Pop-ups about "JS:Redirector-BXI [Trj]"on opening a new page in Firefox / Chrome

Hello,

I have the latest free version of Avast installed. Every time I open a new page in Firefox or Chrome, Avast generates pop-ups indicating that it has blocked a harmful webpage or file . The infection is called JS:Redirector-BXI [Trj] and the process affected is “firefox.exe”.

I have done the following

  • Uninstalled Chrome
  • Reset of Firefox

Full scan of
a) Avast
b) Malwarebytes Anti-Malware scan
c) Ad Cleaner
d) Super Anti Spyware does not show anything .
I am using Windows 10 64-bit .

Please find FRST.log attached

Appreciate any help on this .

we also need frst additional.txt log

I do not see any ADDITION.log. I ran FRST again with same results. See the FRST.log attached …Is it some config I am missing ??
Thanks for your quick response.

EDIT : Sorry . My mistake. I was not running it as administrator…

See revised files attached.

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2946733716-4213665846-2416547646-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

See Fixlog.txt attached.
Just a FYI , The issue is still not fixed and the popups still come up .

OK next step

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

As attached. Thanks .

EDIT : Could this be a router issue. Dont want to steer you guys on the wrong track but all tools like SuperAntiSpyware etc have been run before and are not showing any infections

Unfortunately with Firefox and Chrome they are easy to corrupt… To check the router hypothesis do you get the same alert in Internet explorer ?

Also are Chrome and firefox synched ?

I don’t use Explorer - I only tried it just now for the sake of experimenting and it seems to be fine.
I have uninstalled Chrome.
I am not keen to uninstall Mozilla because I fear it wont solve the problem .

Run Firefox in safe mode and see if the alert still occurs https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

Have done the recommended configuration - however the alert still comes.

Have you emptied all the caches in firefox ? As this appear to be a possible corruption of the main FF programme

I had tried the refresh firefox earlier. Based on your advice, I cleared the WEB Cache…The application cache showed 0 MB …
I restarted firefox…However issue still exists

Should I just uninstall Firefox…and reset my router ??

If it was the router then IE would also be affected

A fresh install of Firefox would be best … Don’t forget to save your bookmarks

Latest update - I uninstalled Mozilla and tried using Microsoft Lynx all day. Worked well without popups for few hours now I see redirects to tradeadexchange again. This happens on every click .
I have not installed Chrome or Mozilla again yet. Was trying to keep the system as clean as possible.
I ran MalwareAnti Bytes but it just detected some adware cookies . I guess it cannot detect the actual virus…
Any thoughts ??

I am again suspecting the router but I have no experience troubleshooting/securing routers . I am confused why Avast and other such tools cannot detect the virus if any on my computer and hence suspecting the router

You can reset the router easily enough… On the back of the router will be a small hole marked reset… Using a biro push in the small switch, you should hear a click. The router is now reset.

There is nothing showing on your system

What is MS lynx ? as it is something I have not come across before

Sorry…I was referring to Microsoft Edge…I think it got installed by default when I upgraded Windows…

Ah OK edge, a nightmare of a browser

Did the router reset work ?

Re-install Firefox and see if the redicts/alerts are still there

I reset the router …Took me some time to understand how to do it because on resetting , the SSID and other properties went to default and had to set up the network all over again . I am using an old TPLINK Router.
Not sure if the problem has gone away . I will try for a day and will update you tomorrow.
Is there any script etc you would like me to run. Any advice on how to protect the router maybe

Regards
N

The main protection is to give the router a strong password as it was probably set to default