PDA

View Full Version : dozens of unstoppable new browser windows randomly and at startup



Williee
2017-07-31, 02:50
It started about five days ago now. Win7 Pro, a clean and well maintained and protected machine on a personal LAN with multiple platforms. Chrome started to reload a tab I was working on to the set homepage. I couldn't literally keep up with the switch trying to use the browser back button. Then it started opening multiple new tab windows with the home page, which is the only connection I can see between the current open tab and new windows. Reinstall, reboot, and it would literally start the browser as soon as I logged back in so fast I had to hard shutdown to stop. Then it started happening in IE. After running my AV, Malwarebytes I downloaded, tried and purchased the Pro version of Spybot. No program can find anything to account for this.

NOW trying to review the .chm Help file in your program THAT browser is experiencing the same behavior reloading the page Titled Description, License, Requirements over and over and over. It is disconnected from the Internet as this happens as well. It appears, without conclusive proof, that it happens more when I pull the Ethernet cable. I have reviewed task scheduling, running services, etc.

Whether I can do more I really need to know first if anyone has ever heard of this behavior before as I have described it, before I invest any more time. I have been at this for days because it will be a lot of work reverting and setting up again. The same behavior was exhibited on a Win10 Pro machine on the same LAN for a short period but seems to have stopped now today since I have been troubleshooting. I am preparing to wipe the Win7 machine because I don't trust it now so I would welcome any ideas and again, ANY familiarity with this kind of behavior.

BTW, in desperation I searched the file system for anything chrome, before I realized it wasn't exclusive, and deleted some application files for Chrome. The process kept trying to open Chrome telling me it could not find the executable ergo not browser specific. I do suspect it is memory resident and/or either a scheduled task or registry setting. It is well hidden and may be in the boot sector.

I am very technically literate and am sure I can contribute to a discussion about this without difficulty.
Thank you.

tashi
2017-07-31, 08:38
Hello Williee,


I am preparing to wipe the Win7 machine because I don't trust it now so I would welcome any ideas and again, ANY familiarity with this kind of behavior..

In case you missed it please take a look at the FAQ which includes guidelines for this forum and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing the logs requested and a link back to this one so a volunteer analyst can advise.

Best regards.

Williee
2017-07-31, 17:25
@tashi I was quite specific....I have spent so much time and found only one vague reference to something similar anywhere, if no one here in a forum dedicated to malware has heard of this type of behavior I really cannot spend anymore time with no end in sight on this.If you cannot even speculate on this type of behavior then anymore time spent will probably be as fruitless as the last week has been. I suppose I still have time to get a refund on the Spybot which did absolutely nothing to find the problem.

tashi
2017-07-31, 20:02
Hello Williee,


@tashi I was quite specific....I have spent so much time and found only one vague reference to something similar anywhere, if no one here in a forum dedicated to malware has heard of this type of behavior I really cannot spend anymore time with no end in sight on this.If you cannot even speculate on this type of behavior then anymore time spent will probably be as fruitless as the last week has been. I suppose I still have time to get a refund on the Spybot which did absolutely nothing to find the problem.

This particular forum is for users with personal computers which may be infected, the FAQ is posted for the benefit of members and helpers alike.

Our volunteer analysts are unlikely to make guesses or speculations. Even if a situation sounded similar, the machines and the LAN are not.

If the issue did not appear to be malware related you would be asked if you'd like to be directed to a tech forum. There you'd post a link to your topic so everyone was on the same page.

Of course Spybot users also have the option of opening a support ticket. Pro version here (https://www.safer-networking.org/support/ticket/paid-user/).

Best regards. :)