Thursday, November 15, 2018

Google Chrome redirect – http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

Had a customer call in because he was on the LA Times website and clicked on a link that caused his browser to pop-up a Microsoft warning. The warning said he was infected and  needed to pay. He hit control-alt-delete and closed chrome. He restarted his machine and called us.

I opened Chrome and looked at the start page. It was set to “http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND”.  When I put that URL into another browser it took me to just Google. I figured the rest was unecessary and reset his home page to just be “http://www.google.com”.

I downloaded a rootkit scan tool from Bleeping Computer and ran a quick scan. We also use Vipre Anit-virus. I updated the difinitions and ran a full deep scan with Vipre. Nothing else was wrong.

I hope this helps someone else out there…

 

Remove wer5.exe With Adlice Rouge Killer

We have a customer that is having this “wer5.exe” pop-up. I never saw the pop-up; however, I was able to get the program removed using Adlice’s Rougekiller.

I tried Vipre antivirus and it didn’t find anything on the machine.

I used Malwarebytes which found 5 item.

Rougekiller found 12 items and “wer5.exe” was one of them.

I hope this helps someone else out there…