Windows 10: Suspicious website popping up in new tab when Chrome starts Solved

Page 2 of 2 FirstFirst 12
  1.    31 Jan 2017 #11

    GuyInDogSuit,

    System Restore (SR) is disabled by default on Windows 10. The Operating System does have Reset/Refresh this PC features which reinstall Windows 10, keeping files and most programs installed. However, IMO, System Restore is a useful tool when it comes to recovering from certain circumstances, and it appears you have the space for it.

    Please take action to enable SR before running the FRST fixlist that follows.

    To enable SR:
    On the Desktop, in the Search here area of the TaskBar, type: System Restore
    Press: Enter

    When Create a Restore Point is displayed, click on it.
    In System Properties > System Protection tab > Protection Settings, Protection is Off for Windows (C (System)
    To change this, click: Configure
    Tick: Turn on system protection

    Below, drag the slider to a reasonable amount of space.
    The larger, the more Restore Points, and the further back in time it can go.
    (Example, for a drive larger than 250GB, would recommend at least 10GB of space.)

    Click: Apply
    Click: Create
    Give the new Restore Point a name.
    Wait for Windows to create the RP, and click: OK


    Next, please do the following:
    Press the Windows and R keys at the same time.
    This opens the Run box.
    Type Notepad and click OK.
    Next, please copy the entire contents inside the code box below to Notepad:

    Code:
    Start
    CreateRestorePoint:
    CloseProcesses:
    GroupPolicy: Restriction <======= ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S3 PCASp60; System32\Drivers\PCASp60.sys [X]
    C:\ProgramData\fontcacheev1.dat
    CustomCLSID: HKU\S-1-5-21-837606628-3980760942-254267324-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\andre\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncApi64.dll => No File
    EmptyTemp:
    cmd: ipconfig /flushdns
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from E:\Downloads, vs. the Desktop. They both need to be in the same place, preferably the Desktop.

    Next, run FRST and click Fix only once, and wait.

    When done, the tool creates a log: Fixlog.txt
    Please attach Fixlog.txt to your reply.

    How is the system running?
    Is the suspicious website still showing up?

    After go.oclasrv.com appears on the system, the default DNS settings of browsers such Chrome and are altered.
    Included the command ipconfig /flushdns considering this issue.


    Also, open Chrome, click on the 3 horizontal dots and click Select More Tools > Extensions
    If you see any malicious extensions please delete them.

    Next, go to Settings.
    Select Open a specific page or set of pages and click on: Set pages

    If you find any malicious websites, delete them by clicking the X next to them.
    Last edited by cottonball; 31 Jan 2017 at 23:38.
      My System SpecsSystem Spec

  2.    04 Feb 2017 #12

    I have 52.8 GB of space on my drive and I install games on there so they load faster. I can't say I have space for system restore.
    I've already checked Chrome's settings and extensions, there's nothing there.
      My System SpecsSystem Spec

  3.    04 Feb 2017 #13

    Did you run the Fixlist on FRST?

    Can you attach the Fixlog.txt ?


    Please download HitmanPro (Sophos):
    HitmanPro Malware Removal Tool: Secondary Anti-Virus Scanner | Download HitmanPro 3.7
    Save to the Desktop
    Right-click the downloaded file and select: Run as Administrator

    When it finishes running HP will display a list of Identified Threats (malware) or other entries found (i.e. cookies, PUPs, etc.).
    Click on Next and select the option: Activate Free License

    This begins the free 30 days trial, and removes all the Identified files from the computer.

    After the entries are removed, click on the Save Log option.
    Save the HitmanPro log to the Desktop.

    Please attach the content of the HitmanPro report in your reply.

    Now, close the program, and restart the computer.

    Any changes?
      My System SpecsSystem Spec

  4.    05 Feb 2017 #14

    This is getting tiresome. How many scans must I run?
      My System SpecsSystem Spec

  5.    05 Feb 2017 #15

    As many as you like, or none, if you wish.

    It is in your computer where oclasrv.com rules, and, talking about tiresome, it can be a pain to get rid of.

    We are just trying to help.
      My System SpecsSystem Spec

  6.    06 Feb 2017 #16

    I'm pretty sure I removed it at some point. I haven't had it pop up in a few weeks.
      My System SpecsSystem Spec


 
Page 2 of 2 FirstFirst 12

Related Threads
How to Create a Desktop Shortcut of Website in Google Chrome Google Chrome lets you easily keep track of your favorite websites. You can add your favorite websites to your bookmarks, and you can also create desktop shortcuts of websites that will...
In forums I occasionally want to post a link to a particular page in a website built with frames pages. Back when I used Firefox, I could right click on the page and choose something like "Open frame in new tab". Then I could copy the URL and post...
Google chrome blocking file-downloads it deems as suspicious tried downloading irfanview from the irfanview website, but chrome blocks it. is there a way of getting round this, a registry hack perhaps thanks Google the ' internet Police...
Hi, after upgrading from Win7 Ultimate with Office 2007 to Won10 pro, every time I star Excel or Word or PowerPoint the Windows Installer screen appears and then asks for Microsoft Visual Studio Team System 2008 Development Edition.ENU disk. ...
Solved Suspicious update in Windows Updates and Activation
Anyone have any knowledge on this update? KB3016656? I see this in the "Installed Updates" but not in Windows update history. Googling comes up with several inaccessible links to a Chinese facebook page. I wonder if others have it, and...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 23:19.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums