Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Windows 10 Chrome - "YourTV" Browser hijacker won't go away

This is a discussion on Windows 10 Chrome - "YourTV" Browser hijacker won't go away within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. So, around early yesterday I noticed that my Google Chrome has been infected with one of those scumbag browser hijackers,


Closed Thread
 
Thread Tools Search this Thread
Old 11-30-2016, 10:15 PM   #1
Registered Member
 
Join Date: Dec 2013
Posts: 39
OS: Windows 10


Evil

So, around early yesterday I noticed that my Google Chrome has been infected with one of those scumbag browser hijackers, one by the innocent name of "YourTV". What the program does is forcibly changes my homepage and default search engine to some broken, ad-spammed version of Google, prevents me from changing my default search engine (my computer insists that the current one is "enforced by the administrator") or default home page (the changes here are made through a registry file and editing Chrome settings does nothing to fix it.) As well as various other irritating things.

Now, after googling the issue, it seemed that removing this hijacker from my computer should be a fairly straightforward matter: Delete any potentially suspicious files from the computer, reset Chrome settings, scan with Malwarebytes, badda-boom-badda-bing, done.

Or so I thought...

I've been running into a lot of issues regarding this software and I'm starting to get very, very frustrated.

I'll list all the things that I've tried that haven't worked:
  • Searching for suspicious programs or files - I haven't installed anything to my memory since this hijacker showed up, and there are no odd or suspicious programs that I can locate through conventional search methods.
  • Resetting Chrome's settings - This does literally nothing.
  • Deleting registry entries referring to the hijacker - Again, does nothing.
  • Scanning with Windows Defender - Doesn't detect anything.
  • Scanning with Malwarebytes - This does detect the YourTV crap on my computer and removes it accordingly, but the moment I boot up Chrome again, it comes right back.
  • Booting my computer in Safe Mode and then doing a full, no-holds-barred custom scan with Malwarebytes - Again, this detected the same files (which I must have deleted about 4 times now) but again, coming back online on Chrome brings this scumbag of a program right back.
  • Removing the malware with Malwarebytes then reinstalling Chrome - A fresh install did approximately nothing to fix the issue.

Can somebody please help me? I'm at my wits end here and I get more and more frustrated the more I see just how offensively deep this hijack program has gotten its claws into my computer.

Also, it's worth mentioning that when I scan with Malwarebytes, it picks up a trojan software piece hiding in "C:\ProgramData\Mozilla\Mozilla Firefox"... The weird thing about this? Well, excluding the fact that I've never actually installed Firefox on this computer once in its lifetime, I also can't ever seem to find this folder on my own. Neither before nor after Malwarebytes picks it up.

And just in case it helps, here's a full log of what Malwarebytes picks up every time I scan:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/12/2016
Scan Time: 1:57 PM
Logfile: log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.01.03
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: nszme

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362649
Time Elapsed: 4 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-2845599095-3938741188-173153177-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [889fab37673352e46178334649b922de], 

Registry Values: 1
PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-2845599095-3938741188-173153177-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://www.google.com/cse?cx=partner-pub-8036109189802438[889fab37673352e46178334649b922de]A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.linkF, %4, %5

Registry Data: 1
PUP.Optional.YourTV.ChrPRST, HKU\S-1-5-21-2845599095-3938741188-173153177-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://yourtv.link, Good: (www.google.com), Bad: (https://yourtv.link),,[66c16f7323771620d01902225aa933cd]

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\ProgramData\Mozilla\Mozilla Firefox.exe, , [d255667c8e0c91a51b4cc24709f9e61a], 

Physical Sectors: 0
(No malicious items detected)


(end)
It's always those four files. One trojan, 3 PUPs, and deleting them just seems to make them come back the next time I start up Chrome.

Interestingly, though, this hijacker doesn't seem to be affecting Microsoft Edge, for whatever reason...

Anyways, if anybody could help me out, I'd be greatly appreciative.

Thank you!
Onahole is offline  
Sponsored Links
Advertisement
 
Old 12-01-2016, 03:55 AM   #2
Registered Member
 
Join Date: Dec 2013
Posts: 39
OS: Windows 10



Okay, quick update, I may have fixed the issue. Not going to class the thread as "Solved" just yet just in case this scumbag hijackware shows its ugly face again, but here's a quick rundown:

After uninstalling Chrome (again) and deleting every trace of it off my computer, I began a quick-fire routine of scanning, clearing malware, and then restarting. But I kept noticing that two malware trojan items were constantly being spawned into my system every time I started up, even if I didn't open a web browser. The programs were hidden in my ProgramData and were invisible (despite me having "show hidden files and folders" active) and they showed up constantly no matter how often Malwarebytes removed them.

I came to the conclusion that one of my start-up programs must be the culprit. To test the theory, I started in Safe Mode again, and scanned. This time, I didn't detect any of the malware, instead I found a few registry entries, which didn't come back after clearing them.

Then, I looked at the start-up items. And I noticed these odd little things:



I didn't recognise this mysterious "bc.exe" program, it had no publisher registered (although when I expended it, it did display some sub-programs licensed to "Microsoft") and seemed to be eating up a lot of my start-up data all on its own.

Sceptical, I disabled it and restarted the computer, then reinstalled Chrome...

And since then, this horrid "YourTV" crap has not shown back up. I reset my Chrome settings for good measure, but it seems that this weird "bc.exe" thing was the mother-brain spawning all these horrible little browser hijacking babies.

The "bc.exe" still shows up as an option in my start-up programs, but when I try to open the file location, it takes me to an empty folder in my ProgramData, and if I go up a level, the folder vanishes completely. No clue what the hell is going on there.

I'm now running another scan, a full, deep-seeking one this time, just in case there's any scraps of code lying around that still need to be destroyed. But so far, so good. My Chrome has survived a restart and I'm yet to see any mention of the blasted program.

Still no damn idea how it even got onto my system as I haven't downloaded anything recently, but I'm hoping this is a fix. Will update in a day or two or if something else of note happens.
Onahole is offline  
Closed Thread

Tags
chrome, malware

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
url:mal virus
I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2". I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad: Thanks in advance.:bang head: Dell...
Larry Crooms Resolved HJT Threads 35 01-14-2014 04:16 AM
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:42 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts