product=EOS
        # version=8
        # OnlineScannerApp.exe=1.0.0.1
        # OnlineScanner.ocx=1.0.0.7777
        # api_version=3.1.1
        # EOSSerial=63a66c72a0f71941a723a585c3c829d4
        # engine=34440
        # end=finished
        # remove_checked=true
        # archives_checked=true
        # unwanted_checked=true
        # unsafe_checked=true
        # antistealth_checked=true
        # utc_time=2017-08-19 01:02:44
        # local_time=2017-08-19 03:02:44 (+0200, Egypt Standard Time)
        # country="Egypt"
        # lang=1033
        # osver=6.1.7601 NT Service Pack 1
        # compatibility_mode_1=''
        # compatibility_mode=5893 16776573 100 94 30592 254691214 0 0
        # scanned=311728
        # found=27
        # cleaned=27
        # scan_time=12188
        sh=C705C0B0210EBDA6A3301C6CA9C6091B2EE11D5B ft=1 fh=7ec746d6559b765e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\mmm\Downloads\Programs\ccsetup533.exe"
        sh=25CCB8C77AA2508284BCE69922E7074A50404F29 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABO trojan (deleted)" ac=C fn="D:\GAMES SOURCES\sr-ygolotd.iso"
        sh=DA646C43D6E399BC19276B5373B05CB8BAA4623A ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BL potentially unsafe application (deleted)" ac=C fn="D:\GAMES SOURCES\Age.of.Empires.II.HD.The.Forgotten-RELOADED\rld-aoe2hdtf.iso"
        sh=F9F5971850614A6EC7B4B9EA60FC9092D2F59822 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.Q potentially unsafe application (deleted)" ac=C fn="D:\GAMES SOURCES\BoneCraft-SKIDROW\BONECRAFT.V1.0.ALL.RELOADED.NODVD.ZIP"
        sh=F4C1ED6BDDB87052CBDC37DE752DDA20D2D975A3 ft=1 fh=f4cb98639c10ef0c vn="Win32/HackTool.Crack.BB potentially unsafe application (cleaned by deleting)" ac=C fn="D:\GAMES SOURCES\BoneCraft-SKIDROW\BONECRAFT.V1.0.ALL.RELOADED.NODVD\rld.dll"
        sh=AE047084A1A0EEBA9F2D391F5DB055165CD645E5 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.EE potentially unsafe application (deleted)" ac=C fn="D:\GAMES SOURCES\mount and blade 2015\00010-mmaabbwrf\sr-mbvcre\sr-mbvcre.iso"
        sh=9E111339CBA151DABE95DCB939954CD810752D47 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application (deleted)" ac=C fn="D:\GAMES SOURCES\Skyrim\Mods\GAME FILES\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13.rar"
        sh=927878D6F4E92D036E5B1EF32F47F861D8F3CEB4 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application (deleted)" ac=C fn="D:\GAMES SOURCES\Skyrim\Mods\GAME FILES\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13\rld-tesvsu13.rar"
        sh=927878D6F4E92D036E5B1EF32F47F861D8F3CEB4 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application (deleted)" ac=C fn="D:\GAMES SOURCES\Skyrim\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13\Th.Eld3r.Scr0lls.V.Skyr1m.Update.13\rld-tesvsu13.rar"
        sh=9C085029E41DE643FE809CD12D9A552DE712BBA2 ft=1 fh=a65b2b8493fb9bb0 vn="a variant of Win32/HackTool.Crack.ES potentially unsafe application (cleaned by deleting)" ac=C fn="D:\GAMES SOURCES\wwe2k17\WWE.2K17.Update.v20170329.incl.DLC-CODEX\Update\Setup.exe"
        sh=9EFE22B4F2934851AAB433A8DAD5EE489C86413A ft=0 fh=0000000000000000 vn="a variant of Win64/HackTool.Crack.C potentially unsafe application (deleted)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-1377994312-2437611659-1679373985-1001\$RX2UJV6.rar"
        sh=DDDCA3EA0FBE3AF0397C003CCFE6DDFBCF876558 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.G potentially unsafe application (deleted)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-2156758360-3450581443-2531186017-1001\$RCRODWL.iso"
        sh=304165D15CBBFB6ABEED64EDE2E9395D9D1DDE23 ft=0 fh=0000000000000000 vn="Win32/Keygen.UC potentially unsafe application (deleted)" ac=C fn="E:\$RECYCLE.BIN\S-1-5-21-2347799306-2114453875-1280818752-1000\$RNK3F4A.CoM_2\WinUtilities.Pro. 11.30.MaZiKa2daY.CoM\Keymaker-CORE.rar"
        sh=8D90E20B8350DF9411126EE1C60B712C07863A63 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application (deleted)" ac=C fn="E:\dun delete this\تعريفات win 7\KMSpico.Mazika2day.com.rar"
        sh=CFDB755B9264E2631615781B269DA40D987AB08E ft=0 fh=0000000000000000 vn="a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application (deleted)" ac=C fn="E:\dun delete this\تعريفات win 7\KMSpico.Mazika2day.com\KMSpicoPortable.rar"
        sh=0F0D38645B041C15C9E9C1AF02D5642AF77BBE5C ft=1 fh=a253330a9f6e67ad vn="a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application (cleaned by deleting)" ac=C fn="E:\dun delete this\تعريفات win 7\KMSpico.Mazika2day.com\Install\KMSpico_setup.exe"
        sh=9F18F9510286D72AB3E0E88A7286207BE6C14F67 ft=1 fh=c18fccb0571ea122 vn="a variant of Win32/Packed.VMProtect.ABD trojan (deleted)" ac=C fn="E:\FIFA 17\stp-fifa17.exe"
        sh=AC5A3C3D4B11AEC6B2B104D3F88D5E1980984F85 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackTool.WinActivator.J potentially unsafe application (deleted)" ac=C fn="E:\Microsoft.Windows.10.Enterprise.Final.x64.ISO-SCC\Re-Loader.Elk!ng.rar"
        sh=CB60B644895338ABD6EC451CB0459F8C2A4DA311 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application (deleted)" ac=C fn="E:\Microsoft.Windows.10.Enterprise.Final.x64.ISO-SCC\win 81\KMSpico.Hima.rar"
        sh=5AAD85B186804613F4D62DB809B99B5C251006D0 ft=1 fh=758aa1f0b019b275 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="E:\prog\ccsetup532.exe"
        sh=329505235F22F017E9AC9AB445F2F9912E00BD09 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.DO potentially unsafe application (deleted)" ac=C fn="E:\prog\I.D.M.6.28.17.rar"
        sh=4FA3DAFCA04474C4965CA5D7F766D84F14B9232F ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.J suspicious application (deleted)" ac=C fn="E:\prog\_.10.Manager 2.1.3.rar"
        sh=CF1F8CBFAA2C2FC221ECDBF56DCFB64379403E7D ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.DO potentially unsafe application (deleted)" ac=C fn="E:\prog\I.D.M.6.28.17\6.28.12_patch-pawel.7z"
        sh=F8D9AE8624DC497A5D2389706DEFBDE5B2F9DFE4 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application (deleted)" ac=C fn="E:\prog\I.D.M.6.28.17\idm.6.28.x-patch-xanax.rar"
        sh=A4E6285611736C672702B3110274696E61F29971 ft=0 fh=0000000000000000 vn="MSIL/HackTool.WinActivator.J potentially unsafe application (deleted)" ac=C fn="E:\WIN 7\W7.Ultimate.October.2016.Elk!ng..iso"
        sh=0ECC72CFFA1FBD2E3F3775DD399B1B1B5FCE834F ft=1 fh=fbc5b03f2075c17e vn="a variant of Win64/HackTool.Crack.F potentially unsafe application (cleaned by deleting)" ac=C fn="E:\WWE 2K15\steam_api64.dll"
        sh=E57ED35FCE75115BB23295CB01B6E24764993C0E ft=0 fh=0000000000000000 vn="a variant of Win64/HackTool.Crack.F potentially unsafe application (deleted)" ac=C fn="E:\WWE 2K15\WWE2K15_x64.rar

        alixa

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows 7
          Re: redirect.cheapred.info hijack my browsers
          « Reply #5 on: August 19, 2017, 04:34:50 PM »
          and another question i am using windows 7 it takes  some time to boot and start up how can i speed it up like normal

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: redirect.cheapred.info hijack my browsers
          « Reply #6 on: August 20, 2017, 12:27:31 PM »
          You should install MSE as your AV. I'm sure it will do a better job than AVG.
          Quote
          and another question i am using windows 7 it takes  some time to boot and start up how can i speed it up like normal

          StartupLite

          Download StartupLite by MalwareBytes to your Desktop.
          Doubleclick StartupLite.exe to launch the program.
          Ensure the Disable box is checked.
          Click Continue.
          A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
          Re-start your computer.
          Windows 8 and Windows 10 dual boot with two SSD's

          alixa

            Topic Starter


            Rookie

            • Experience: Familiar
            • OS: Windows 7
            Re: redirect.cheapred.info hijack my browsers
            « Reply #7 on: August 20, 2017, 12:51:59 PM »
            Thank you so much for saving my pc  i installed microsoft security Essentials and no more redirects thank you again :)

            alixa

              Topic Starter


              Rookie

              • Experience: Familiar
              • OS: Windows 7
              Re: redirect.cheapred.info hijack my browsers
              « Reply #8 on: August 21, 2017, 05:56:18 AM »
              i dont know how this happen the redirect comes back just like before i dont know what to do else

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: redirect.cheapred.info hijack my browsers
              « Reply #9 on: August 21, 2017, 04:28:58 PM »
              Run MBAM and ESET again.
              Windows 8 and Windows 10 dual boot with two SSD's

              alixa

                Topic Starter


                Rookie

                • Experience: Familiar
                • OS: Windows 7
                Re: redirect.cheapred.info hijack my browsers
                « Reply #10 on: August 23, 2017, 11:46:45 AM »
                I did and all clean no infections yet the redirect still occurs on any browser I had

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: redirect.cheapred.info hijack my browsers
                « Reply #11 on: August 23, 2017, 03:55:29 PM »
                Try setting your browsers to their default positions.
                Windows 8 and Windows 10 dual boot with two SSD's

                alixa

                  Topic Starter


                  Rookie

                  • Experience: Familiar
                  • OS: Windows 7
                  Re: redirect.cheapred.info hijack my browsers
                  « Reply #12 on: August 24, 2017, 02:26:08 AM »
                  THANKS no more redirect for now i hope it did not come back again .. thanks again for your help :)

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: redirect.cheapred.info hijack my browsers
                  « Reply #13 on: August 24, 2017, 04:30:26 PM »
                  Ok. We'll give it a few days to see how this works out.
                  Windows 8 and Windows 10 dual boot with two SSD's

                  alixa

                    Topic Starter


                    Rookie

                    • Experience: Familiar
                    • OS: Windows 7
                    Re: redirect.cheapred.info hijack my browsers
                    « Reply #14 on: August 25, 2017, 09:00:19 PM »
                    it was fine for a while but it keeps coming back for no reason i do not know what is wrong about it

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: redirect.cheapred.info hijack my browsers
                    « Reply #15 on: August 26, 2017, 12:48:29 PM »
                    Could you please post a screenshot of the re-direct?
                    Windows 8 and Windows 10 dual boot with two SSD's

                    alixa

                      Topic Starter


                      Rookie

                      • Experience: Familiar
                      • OS: Windows 7
                      Re: redirect.cheapred.info hijack my browsers
                      « Reply #16 on: August 26, 2017, 05:02:58 PM »
                      here it is

                      [attachment deleted by admin to conserve space]

                      alixa

                        Topic Starter


                        Rookie

                        • Experience: Familiar
                        • OS: Windows 7
                        Re: redirect.cheapred.info hijack my browsers
                        « Reply #17 on: August 27, 2017, 02:25:34 AM »
                        here is the link to file droper if the picture does not open
                        http://www.filedropper.com/untitled_29

                        SuperDave

                        • Malware Removal Specialist
                        • Moderator


                        • Genius
                        • Thanked: 1020
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 10
                        Re: redirect.cheapred.info hijack my browsers
                        « Reply #18 on: August 27, 2017, 12:37:18 PM »
                        I will need you to open your Task Manager. CTRL+Alt+delete should do it and look for redirect.cheapred in the processes. If you can find it, click End process. Next, check your browsers for plug-ins.
                        Chrome
                        Click the Chrome menu button on the browser toolbar.
                        Click Tools.
                        Select Extensions.
                        Click the trash can icon to delete redirect.cheapred.info extension.
                        Make sure to remove all extensions you do not know or need.
                        A confirmation dialog appears, click Remove.

                        Firefox
                        Click the menu button and choose Add-ons. The Add-ons Manager tab will open.
                        In the Add-ons Manager tab, select the Extensions panel.
                        Make sure to remove all extensions you do not know or need.
                        Click Disable or Remove button of redirect.cheapred.info.
                        Click Restart now if it pops up.

                        Internet Explorer
                        Open the IE, click the Tools button , and then click Manage add-ons.
                        Click Toolbars and Extensions on left side of the window., and then select redirect.cheapred.info
                        Make sure to remove all BHO’s you do not know or need.
                        If the add-on can be deleted, you’ll see the Remove option. Click Remove and then click Close. Otherwise click Disable button.

                        Next, Go to Control Panel, Programs and Features and look for the program and un-install it.
                        Windows 8 and Windows 10 dual boot with two SSD's

                        alixa

                          Topic Starter


                          Rookie

                          • Experience: Familiar
                          • OS: Windows 7
                          Re: redirect.cheapred.info hijack my browsers
                          « Reply #19 on: August 27, 2017, 04:28:17 PM »
                          it is not found in the task manager process ...  and i do not have any extension to uninstall at all yet this redirect still occur

                          SuperDave

                          • Malware Removal Specialist
                          • Moderator


                          • Genius
                          • Thanked: 1020
                          • Certifications: List
                          • Experience: Expert
                          • OS: Windows 10
                          Re: redirect.cheapred.info hijack my browsers
                          « Reply #20 on: August 27, 2017, 07:45:25 PM »
                          Please download the latest version of Hitman Pro
                          • After the download completes please double click the program to run it.
                          • Accept the terms of the license agreement and click Next
                          • Let the scan run. It will not take long
                          • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
                          • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
                          • Upload log.xml here for review please
                          Windows 8 and Windows 10 dual boot with two SSD's

                          alixa

                            Topic Starter


                            Rookie

                            • Experience: Familiar
                            • OS: Windows 7
                            Re: redirect.cheapred.info hijack my browsers
                            « Reply #21 on: August 28, 2017, 10:16:22 AM »
                            here is the log

                            [attachment deleted by admin to conserve space]

                            alixa

                              Topic Starter


                              Rookie

                              • Experience: Familiar
                              • OS: Windows 7
                              Re: redirect.cheapred.info hijack my browsers
                              « Reply #22 on: August 29, 2017, 10:01:51 AM »
                              Code: [Select]
                              HitmanPro 3.7.20.286
                              www.hitmanpro.com

                                 Computer name . . . . : DELL-PC
                                 Windows . . . . . . . : 6.1.1.7601.X64/4
                                 User name . . . . . . : dell-PC\dell
                                 UAC . . . . . . . . . : Disabled
                                 License . . . . . . . : Free

                                 Scan date . . . . . . : 2017-08-28 18:03:15
                                 Scan mode . . . . . . : Normal
                                 Scan duration . . . . : 8m 2s
                                 Disk access mode  . . : Direct disk access (SRB)
                                 Cloud . . . . . . . . : Internet
                                 Reboot  . . . . . . . : No

                                 Threats . . . . . . . : 1
                                 Traces  . . . . . . . : 20

                                 Objects scanned . . . : 1,262,129
                                 Files scanned . . . . : 15,236
                                 Remnants scanned  . . : 226,731 files / 1,020,162 keys

                              Malware _____________________________________________________________________

                                 C:\Users\dell\Downloads\Programs\disk-defrag-setup.exe
                                    Size . . . . . . . : 8,844,032 bytes
                                    Age  . . . . . . . : 3.8 days (2017-08-24 22:40:54)
                                    Entropy  . . . . . : 8.0
                                    SHA-256  . . . . . : E56404B46C97CDBD6B08B3C0E05B605667E2FD074B436C84983DBFE580984698
                                    Product  . . . . . : Auslogics Disk Defrag                                       
                                    Publisher  . . . . : Auslogics Labs Pty Ltd                                     
                                    Description  . . . : Auslogics Disk Defrag Installation File                     
                                    Version  . . . . . : 7.1.5.0
                                    RSA Key Size . . . : 2048
                                    LanguageID . . . . : 0
                                    Authenticode . . . : Valid
                                  > HitmanPro  . . . . : App/ADiskDef-A
                                    Fuzzy  . . . . . . : 98.0
                                    Forensic Cluster
                                       -1.8s C:\Users\dell\AppData\Roaming\IDM\DwnlData\dell\disk-defrag-setup_16\
                                        0.0s C:\Users\dell\Downloads\Programs\disk-defrag-setup.exe


                              Cookies _____________________________________________________________________

                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
                                 C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com



                              SuperDave

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Thanked: 1020
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 10
                              Re: redirect.cheapred.info hijack my browsers
                              « Reply #23 on: August 29, 2017, 01:19:42 PM »
                              Download SpyHunter
                              Double-click SpyHunter-Installer.exe to install it into your system:
                              Select Language, installer and EULA.
                              Select “Start a New System Scan” and then click Scan Computer Now!
                              Step 4: Get rid of all detected items by clicking “Fix Threats” button:
                              Windows 8 and Windows 10 dual boot with two SSD's

                              alixa

                                Topic Starter


                                Rookie

                                • Experience: Familiar
                                • OS: Windows 7
                                Re: redirect.cheapred.info hijack my browsers
                                « Reply #24 on: August 29, 2017, 08:57:45 PM »
                                no threats found

                                SuperDave

                                • Malware Removal Specialist
                                • Moderator


                                • Genius
                                • Thanked: 1020
                                • Certifications: List
                                • Experience: Expert
                                • OS: Windows 10
                                Re: redirect.cheapred.info hijack my browsers
                                « Reply #25 on: August 30, 2017, 03:34:06 PM »
                                it was fine for a while but it keeps coming back for no reason i do not know what is wrong about it
                                Does it do this on all your browsers including IE?
                                Windows 8 and Windows 10 dual boot with two SSD's

                                alixa

                                  Topic Starter


                                  Rookie

                                  • Experience: Familiar
                                  • OS: Windows 7
                                  Re: redirect.cheapred.info hijack my browsers
                                  « Reply #26 on: August 30, 2017, 04:31:17 PM »
                                  YES to all browsers

                                  SuperDave

                                  • Malware Removal Specialist
                                  • Moderator


                                  • Genius
                                  • Thanked: 1020
                                  • Certifications: List
                                  • Experience: Expert
                                  • OS: Windows 10
                                  Re: redirect.cheapred.info hijack my browsers
                                  « Reply #27 on: August 31, 2017, 01:24:47 PM »
                                  The instructions I have given you is the proper method to get rid of this re-direct. Have you tried a System Restore to before the date this problem happened?
                                  Windows 8 and Windows 10 dual boot with two SSD's

                                  alixa

                                    Topic Starter


                                    Rookie

                                    • Experience: Familiar
                                    • OS: Windows 7
                                    Re: redirect.cheapred.info hijack my browsers
                                    « Reply #28 on: September 01, 2017, 02:12:20 PM »
                                    WELL i finally solved it at last
                                    1- i have to disable cookies
                                    2- i have to disable java in a the browsers

                                    thanks for your help and i am sorry to bother you thanks again

                                    SuperDave

                                    • Malware Removal Specialist
                                    • Moderator


                                    • Genius
                                    • Thanked: 1020
                                    • Certifications: List
                                    • Experience: Expert
                                    • OS: Windows 10
                                    Re: redirect.cheapred.info hijack my browsers
                                    « Reply #29 on: September 02, 2017, 03:30:18 PM »
                                    Click Start> Computer> right click the C Drive and choose Properties> enter
                                    Click Disk Cleanup from there.



                                    Click OK on the Disk Cleanup Screen.
                                    Click Yes on the Confirmation screen.



                                    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                                    ***************************************
                                    This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
                                    This is a very crucial step so make sure you don't skip it.
                                    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

                                    Double-click Delfix.exe to start the tool.
                                    Make sure the following items are checked:
                                    • Activate UAC (optional; some users prefer to keep it off)
                                    • Remove disinfection tools
                                    • Create Registry backup
                                    • Purge System Restore Points
                                    • Re-set system settings
                                    Now click "Run" and wait patiently.
                                    Once finished a logfile will be created. You don't have to attach it to your next reply.
                                    ********************************************
                                    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                                    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                                    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                                    Safe Surfing!
                                    Windows 8 and Windows 10 dual boot with two SSD's