I’ve been looking around on the internet, and all of the threads I can find relating to this have the same, unsure reaction. I’m a victim of the random ‘microdefender[dot]nl’ hijackings. It opens a tab randomly in my Firefox that leads to that page ( usually headed by a random arrangement of numbers/letters ). I have some addons for protection, and every time I’ve gone so far, the site has an internal server error ( Error 500? )
I’ve run things like MBar and MBAM in regular mode ( nothing safe mode yet ), and I’m running Avast! Free right now, hoping SOMETHING will come up.
:Commands
[CREATERESTOREPOINT]
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1391218407-3976517184-3099314675-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Whops, ran it with the DellDock stuff anyway. Oh well! I just restarted, it’s running the quick scan now.
As far as reproducing this goes ( on IE or otherwise ), I don’t think I can.
It happens completely randomly – I thought I clicked on something the first time it happened, I’ll put it that way.
It always directs to a website with a random arrangement of numbers/letters, like “12345ab-microdefender[dot]nl”. I have NoScript and AdBlocker on my FF, and I dunno if that helps prevent the site from interacting with me in any way, but the site is always blank with the typical “Internal 500 error”, like the site’s broken somehow. It only seems to crop up every other day or so, sometimes two, and only once. But the fact that it’s happening is what troubles me.
I don’t think so. It’s happened as I was dallying around on other programs, but had FF open in the bg. I’ve seen mention of the site pop up in my Event Logger, if that helps? It said it had something to do with the microsoft DNS?
Hold on, I’m dumb, let me try to get it for you. Yeah, here it is.
Under the Event Viewer, under “Windows Logs”, then “System”, the last instance of it was at 2:14 AM last night. It reads this:
“Name resolution for the name 90d6bc5a.microdefender-fe.nl timed out after none of the configured DNS servers responded.”
Skype was one thing. Skype recently added a whole bunch of new ads to their program. Another friend who uses it is having the same exact issue as me, but other friends who use it are not, so it’s probably just me being paranoid.
That was the first time it popped up. I was browsing the internet ( I usually browse websites like WoWHead and youtube while idle ), and was removing an old contact from skype. I hit “remove contact”, and that’s when the tab opened in firefox. I’m sure it was completely coincidental, but at that time I was like “Oh, I must’ve clicked on something.”
I keep Adblocker and Noscript on for pretty much every site I go to, except to allow things like youtube’s player.
Usual programs I run are League of Legends and World of Warcraft, which are both video games supported by big, good companies. I doubt it has anything to do with them!
I would go for Skype, I have ceased to use that unless absolutely necessary due to the intrusive ads and weird links it tries to get you to go to
Also it acts as a P2P programme so if you are not using it then it will become a transfer node. So only start it when you need it and not with the system
Was not. I didn’t have avast installed until last night, when I finally started the witch-hunt for this to root it out. It hasn’t been happening very long at all.
Is there anything else that can be done to delete this? I’m glad if it’ll never come back, but I’m worried on what to do to stop it from coming around ever again.
Alright, I’ll be shutting down to head to work. If you guys can provide any more info, please, please please let me know! Thank you for all of the help so far.
The beauty of Avast is that it will block the connection so that nothing can get onto your system and you will be safe
To be doubly sure you can set the Avast hardened mode to aggressive and then you will get alerted any time an unknown programme starts, with the option to either block or run