View original (French)

Nouvel onglet

Solved
isengrin13 Posted messages 32 Status Membre -  
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   -
Hello,
Despite all the advice and various cleaning actions, I can't get rid of New Tab. Thank you for your help.
I have uninstalled Chrome, reset Internet Explorer, repaired and uninstalled the browsers, I checked the add-ons and it wasn't present there. I don’t know how I managed to insert this stubborn virus.
I am on Windows 10 and I have "Microsoft Edge" and "Internet Explorer" as default browsers.
I remain at your disposal. Thank you.

Configuration: Windows / Edge 18.18363

19 réponses

Réponse 1 / 19
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Hello/Good evening,

Here is the procedure to follow.
On the blue links, you will find explanatory tutorials with all the details to follow the steps.

1)
Fix the web browsers concerned by the problems:
(do not use zoek and perform a manual reset)

2) To check your computer for possible infections and to get a general status of the system:

Follow the FRST tutorial by clicking on this blue link. (take the time to read carefully - everything is well explained).

Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.

Three FRST reports will be generated:
  • FRST.txt
  • Shortcut.
  • Additional.txt


Send these 3 reports to the site https://pjjoint.malekal.com/ and return with the 3 pjjoint links leading to the reports here in a new response so that we can consult them.

(The blue links lead to step-by-step explanatory tutorials, click on them for more precise instructions to follow).

--
Please press a key to continue the disinfection...
1
Réponse 2 / 19
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 


Here is the correction to be made with FRST. You can use this explanatory note with screenshots to help you.
Restart FRST and then press the CTRL + Y keys on your keyboard.
Notepad will open, copy/paste this. 

Start:
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1430677940-569444060-2834097280-1001\...\Run: [easyxplore Update] => C:\Users\Michel\AppData\Local\easyxplore\Update\1.3.99.0\easyxploreUpdateCore.exe [591872 2019-12-31] (easyxplore.) [Unsigned file]
HKU\S-1-5-21-1430677940-569444060-2834097280-1001\...\Run: [electron.app.EasyXplore] => C:\Users\Michel\AppData\Local\Programs\easyxplore\EasyXplore.exe [79950336 2019-10-23] (Tresdox Corporation) [Unsigned file]
HKU\S-1-5-21-1430677940-569444060-2834097280-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [370688 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {89626271-1245-4BF1-84D6-E35175F16F2C} - System32\Tasks\easyxploreUpdateTaskUserS-1-5-21-1430677940-569444060-2834097280-1001UA => C:\Users\Michel\AppData\Local\easyxplore\Update\easyxploreUpdate.exe [102400 2019-12-31] (easyxplore.) [Unsigned file]
Task: {B158AF08-3B15-4550-B414-C4F99B12EB6F} - System32\Tasks\easyxplore_chk => C:\Users\Michel\AppData\Local\Programs\easyxplore\EasyXplore.exe [79950336 2019-10-23] (Tresdox Corporation) [Unsigned file]
Task: {B6F815F0-26AA-4611-B34E-6B88650F6ED2} - System32\Tasks\easyxploreUpdateTaskUserS-1-5-21-1430677940-569444060-2834097280-1001Core => C:\Users\Michel\AppData\Local\easyxplore\Update\easyxploreUpdate.exe [102400 2019-12-31] (easyxplore.) [Unsigned file]
Task: {D5B3B245-F254-4D82-B28D-52F4D8961D00} - System32\Tasks\easyxplore_run => C:\Users\Michel\AppData\Local\Programs\easyxplore\EasyXplore.exe [79950336 2019-10-23] (Tresdox Corporation) [Unsigned file]
FF Plugin HKU\S-1-5-21-1430677940-569444060-2834097280-1001: @easyxplor.com/easyxplore Update;version=3 -> C:\Users\Michel\AppData\Local\easyxplore\Update\1.3.99.0\npeasyxploreUpdate3.dll [2019-12-31] (easyxplore.) [Unsigned file]
FF Plugin HKU\S-1-5-21-1430677940-569444060-2834097280-1001: @easyxplor.com/easyxplore Update;version=9 -> C:\Users\Michel\AppData\Local\easyxplore\Update\1.3.99.0\npeasyxploreUpdate3.dll [2019-12-31] (easyxplore.) [Unsigned file]
2020-02-07 19:46 - 2020-02-10 17:52 - 000000000 ____D C:\Users\Michel\AppData\Roaming\EasyXplore
C:\Users\Michel\AppData\Local\Programs\easyxplore
RemoveProxy:
Hosts:
Reboot:
End:


Save the content via the file menu then save.

Close Notepad, return to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.

Restart the computer.

--
Please press any key to continue the disinfection...
1
Réponse 3 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello Malekal_morte-, thank you for your help. I'm not too familiar with this, but I think I followed what I needed to do. After the scan, the 3 distinct files were, it seems to me, combined in the report I posted.
Thank you very much for whatever you can do.
My mistake, it’s incomplete... I’ll continue... apologies.
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
You need to provide the links that lead to the reports
otherwise I can't read them.
0
Réponse 4 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello, here are the links:

Addition:

https://pjjoint.malekal.com/files.php?id=20200205_y12y9h8o15r12

FRST:

https://pjjoint.malekal.com/files.php?id=FRST_20200205_o8v5b11m13b10

Shortcut:

https://pjjoint.malekal.com/files.php?id=20200205_c9q6d13t6s10

There you go, I hope it will be okay. I wish you a good reception and thank you for your help.
0
Réponse 5 / 19
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
You got tricked by an installer InstallCore, a PUP (potentially unwanted program) platform that is offered on download sites or through fake Java or Flash updates.
This prompts you to install Chromium to force Yahoo!, Segurazo, Avast!, McAfee Security Advisor or McAfee LiveSafe.
To avoid getting tricked again, read: PUPs InstallCore

Here is the fix to perform with FRST. You can refer to this explanatory note with screenshots.
Restart FRST and then press CTRL + Y on your keyboard.
Notepad will open, copy/paste this. 

Start:
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1430677940-569444060-2834097280-1001\...\Run: [Chromium] => "c:\users\michel\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
2020-01-26 23:16 - 2020-01-26 23:16 - 000003440 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineUA
c:\users\michel\appdata\local\chromium
2020-01-26 23:16 - 2020-01-26 23:16 - 000003316 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineCore
2020-01-26 23:16 - 2020-01-26 23:16 - 000000000 ____D C:\Program Files (x86)\Chromium
2020-01-26 23:15 - 2020-02-02 22:00 - 000000000 ____D C:\Program Files (x86)\Segurazo
2020-01-26 23:15 - 2020-02-02 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo
2020-01-26 23:15 - 2020-01-26 23:18 - 000000000 ____D C:\ProgramData\eadaj
2020-01-26 22:40 - 2020-01-26 22:40 - 000000000 ____D C:\Users\Michel\AppData\Local\4kdownload.com
Task: {5AF711D7-D5B9-465A-8A18-4727D784267C} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2020-01-26] (Chromium.) [Unsigned file]
Task: {758214EC-AE1A-4B25-AFB6-370D6336BB10} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2020-01-26] (Chromium.) [Unsigned file]
RemoveProxy:
Hosts:
Reboot:
End:


Save the content via the file menu and then save.

Close Notepad, return to FRST and click on the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.

Restart your computer.

2°)
Reset/Repair the web browsers concerned by the issues:

0
Réponse 6 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello Malekal_morte-
I think I've done the advice correctly. I'm posting here the fixlog received after the operation.

https://pjjoint.malekal.com/files.php?id=20200205_o13w15e12e10t8

Thank you very much for your help, you are amazing...thank you.
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
You set a password, so we can't access the report.
0
Réponse 7 / 19
isengrin13 Posted messages 32 Status Membre
 
Re Malekal_morte-, sorry, I paid close attention, the link is public.

https://pjjoint.malekal.com/files.php?id=20200205_y8t6g14b5w10

I hope you can open it. I mentioned in my previous messages that I might not have done the operation correctly; the New Tab is still present.
0
Réponse 8 / 19
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
ok,

We agree that it's on Google Chrome?
If so:
Reinstall Google Chrome properly by following this procedure exactly: Repair and reinstall Google Chrome properly
(If you have a synced account, read the next paragraph).

However, if you have a synced account, it should come back, I think.

--
Please press any key to continue the disinfection...
0
Réponse 9 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello Malekal_morte-,
I have followed your advice, thank you. Chromium and segurazo are no longer there. I reinstalled Chrome (which I had removed before taking our action, but probably not properly removed as there was still a Chrome in 'Program") and New Tab still persists, which has never disappeared...
I did another scan but I don't want to bother you or take up too much of your time, if others are waiting. So when you have a moment, if you could take a look... Thank you.

Addition:

https://pjjoint.malekal.com/files.php?id=20200206_k12s6s9f8c11

FRST:

https://pjjoint.malekal.com/files.php?id=FRST_20200206_z8y8b6t9s15

Shortcut:

https://pjjoint.malekal.com/files.php?id=20200206_p59p14d5r13

Thanks again and talk to you later.
0
Réponse 10 / 19
isengrin13 Posted messages 32 Status Membre
 
Re Malekal_morte-,

Here I am at home, keeping an eye on your message to know if you are available and how to get in touch, and at what time you would like. I will be at home all afternoon.
Thanks again and see you soon..
0
isengrin13 Posted messages 32 Status Membre
 
I can't respond to your message "I'm here"... I've changed my browser and it worked...
0
Réponse 11 / 19
isengrin13 Posted messages 32 Status Membre
 
Good evening Malekal_morte-
Short-lived joy, New Tab is back, I'm sorry. Do you want the reports again?
If so, let me know which software installs it so I can get rid of it…

Good night.
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Which web browser?
0
Réponse 12 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello Malekal_morte-, how are you?
I'm on Microsoft Edge...
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Is it systematic?
Check the startup page and default search engine.
=> https://www.malekal.com/changer-page-demarrage-de-chrome-firefox-internet-explorer-ou-edge/
0
Réponse 13 / 19
isengrin13 Posted messages 32 Status Membre
 
Here it is done, I checked and changed by opening a new tab and a blank page... nothing changes, I will enter the Google URL to see...
I added "https://www.google.fr/" and then I closed it... a message appeared "Main Windows not responding" there is still New tab...
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Take a screenshot of this new tab..
You should surf with Firefox.
0
isengrin13 Posted messages 32 Status Membre > Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention  
 
Sorry for the delay in responding, I was organizing my garage.
OK for Firefox... should I delete Chrome and disable the others?
Here is the screenshot... it's the black bar at the top…
Thank you…
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711 > isengrin13 Posted messages 32 Status Membre
 
Perform a Malwarebytes scan to see if it can remove it.

If it doesn't, run another FRST scan and provide the reports again.
0
Réponse 14 / 19
isengrin13 Posted messages 32 Status Membre
 
Good evening Malekal_morte-, I hope you're doing well?
I thought for a moment that Malwarebytes had managed to eradicate that damn New tab. It returned after 5 minutes. I've switched to Firefox, I'm not sure if it's related but I've had some little issues like my Thunderbird email completely disappearing (I had mostly backed up my contacts). Nevertheless, I'm sticking with Firefox, I'm following your advice which can only be good.
Here are the reports below:

Addition
https://pjjoint.malekal.com/files.php?id=20200211_10p8w13y6b15

FRST
https://pjjoint.malekal.com/files.php?id=FRST_20200211_q7k10y6u7y9

Shortcut
https://pjjoint.malekal.com/files.php?id=20200211_p6c10d9j7l13

Thank you again for what you do and good night.
0
Réponse 15 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello, I've followed it to the letter, I'm going to restart the computer.

https://pjjoint.malekal.com/files.php?id=20200211_l13x7x86x12
0
isengrin13 Posted messages 32 Status Membre
 
Re Malekal,
After the restart, the New tab is still there... Don’t bother, forget it. Unless I'm not doing the steps correctly?
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711 > isengrin13 Posted messages 32 Status Membre
 
Because the fix did nothing and is not good.

Place the FRST program on the desktop
open Notepad
paste the script given above
save the file on the desktop as fixlist.txt
Restart FRST then Fix.
0
Réponse 16 / 19
isengrin13 Posted messages 32 Status Membre
 
Thank you. Everything has been redone. That's what I thought, I had done it wrong.
New tab is gone. Thank you for your availability, kindness, and efficiency.
See you soon for a quick hello.
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Yes, hoping they don't come back on their own.
Try to update Malwarebytes this afternoon or tomorrow
and then run a scan with it again
in case it finds anything else.
0
Réponse 17 / 19
isengrin13 Posted messages 32 Status Membre
 
OK Malekal, I'm going to run Malwarebyte after an update. At 6 PM still no sign of New tab, fingers crossed.. Thanks again and I'll keep you posted. Tomorrow I'll add Resolved?
Have a good evening and see you later...
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Yes, no problem =)
0
Réponse 18 / 19
isengrin13 Posted messages 32 Status Membre
 
Hello Malekal_morte-,
Thank you once again for resolving the issue.
Malwarebytes, after its update, detected nothing. Everything is perfect, you were very efficient.
I also want to highlight the benefits of all of you who work voluntarily for the community.
(It's a shame... in my eyes, all efforts deserve compensation)
Thank you all.
0
Réponse 19 / 19
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
You're welcome,
To read - Programs that are harmful / PUPs: Adware and PUPs: how to protect yourself

Finally, to protect your PC:

--
Please press any key to continue the disinfection...
0