Help Android Chrome Redirection Virus/Malware/Adware

[radnus1987]

This is not a problem with google ads nor has anything to do with your phone or any other device that you use. The issue is that the router has been attacked and the DNS has been changed.

Log on to your router and change the router settings to set the DNS settings to 'Obtain from ISP' or an equivalent option based on your router model. Alternately get the correct DNS value for your internet provider and enter those values for the DNS.

Regards,
Radnus

 

[Sal17]

I have the same problem from the past 2 weeks. Any link I click on takes me to an ads site- common ones being, adsmate.com, yourexchange something.... doubleclick, download.apps- opera mini browser telling me that my phone is slow and I should download the app. Ugh so tired! I decided to use firefox instead of chrome, but its happening there as well. In chrome I've noticed that disabling javascript stops the redirects but its not really a solution. I scanned the device for malware and adware with 4 different apps but no use. I have sent feedback to google many times but no help. I feel like throwing away my device.

 

[Sal17]

This is not a problem with google ads nor has anything to do with your phone or any other device that you use. The issue is that the router has been attacked and the DNS has been changed.

Log on to your router and change the router settings to set the DNS settings to 'Obtain from ISP' or an equivalent option based on your router model. Alternately get the correct DNS value for your internet provider and enter those values for the DNS.

Regards,
Radnus

Hi, thanks for the info, but I have this problem only on android and not in my laptop. No redirects there. So, what could be the problem. (please check my previous comment above.)

 

[Danderman]

Hey, I just signed up so that I could answer this question. I first noticed this issue on my Note 3 about 6 months ago and it infuriated me. I found this and many other forums with no idea how to fix it. I tried every suggestion and nothing worked. (I know this sounds like an infomercial but bear with me).

Anyway, I figured out that it was happening through facebook, so I trawled through every setting in the app to find out what it was and after days of looking, I discovered the 3rd party apps section. Every time you use Facebook to log into a 3rd party app you give the app permission to access your facebook. Things like "test your IQ" and "when will you die" and all that crap. So I had like 200 of these logged into my account, and I painstakingly went through and disconnected every single one I didn't recognise or use and hey presto it worked... no more redirecting... magic

 

[GalaxyS5411]

Hi, thanks for the info, but I have this problem only on android and not in my laptop. No redirects there. So, what could be the problem. (please check my previous comment above.)

I sent my Galaxy S5 to SAMSUNG for a repair. I got it back today, put SIM card in (no SD Card, so it is a factory clean install right, literally from the factory).

I boot it up, and don't yet add my google account info, or anything that is unique to my cloud accounts. I don't install any apps or modify the system.

I run through the startup configuration, and select all options to make phone most unlikely to "talk" to 3rd party or google or SAMSUNG.
I then open CHROME BROWSER and type: www.drudgereport.com - within a few seconds I get a popup with this:

I killed Chrome the first time, then it happened again.
So I did factory reset, thinking - this was weird.
Then I read on Forum that it might be router DNS.
I am at a hotel, so I changed wifi -
Same issue.So then I disable wifi - do factory reset.
Same thing.
So then I do a factory reset - and allow the S5 to do a full OS Update.
Stay on the 4G network with T-Mobile, and ignore the wifi, same thing.
I set max security in the browser, block popups and disable Java.
I also tried the default OS Browser that comes with the phone.
Same thing.
It finally stopped for a few hours, but then came back - this time when I clicked on a link to an ap.com news story -
Same popup, same result when you click OK.
Takes you to this URL:
play.google.com.app.stores.appflz.com/smartyads/US/360/lp.html

And the following Screen Shot:

Can't be DNS, because it is going on w/ 4G now - w/o WiFi enabled... Unless carrier's Routers' DNS is hacked too?

 

[Marc_G]

Often virus scanners are themselves malware or scamware. Particularly those that report problems using poor English. Not necessarily reputable.

 

[LuckyStar]

I randomly get redirections to your.dailytopdealz.com.
I have no Facebook app installed.
Hate this... Regardless wifi or 3G....

 

[JjTtPp]

Unsure how to post a message to this thread I replied to what looked like the most recent.
I also cannot figure out how the "best answer" highlights occur. Totally bogus. The javascript hack occurs on any wifi or 4G. It is a lack of security in Android and or Google Play. They will completely deny it and say contact the vendor of your phone.
Disabling javascritpt will stop the problem but your browser, usually chrome or firefox, will be operating with both arms tied behind their back. Not a solution. It just stops the script from running. On Android antivirus anti malware vendors cannot prevent this problem. McAfee MMS can detect it and block access to the web page you are being redirected to so the hack does not complete the break in to your phone. Popup block setting in chrome doesn't work as the script by passes the blocker. Most likely explanation for that is the script is trusted by google play. The phone is locked to antivirus defenders meaning access to the level of protection necessary is inside the locked portion of code space in your phone. Unlocking the phone will not help as the av companies do not protect unlocked devices. On Android there is no Data Execution Protection type mechanism. Google does not protect itself or its own OS from attacks. The redirect happens on your device.
Frustrated for quite a while I did find that unchecking the allow location within the browser will speed up chrome dramatically. Will not stop the redirect smarty ads or other sites today redirecting to 192.151.147.35 or yesterday it was 198.126... Data Shack which does handle a lot of adsense doubleclick and other google ad intrusion on your phone. Turning location off on the device. Well it looks like the device but it is google. Google uses location to track you and your device. One of the most common uses is traffic. Your device is a beacon to google and it tracks your location at intervals. If you are on a road they supply traffic for voila. Device location disabled also renders google maps useless. It cannot even be used as a map at that point. Anyway disable location in the chrome app is like using a more powerful battery or faster internet connection. No stop and wait by the browser while google invades your privacy rather than use info it has already updated within the OS.
Finally what has been the 'fix' for the redirects is cookies. Locate your chrome settings, then site settings, then cookies. There you should find a check box next to "Allow third party cookies". Uncheck that. Try it. I do not do much more than read the news and technical articles with my phone. Thus I have not seen any inconvenience disabling third party cookies. I put "fix" in quotes as it is not really a fix. So far no popups. But disabling the browser functionality will likely have repercussions down the road. Although less inconvenient that the inability to browse legitimate web pages that do not profit google in some way.
Now if we can find a way to undo best answer suggestions in the forum. That DNS hack is a joke. Can you imagine if all the routers and cable modems in the world were hackable? Boy would the ISP's sure be busy. No firewalls on this internet would take it down. No DNS would break most every app. No way to remember that many numbers. With IP6 no way to remember numbers that long! That answer is simply stated, google protecting their ad pipeline to your phone. Like AOL they only want you to see what they need you to see. The internet is not open space any more.

 

[EarlyMon]

Best answer is voted on by members who thought that the post at the time was just that. It's not a perfect system.

If you read the best answer post carefully, he's disagreeing with the DNS being hacked.

That agrees with a big part of what you're saying so I don't see your problem with it to be honest.

Good catch on not allowing 3rd party cookies.

I personally recommend Firefox with the ad blocking and Ghostery add-ons and leaving Javascript on but that's just me.

Btw - mods don't know what to make of your report about your welcoming pm from the site owner. No you can't reply to it, it's just a canned response by the site autobot with Rob's name on it.

We're a members helping members forum and are not affiliated with Google.

Welcome to the forums!

 

[bcrichster]

I managed to alleviate that similar issue (as OP's) by downgrading Chrome version to v39 & under. Hope that helps

 

[A R Miller]

I had a brush with a push-ad virus this morning.

I was actively using Words With Friends (for the last time, I assure you), and when the post-play ad popped up, a file began downloading. I did not prompt any download. The download notification lasted only a second, but I managed to grab the notification bar in time to see that it was a .doc file before the notification vanished. If I hadn't seen the active download, I would never have known about it. Any record of the download was gone.

Of course, I immediately start getting Chrome pop-ups of questionable character.

I go into my docs folder and see a doc that seems to be normal. It has text in it. Seems to be a story of some sort, though I didn't actually open it to find out. I only saw what was in the preview thumbnail. The file name was (1).doc (or something similar, my memory is imperfect). I deleted it. I also deleted WWF and any other Zynga apps on my phone.

I then used a virus scanner, which told me that unauthorized texts could be sent. I fixed that.

I haven't had any problems since.

So if you have a recurring problem, you might check your docs folder for anything strange. It's not a likely hiding place, but I know that was how the viral payload was delivered to my phone. I assume that it could keep reactivating its script somehow if not deleted.

Well, worth a try at any rate. Best of luck purging your phones.

 

[EarlyMon]

Wow!

Glad you found the problem.

Really glad because I used to use WWF and was planning on going for it again next week - you just saved me the pain and I appreciate it!

 

[A R Miller]

Wow!

Glad you found the problem.

Really glad because I used to use WWF and was planning on going for it again next week - you just saved me the pain and I appreciate it!

Obviously, this might not be the root of everyone's issue. I was lucky enough to see what was happening, so I thought I'd pass the word along.

Definitely avoid WWF and, frankly, I'd avoid anything with push-ads for a while. Keep safe out there!

 

[goliathdds]

This problem is going on for me for nearly 1 week, no real solution helped clearing what was causing this. My browsers keep directing me to a "ad-type.google.com/blabla" address, then some site called totaladperformance. This looks like a malware, because it can also happen to computers, and there are many information online how to clear it from Windows based systems. No answer for Androids though.

This happens in any browser, first started on Chrome, stock browser and Opera were doing the same. Then I downloaded Firefox with adblock, it doesn't work and keep redirecting, then I tried Adblock browser beta with no luck, same thing is going on. I deleted chrome folders under Android/data folder as OP suggested, didn't work, then deleted ALL folders here, problem persists. No app was downloaded recently.

As a temporary solution I enabled "Data saver" under Chrome Settings, this way I can use Chrome but not other browsers. Disabling Java in Firefox works, but then I can't see most of the content in the websites I'm visiting.

I've been using Avast as antivirus software since I got my phone, it doesn't find anything wrong. Downloaded malwarebyes and scanned multiple times, finds no threat everytime.

I don't use static IP at home or at work, and my IP changes everytime I reset my router. I hard resetted it multiple times, changed user interface password. I don't think this is WiFi related. but my co-workers have the same problem with their Android phones. Total of 4 Android phones are being directed to totaladperformance in most sites with ads. Problem continues even if we disconnect from WiFi and use 3g/4g connection.

So far no solution helped and it's driving us crazy. There must be a way to clean this...

 

[Neverdude The F1rst]

Hi,

I had an issue crop up where whenever I would try to access a link or do a search in Google Chrome on my Samsung Galaxy S4 on Android, I would get redirected to a Malware/Adware type site.

Always starting with slimspot dot com, then redirecting to a pop up saying I've won an award or I have a dangerous virus that needs removing etc.

Anyway, there would be no way to go back and access the original site I was looking at or be able to use Chrome to search for anything because I'd constantly get redirected to this Malware and the only option was to close down Chrome and try again only to get same thing happen again etc etc basically rendering Chrome unusable.

I tried clearing cache/data in Chrome, restoring Chrome to factory default version etc. No luck...

Searched google relentlessly for a fix to no avail.

Tried every legitimate anti virus, anti malware/anti spyware program around, none could detect a problem.

Tried Firefox and that worked fine so I knew it was a problem with the Chrome browser specifically.

So then I figured it out and thought I would post solution on here for other poor suckers who go through the same thing and can't find a fix.

I almost couldn't be bothered but I want to try to be helpful

Anyway, connected phone to computer, went to Android folder, then data, searched for Chrome. One folder came up, I shift deleted it.

Voila. Simple as that, problem solved.

Hope this helps someone.

Hello,

I had the same shit described like above. try all the antivirus en cc cleaner and all the others = NO solution !
After a few weeks , i come up with this solution:
Connect your android to Pc as same as mention above.
Go to the intern memory of your device, and look for a strange name in the maps,
by me was the name "dpmhdp".
I clicked on this map and there where files like: ghdjhkjqdshkjlqs.hjhkkjklsq, so no normal names,
sorry all, but i can't remember exactly the names.
Use your good feeling en healthy brains in this.

Then delete the full map "dpmhdp"

Sorry for the bad English

This worked for me.

I hope this will help you.


Regards

 

[philip9494]

This problem is going on for me for nearly 1 week, no real solution helped clearing what was causing this. My browsers keep directing me to a "ad-type.google.com/blabla" address, then some site called totaladperformance. This looks like a malware, because it can also happen to computers, and there are many information online how to clear it from Windows based systems. No answer for Androids though.

This happens in any browser, first started on Chrome, stock browser and Opera were doing the same. Then I downloaded Firefox with adblock, it doesn't work and keep redirecting, then I tried Adblock browser beta with no luck, same thing is going on. I deleted chrome folders under Android/data folder as OP suggested, didn't work, then deleted ALL folders here, problem persists. No app was downloaded recently.

As a temporary solution I enabled "Data saver" under Chrome Settings, this way I can use Chrome but not other browsers. Disabling Java in Firefox works, but then I can't see most of the content in the websites I'm visiting.

I've been using Avast as antivirus software since I got my phone, it doesn't find anything wrong. Downloaded malwarebyes and scanned multiple times, finds no threat everytime.

I don't use static IP at home or at work, and my IP changes everytime I reset my router. I hard resetted it multiple times, changed user interface password. I don't think this is WiFi related. but my co-workers have the same problem with their Android phones. Total of 4 Android phones are being directed to totaladperformance in most sites with ads. Problem continues even if we disconnect from WiFi and use 3g/4g connection.

So far no solution helped and it's driving us crazy. There must be a way to clean this...

I have the same exact issue, started today and i can't get rid of it! So annoying...
Sometimes appears a white window with an "x" to shut it down and when i press it, pops up some russian ads and some shit like that.
It happens in my android device and in my laptop (android device: using Chrome and any other browser, laptop: browsers and even in Spotify !!!!)

 

[JCL]

When I was browsing Mangahere I often have my page suddenly change to a site called hotvideosarround.blogspot.com , this is happening when i'm using Chrome and Firefox but UC browser run fine. I'm using Samsung tablet and this thing happening whether I'm using Mobile data or wifi, it started two days ago after i download Shazam and Soundhound in Play Store although i don't know if it was the cause (already deleted both but the problem still happening). I don't have new tabs popping up, it's just when i'm using Mangahere the page often change to the aforementioned website when it still loading or when i left it idle. Can anyone help me with this problem?

 

[LuckyStar]

I am trying to make a pattern out of it, and it looks like nasty redirections occur only on certain sites....

 

[JCL]

When I was browsing Mangahere I often have my page suddenly change to a site called hotvideosarround.blogspot.com , this is happening when i'm using Chrome and Firefox but UC browser run fine. I'm using Samsung tablet and this thing happening whether I'm using Mobile data or wifi, it started two days ago after i download Shazam and Soundhound in Play Store although i don't know if it was the cause (already deleted both but the problem still happening). I don't have new tabs popping up, it's just when i'm using Mangahere the page often change to the aforementioned website when it still loading or when i left it idle. Can anyone help me with this problem?

Update:
I tried turning off the option to allow third party cookies to acces my tablet in my Chrome and so far I haven't been redirected from Mangahere or having any pop up, I tried the same with Firefox and it run just fine. I will post further update if there's any change.

 

[LuckyStar]

Redirecting virus in general terms known as browser hijacker which hijack your web browser and redirects you to different malicious websites.

To remove the virus manually follow the give steps:

Click on Start > Control Panel > Uninstall a program (suspicious program).

Reset your browser settings:

Click the Chrome(choose your preferred browsers) menu on the browser toolbar.
Select Settings.
Click Show advanced settings and find the "Reset browser settings” section.
Click Reset browser settings.

In order to stay ways from them you can use a Antispyware software that is capable of detecting and removing them from your PC.

We are talking about Android, not windows

 

[Amanda the Leaf]

Okay, I'm so confused. I've been using Chrome and keep getting redirects. So I have installed Firefox and clicked on a link from Facebook and I'm getting the redirect again. I have run every malware scan possible and it finds nothing. My next step is to connect it to a PC and try the advice above but I can't do that till Wednesday. However the suggestion that it could be the router helps as I have been away since Saturday and am using the accommodation's wifi and I can't be sure but I've had this problem since approximately Saturday, cannot be sure though. If it is their router, will it be fixed by leaving the area and disconnecting the wifi or am I infected? I'm tearing my hair out.

 

[BrianWellman1972]

I was getting a free-trials-today.com pop up with many redirects. I tried everything to figure out what was causing it. I reset all settings and deleted and cleared cookies and files, Nothing worked.

I followed your instructions:
1. Open Chrome Browser app
2. Go to menu
3. Open Setting
4. Open Site Setting
5. Switch pop-ups setting to BLOCKED

I found free-trials-today.com listed as a blocked exception. I deleted that and I'm good now. I don't know what site entered that or changed that setting.

Thank you for your help!

 

[Amanda the Leaf]

So I have nothing new to add except I've come home and am no longer using the hotel's wifi. I still have the problem. Sometimes I go a while without having anything and then get a string of them. The most annoying thing by far is the most recent one springs up with an audible alert despite my phone being on silent/vibrate. I'm trying everything I can and nothing seems to work. I have had a look in my downloads/documents and there is nothing suspicious in there. I do have Words With Friends and have had it in the past where it tries to auto download something suspicious but have not had that for a while. I am totally clueless about what to do about this.

 

[Joebaba]

Hi,
I was having very similar issues, though mine occurred in all my browsers – Chrome, Firefox and UC Browser.
About once or twice a day, I would get redirected to a page claiming I had a virus, or offering a cheap IPhone.
I tried many of the things listed in this thread – nothing seemed to work. It wasn’t a horrible problem – just annoying.
Then I installed Clean Master from the App Store. I told it to look for Junk files. It went through it’s routine and found a bunch of junk files. Of particular interest to me, was that it found junk files related to specific “Ad”s and some junk related to “Unknown Ad”.
Anyway, I let it clear out all the junk files it found, and voila! I haven’t had the issue since.
Hopefully this will work for others too.

Joe

 

[SimpleSmarthphoneUser]

hello from Poland!
I would like to be helpful for all. I am a happy user LG G2 (stock fw. lollipop 5.0.2)
In my situation spectacular show pop ups looked out this way....

For a start I thought that my smartpohone LG have been infected by malwares or any hijacks?!
After using all avaliable anti-viruses and anti-malwares from the shop Google Play the problem didn't disappear.
I have been still redirected to pops ups even from a popular website like accuweater.com ???

Then I made up my mind on downloading the new stock firmware from LG. I flashed my device and were
surprised that the problem didn't disappear
So I looked for in google and I found it:

This is not a problem with google ads nor has anything to do with your phone or any other device that you use. The issue is that the router has been attacked and the DNS has been changed.

Log on to your router and change the router settings to set the DNS settings to 'Obtain from ISP' or an equivalent option based on your router model. Alternately get the correct DNS value for your internet provider and enter those values for the DNS.

Regards,
Radnus

I paid special attention to my 5 year-old router TP - Link and it were good choice!!!

I noticed that, when am conected with internet from other Acces Points - hotspots (on expample in resteurants, pubs, park) or use LTE from my GSM provider I don't have any troubles with pop ups!!!! All browsers worked fine!!!

Final and solution!

I downloaded firmware from official website TP-Link and flashed my home router. I changd and used new more difficult passwords, I used all the best advice which I found in the Internet to protect the router (on example am applied the ACL - Acces Cotrol List)

Three days passed and I don't have a pop ups!!!!!

Attention!
My router is operating two devices with the system Windows and only one with the android (LG G2). I think that Windows is safeguarded better against attacks of this type. I had only that isseus with the android.

Hope this helps someone.