Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with Malwarebytes,SuperAntiSpyware,ADWcleaner, JRT,and Panda A/V (free) to no avail. Any suggestions?
It looks like a browser toolbar. In IE try going to Settings>manage Add-ons > Toolbars and extensions. You should be able to delete it there. The other one I have seen lately resets your homepage. By going to control panel>Internet options general tab will allow you to reset the homepage.
Well, this is Maxthon but I tried resetting. Tried a few more things ........ then just deleted the browser and reinstalled. No idea where I got it or how it eluded everything I tried but it did. Its gone now, but thanks for the suggestion.
Try ZHPCleaner and RogueKiller too.
Maxthon has addons as well, a lot of which I would not consider using. Go to Menu - Tools - Extensions and see if theres any unwarranted addon there.
O.K. ......... Its back. Came back yesterday evening about an hour after I thought I'd gotten rid of it. It is only on the tabs after the main one and it turns off AdBlock Plus, (Its bundled into my Browser), but only on the unopened tabs. In addition to what I have already mentioned I've ran RougeKiller, ZHP Cleaner, BitDefender online rootkit scan,Malwarebytes Rootkit scanner, Malwarebytes Chameleon and at least a couple more that just don't come to mind. I've reset my Browser to defaults to no avail and even reinstalled Maxthon cleanly (no saved data).
It is only on my Maxthon, nowhere to be found on Edge,but as Maxthon is "my" browser, its a annoyance. Seems fairly "benign" too i.e. no re-directions or pop-ups but its not supposed to be there.
Have you tried running RKill & then run all the malware scanners to see if it can ferret it out? Could be it's not leaving because it's running & that blocks some removal attempts. Also, you might try running in safe mode & then run some of the scanners.
RKill DownloadAs RKill only terminates a program's running process, and does not delete any files,after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
Do as Borg suggests, but DO NOT REBOOT THE PC after running RKill. Its main purpose is to flush ram from any running malware process, so you must run any malware cleaner after it, but without rebooting.
As a last resort, try booting with any Linux BootCD or similar and check the ProgramData and Users<your account> folders (Specially AppData) for any weird looking file/folder that may be residing there. You can also flush the browser cache from there (usually stored under AppDataLocal folder).
Nice seeing you here Borg 386!
Tried RKill (can't believe I didn't think of that........), ran Malwarebytes,SuperAntiSpyware,ADWcleaner,and my A/V after running RKill. Its still there.
Additional data ; My Windows Defender is grayed out , says its on in Windows, but RKill says its disabled. Also, I don't know if this is important or not but I cannot access Maxthons home page. Says its "unable to resolve domain name". Its the only page I can't get to.
Will be trying eLPuSHer's suggestions next.
RKill also says you are missing some services. Which ones are those?
