Why no Chrome protection against ballsack browser hijacker extensions?

[Corax]

I was about to post the below:

Posting this is my last resort, believe me.
IRL I'm the person other people come to for this sort of shit.

Standard Chrome hijack issue. Homepage unchanged, but links redirecting (seemingly at random frequency) to a variety of shitty webpages. I've not bothered making a note of them, but it's the usual mixed bag of crap.

Run:
Malwarebytes
BitDefender
Win Defender
Avira
Kaspersky tddskiller

None of which find anything of note. I've already used up my free trial of HitManPro.

No suspicious new programs in the control panel list.

Where now? Any ideas?

But just before doing so I remembered a previous problem, and plain out deleted any extension I was 100% sure of, even though they were already disabled.

So far, it seems to have done the trick. Fingers crossed.

Which leaves me wondering - surely it wouldn't be beyond the Chrome dev team's capabilities to protect against hijack extensions? Especially if the hijack is maintained even when the extension's disabled - that has to be a red flag, surely?

 

[bi0boy]

Insert smug "I use Firefox/IE/Opera/Lynx and have never had this problem" post.

 

[Corax]

Aw SHIT.

Still happening - any ideas Urban?

 

[teuchter]

Insert smug "I use Firefox/IE/Opera/Lynx and have never had this problem" post.

Followed by obligatory "get a mac" post.

 

[Puddy_Tat]

Followed by obligatory "get a mac" post.

 

[2hats]

Some ideas...

1. Try the standard Chrome cleaning instructions?
2. Check to make sure it isn’t your DNS that has been hijacked/poisoned?
3. Try creating a new Chrome user profile and see if that alleviates the problem (and if so, scrub Chrome and all supporting files then reinstall it afresh).

 

[Corax]

Some ideas...

1. Try the standard Chrome cleaning instructions?
2. Check to make sure it isn’t your DNS that has been hijacked/poisoned?
3. Try creating a new Chrome user profile and see if that alleviates the problem (and if so, scrub Chrome and all supporting files then reinstall it afresh).

Thanks.

I've deleted all my extensions now - including stuff like poper blocker, gmail, and IE tab that I know are legit.

Just used the cleanup tool as suggested. Came back with "No programs found", but like I say I'd already nuked my extensions. I've let it reset and clear everything else anyway.

Not sure what you mean by number 2? I'm not running a stand-alone server - I'm strictly front-end techy....

Having to redo all my extensions and settings will be a pain, but worth it if it works.

 

[EastEnder]

Have you checked whether you're using Windows? If so, there's your problem.

If you've got more money than sense, buy a Mac.
If you've got more sense than money, format the PC & install Linux.

 

[UnderOpenSky]

Is it all that porn you've been looking at?

Its a bit drastic, but nuking from orbit I find an easier option these days. With so much done onlin and cloud backups, there is relatively little to reinstall/backup. Still a ballache, but at least you know it's gone.

 

[cybershot]

 

[2hats]

Not sure what you mean by number 2? I'm strictly front-end techy....

Check (OS settings) that you are getting your name service resolution (DNS) from where you would expect to be getting it (eg own DNS server, ISP, Google, OpenDNS, whatever it was you chose in the first place) and that it hasn’t been changed by some malware and pointed to some new address that is involved in some underhand, nefarious activities. That would be one way of redirecting you to weird, wonderful and unexpected, potentially malicious websites.

 

[Corax]

Is it all that porn you've been looking at?

Nope lol. With the meds I'm on I have the libido of a castrated letterbox on a mildly overcast day. I'm basically asexual these days.

Makes life a lot simpler tbh.

 

[Corax]

Check (OS settings) that you are getting your name service resolution (DNS) from where you would expect to be getting it (eg own DNS server, ISP, Google, OpenDNS, whatever it was you chose in the first place) and that it hasn’t been changed by some malware and pointed to some new address that is involved in some underhand, nefarious activities. That would be one way of redirecting you to weird, wonderful and unexpected, potentially malicious websites.

Cheers.

Done that, and all looks as expected - EE.

All extensions removed.

And... I just got redirected to a helpful page from Microsoft giving me a 'malicious porn warning'.

FFS. I've run out of idea. Might run MalwareBytes again just for the hell of it.

 

[Mojofilter]

Have you tried another browser to see if the problem persists there?

From what I've read I'd agree that the nuclear option is probably the way forward though.


.

 

[Corax]

Have you tried another browser to see if the problem persists there?

Good idea. I think I've still got FF on here somewhere.

Although today's pass of MalwareBytes picked up 7 malware files and a PUP. No idea if they're new, or just weren't detected yesterday for some weird reason.

I'll chuck BitDefender at it now as well.

 

[cybershot]

I wouldn't bother wasting your time, just start again. Back up your crucial files and assuming it's Windows 8+ just hit the reset this PC option, it does the rest for you.

 

[Corax]

Just stumbled on this thread when searching for ones about extensions.

Well I must have fixed this somehow as it's not happening. It's ages ago and I'm fucked if I can remember how now. Don't even remember posting the thread, although I at least remember the issue so I'm not completely losing the plot. Which isn't a lot of help to anyone searching in the future, sorry.

Thanks to all who assisted anyway.


ETA:

Might plausibly have been Malwarebytes as that was the last action I posted on here, Still don't know why it took repeated attempts to pick them up though if that was the case, unless perhaps there was a database update to the in between.

I've uninstalled it in in the meantime anyway, as it was possibly fucking with performance.

From what I've read Windows Defender should make it redundant these days. Microsoft have upped their game.