redirect.cheapred.info hijack my browsers

[SuperDave]

Could you please post a screenshot of the re-direct?

[alixa]

here it is

[attachment deleted by admin to conserve space]

[alixa]

here is the link to file droper if the picture does not open
http://www.filedropper.com/untitled_29

[SuperDave]

I will need you to open your Task Manager. CTRL+Alt+delete should do it and look for redirect.cheapred in the processes. If you can find it, click End process. Next, check your browsers for plug-ins.
Chrome
Click the Chrome menu button on the browser toolbar.
Click Tools.
Select Extensions.
Click the trash can icon to delete redirect.cheapred.info extension.
Make sure to remove all extensions you do not know or need.
A confirmation dialog appears, click Remove.

Firefox
Click the menu button and choose Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions panel.
Make sure to remove all extensions you do not know or need.
Click Disable or Remove button of redirect.cheapred.info.
Click Restart now if it pops up.

Internet Explorer
Open the IE, click the Tools button , and then click Manage add-ons.
Click Toolbars and Extensions on left side of the window., and then select redirect.cheapred.info
Make sure to remove all BHO’s you do not know or need.
If the add-on can be deleted, you’ll see the Remove option. Click Remove and then click Close. Otherwise click Disable button.

Next, Go to Control Panel, Programs and Features and look for the program and un-install it.

[alixa]

it is not found in the task manager process ...  and i do not have any extension to uninstall at all yet this redirect still occur

[SuperDave]

Please download the latest version of Hitman Pro

• After the download completes please double click the program to run it.
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

[alixa]

here is the log

[attachment deleted by admin to conserve space]

[alixa]

Code: [Select]

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : DELL-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : dell-PC\dell
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-08-28 18:03:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 20

   Objects scanned . . . : 1,262,129
   Files scanned . . . . : 15,236
   Remnants scanned  . . : 226,731 files / 1,020,162 keys

Malware _____________________________________________________________________

   C:\Users\dell\Downloads\Programs\disk-defrag-setup.exe
      Size . . . . . . . : 8,844,032 bytes
      Age  . . . . . . . : 3.8 days (2017-08-24 22:40:54)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : E56404B46C97CDBD6B08B3C0E05B605667E2FD074B436C84983DBFE580984698
      Product  . . . . . : Auslogics Disk Defrag                                       
      Publisher  . . . . : Auslogics Labs Pty Ltd                                     
      Description  . . . : Auslogics Disk Defrag Installation File                     
      Version  . . . . . : 7.1.5.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > HitmanPro  . . . . : App/ADiskDef-A
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -1.8s C:\Users\dell\AppData\Roaming\IDM\DwnlData\dell\disk-defrag-setup_16\
          0.0s C:\Users\dell\Downloads\Programs\disk-defrag-setup.exe


Cookies _____________________________________________________________________

   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com




[SuperDave]

Download SpyHunter
Double-click SpyHunter-Installer.exe to install it into your system:
Select Language, installer and EULA.
Select “Start a New System Scan” and then click Scan Computer Now!
Step 4: Get rid of all detected items by clicking “Fix Threats” button:

[alixa]

no threats found

[SuperDave]

it was fine for a while but it keeps coming back for no reason i do not know what is wrong about it

Does it do this on all your browsers including IE?

[alixa]

YES to all browsers

[SuperDave]

The instructions I have given you is the proper method to get rid of this re-direct. Have you tried a System Restore to before the date this problem happened?

[alixa]

WELL i finally solved it at last
1- i have to disable cookies
2- i have to disable java in a the browsers

thanks for your help and i am sorry to bother you thanks again

[SuperDave]

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
********************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!