Delving in the direction you pointed at and yes Artemis botnet C&C probably comes in view.
Server nginx/1.4.4 on that website jaoohqvqda dot ru is vulnerable to conditional redirects.
The WOT rep of the Cert. hoster, megasml dot ru is very low - Trustworthiness Very Poor (15/100)
04/14/2014 SURBL Site blacklisted at ws.surbl.org (sa-blacklist web sites). [link]
htxp://jaoohqvqda.ru/ → something bad out there, the host you provided doesn’t allow incoming HTTP HEAD requests.
web bug results:
HTTP/1.1 403 Forbidden
Server: nginx/1.4.4
Date: Tue, 30 Sep 2014 22:16:43 GMT
Content-Type: text/html
Content-Length: 168
Connection: close
Vary: Accept-Encoding
403 Forbidden
403 Forbidden
nginx/1.4.4
On that Autonomous System:
AS39572
AS Name: ADVANCEDHOSTERS-AS ADVANCEDHOSTERS LIMITED
IPs allocated: 34816
Blacklisted URLs: 730
Hosts…
…malicious URLs? Yes
…badware? Yes
…botnet C&C servers? Yes
…exploit servers? No
…Zeus botnet servers? No
…Current Events? Yes
…phishing servers? No
…spam servers? No
…spam bots? No
…spam activity? No
This domain was hosted in the Netherlands and here, Eddy, you could be right:
Really, Pondus?? Removing AceStream player cleared it up?? Damm…I LOVE my AceStream player
Damm…I removed and re-installed Chrome TWICE, changed passwords twice, and dumped all cookies and browsing history since the beginning of time!! WHY does it still keep bothering ME?
But AVAST! DOES KEEP SHOWING (and, presumebly, stopping) IT…so does it mean that I have CAUGHT some malware or virus? Or does it mean that it keeps trying and that AVAST! keeps stopping it??
The only way to know that for sure is just going through the routine as prescribed here: https://forum.avast.com/index.php?topic=53253.0
Provide us with the logs and wait for a qualified removal expert here to go over them.
Regretfully…I am EXTREMELY computer illiterate…so, Polonus, I am just going to do step-by-step-by-step the procedures on that thread - I’ll post what I get back on the log here! Downloading MalwareBytes now -
Many thanks again!
FIRST OFF, however…I trashed the AS Magic Player extension on Chrome…lessee if THAT does anything…
Well, nowfreespeech, we understand that and the qualified remover will take you by the hand and gently will tip-toe with you through the necessary steps of the cleansing routine and explain everything in detail so you will feel completely comfortable. They know what they are supposed to do. You should not worry one bit. Believe me.
polonus
P.S. A malware remover has been notified, wait for his arrival in this thread.
I am Valinorum and I will be your helper for this issue. Please attach the logs when done and we will go on from there. If you have any questions or do not understand anything, stop and ask.
My Internet Connection here in South East Asia is almost TOTALLY down (The A.A.G. Cable breakage ensures that it’ll be at dial-up speeds for at least one week) so I couldn’t do the update. But I DID run the scan - here is what it says:
Proceeding to NOW re-boot and continue with the rest of the steps on that thread!
Really can’t thank you folks enough! REALLY 'ppreciate all your help!!
PUP.Optional.InstalleRex got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker. This Potentially Unwanted Program is also bundled within the custom installer on many download sites (examples: CNET, Brothersoft or Softonic), so if you have downloaded a software from these websites, chances are that PUP.Optional.InstalleRex was installed during the software setup process.
The PUP.Optional.InstalleRex infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.
HOWEVER - I get NO warnings at all on Internet Explorer!!
Which tends to make me believe that either my Google Chrome browser has been hacked, AND/OR (probably), my entire Google account has been hacked!
I am VERY happy that AVAST! is stopping these hack attempts every time I go to ANY webpage…but does anybody have even a GUESS as to WHAT this thing is??
ANY advice?
Thank you all again so much - you’ve been really patient with me! This is just really frustrating