1

The last 2 days http://trafleyb-sw.ru/ry5/rtk/mgpg is the link which gets connected automatically in my browser. I use Bitdefender total security to counter internet problems. But after multiple scan the problem still persists. I don't know why the particular Russian domain keeps opening.

Moreover, I would like to mention that I am using Google Chrome as browser.

Is there a solution? In addition I would like to know why the problem exist and persist? How can this be counteracted, provided I have a registered internet security software.

Tamara Wijsman
  • 57,083
  • 27
  • 185
  • 256
gaufler
  • 113
  • 5
  • 3
    I Would back up important files asap, then disconnect the backup drive from the PC until you have removed the malware or reinstalled the OS, evidently you have some sort of malware on your system, if it is ransomware it will encrypt your files or already has. – Moab May 06 '16 at 17:46
  • 2
    You have malware installed. You should identify and remove it. – Ramhound May 06 '16 at 17:51
  • 1
    Dupe: [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/q/100360) – DavidPostill May 06 '16 at 17:52
  • Just use Adwcleaner... – undo May 06 '16 at 17:52
  • Here one (of many) hows: You use a nice Chrome extension; Said extension gets purchased form nice author by shade malware dealer; They upgrade the extension and add malware; Chrome updates the extension (since you have it installed already, and you may have even granted it extra trust); And you get the new version, including the malware... – Ƭᴇcʜιᴇ007 May 06 '16 at 18:29

1 Answers1

2

Safeguard and disconnect your backup immediately, then reboot into safe mode! If your data is important but you have no backup, cut the power immediately and visit your local PC store or use another computer for further diagnosis. Do not attach a disconnected backup as you risk losing it...

How such can be counteracted, provided I have a registered internet security software.

PEBKAC; in other words, it cannot be counteracted because you have given permission to it. You might not be aware of doing this explicitly, as it often comes along another software installer or browser extension or similar. Usually, but not always, a weasel sentence in the EULA or a small line of text somewhere in the installer explains that this piece of software gets installed along.

I don't know why the particular Russian domain keeps opening.

There are only limited ways to have the browser open up a website:

  • Browser extension or plugin
  • Executing a command (by another process, service, task, startup item or opening a shortcut)

Which means that you will have to check your extensions, plugins, software list, msconfig, services.msc, task planner and browser shortcuts for anything out of the ordinary. A lot of these will have a visible entry in one of these locations.

However, some variants are tricky and damage your data; so, in order to be safe to run antivirus tools like RogueKiller, AdwCleaner, MBAM and a full scan with your virus scanner to further clean your computer. Search for virus removal and encryption questions on Super User for more information.

Tamara Wijsman
  • 57,083
  • 27
  • 185
  • 256