AfireAzuaki

Epic Skial Regular
It's kinda been solved, kinda not. It's still there, but I replaced it with another computer I was suppose to use a few months ago.
 

ozzeh / dave

Legendary Skial King
Contributor
You can try checking your process list, look for anything suspicious and Google it. Also press Windows key + R (run), type in msconfig, go to Startup, look for anything suspicious again.
 

|ANP| Shadow Ghost

Mildly Menacing Medic
You can try checking your process list, look for anything suspicious and Google it. Also press Windows key + R (run), type in msconfig, go to Startup, look for anything suspicious again.

well if you still want it resolved it might not be a processes at all just a redirect script injected in the browser. if it is, its not detected by antivirus look for addons and and extensions first, Im not saying Ozzeh is wrong it could also be a start up file but an antivirus should of detected it. This is a pretty advanced type of addwhere lol most of the time you just have to uninstall the application that gives you smiles. also take in to consideration it might of been a prank. Do you remember the last thing you installed/downloaded when this started happening? but if all else fails system restore :D
 

ozzeh / dave

Legendary Skial King
Contributor
well if you still want it resolved it might not be a processes at all just a redirect script injected in the browser. if it is, its not detected by antivirus look for addons and and extensions first, Im not saying Ozzeh is wrong it could also be a start up file but an antivirus should of detected it. This is a pretty advanced type of addwhere lol most of the time you just have to uninstall the application that gives you smiles. also take in to consideration it might of been a prank. Do you remember the last thing you installed/downloaded when this started happening? but if all else fails system restore :D



It could be a script, or well scripts, since it happens in both Firefox and Chrome.


If the tools mentioned didn't work, and there's no extensions in the browsers, and nothing in the hosts file, the next think I'd do is check your process list and startup config. I'd use a custom task manager to check the process list as well (like process explorer).
 

|ANP| Shadow Ghost

Mildly Menacing Medic
It could be a script, or well scripts, since it happens in both Firefox and Chrome.


If the tools mentioned didn't work, and there's no extensions in the browsers, and nothing in the hosts file, the next think I'd do is check your process list and startup config. I'd use a custom task manager to check the process list as well (like process explorer).


for reference host file is C:\Windows\System32\drivers\etc and to open it ether right click and select notepad or rename it to hosts.txt and when your done editing delete the .txt part out of name your looking for things like this



38.25.63.10 x.acme.com


so basically if you try to connect to the ip 38.25.63.10 is gona be redirected to x.acme.com this is neither a virus or malwhere but is caused by malwhere/adwhere