Help Android Chrome Redirection Virus/Malware/Adware

[Abu7]

Got A Solution Guys.
Disable Google Chrome And get Google Chrome Beta From Tha App Store.
Tried All The Solutions In The Thread Mentioned, Nothing Worked.
Beta Is The Way , In A Way I think Google Forced Our Hand Into Using This ..

 

[cooldude_dips]

This is not a problem with google ads nor has anything to do with your phone or any other device that you use. The issue is that the router has been attacked and the DNS has been changed.

Log on to your router and change the router settings to set the DNS settings to 'Obtain from ISP' or an equivalent option based on your router model. Alternately get the correct DNS value for your internet provider and enter those values for the DNS.

Regards,
Radnus

Amazing ... just registered to say thanks

 

[Mihaly]

Hi Guys,

I've been looking for solution for the same problem during the past few days.
When I've opened certain pages - news pages -, my browser got re-directed to malware and other dodgy sites. I thought I have a virus or something bad hiding on my phone, but I have realised that this is only happening when I'm browsing using 4G or 3G through the Vodafone servers. I was never re-directed when I've been using the same sites from home, through my own router. Also, the re-direct only happened on certain sites, so the google ads issue is quite obvious.
I've started to download different virus buster software to try if any of them can stop this. I have to tell you that the big names - Avast, AVG, Kaspersky, etc. - are useless. Then I've read that someone has successfully stopped this annoying thing happening with CM Security. I've installed it and voila, no re-directs any more.

I hope I could help.

 

[bruscar]

Where would one find this chrome folder thing to delete if one was using a Huawei Ascend g7? I can't seem to find it

 

[Deejayd]

I signed up just to post this, I've seen a solution to something like this awhile ago as I have the same problem (I'll be trying this along with the other one which I hadn't done yet). Once you delete the folder if you have chrome synced with anything else like a computer or something then clear data/cache from that also. It does make sense to me as it does continuously sync between each other.. personally I think if the problem does persist then it has to be a problem with chrome itself

 

[J_Hansen]

Try this simple steps :

1. Open Chrome Browser app
2. Go to menu
3. Open Setting
4. Open Site Setting
5. Switch pop-ups setting to BLOCKED

After that you can try to open website again.

Please let me know if it's work for you.

That wont work, tried it already, this problem have occurred to me twice now and both times when I was in the same pub with free wifi, even after a factory reset it still happened while I was still there but not when I got home, I try suggesting switching off wifi when it happens and if you are at home check your router

 

[J_Hansen]

I signed up just to post this, I've seen a solution to something like this awhile ago as I have the same problem (I'll be trying this along with the other one which I hadn't done yet). Once you delete the folder if you have chrome synced with anything else like a computer or something then clear data/cache from that also. It does make sense to me as it does continuously sync between each other.. personally I think if the problem does persist then it has to be a problem with chrome itself

I doubt that as people have been reporting this problem with other browers as well like firefox and explorer, also people have been reporting it happening on both computers and mobile devices, I had it happening on my phone only (using chrome alright) but only when using free wifi in the same pub both times it happened, I think it's in the router as suggested in other posts

 

[VolnyCZ]

This is not a problem with google ads nor has anything to do with your phone or any other device that you use. The issue is that the router has been attacked and the DNS has been changed.

Log on to your router and change the router settings to set the DNS settings to 'Obtain from ISP' or an equivalent option based on your router model. Alternately get the correct DNS value for your internet provider and enter those values for the DNS.

Just signed up to say thanks. It works immediately.

 

[trickbiker121]

Best but annoying way to prevent this is to disable javascript and only adding exceptions to website that you truly trust. I only get ad redirects when I am on T-Mobile LTE but when on my home wifi I get no ad redirects. One reputable website that is giving me this issue is tvguide.com which I used to run multiple tests on multimle devices to find the cause. On LTE after surfing the site for few seconds I will get redirected two a fake facebook page and a pop up will show up stating I won. The devices i used to test this are Nexus 6P, Nexus7 LTE 2013, Nexus 5. I get the redirect in both normal tab and incognito tab. Now I am doubting the security of T-Mobiles LTE network and am afraid to use it anymore to access my bank info. Anyone want to try going to tvguide.com on another carrier and reply back if they also get this redirect?
P.S. might have to navigate to different webpages before getting the redirect.

 

[mcflay]

Hi, I think that a possible solution is enable data saver option from Chrome settings. I'm trying and I do not come more redirected if I visit a page like m.accuweather.com

 

[D0nni3d]

Hey guys.
I live in France. The problem started on my galaxy s4 a few weeks ago. Every time I would go on the internet to look up things, especially on some less "official" sites, or open a link through facebook or check the weather something I would get that redirect thing, it would redirect to ads, porn, google play, virus notifications.... It came to a point when I just couldn't use the internet on my phone. I'm a huge etsy and amazon buyer, through the apps, and I started fearing for my payement security. My phone was a bit old and so I decided to buy a new one and thought I would get rid of the problem that way. Bought a Galaxy s6. And BAM the problem was there again, I thought it might be on my google account and transfered from my old phone to the new one so I created a new account but nothing changed. I found this thread looking for solutions as I won't go over to apple and want to keep my otherwise perfect new phone. Started realising it might be something to do with chrome and a friend of mine looked it up. Downloaded adguard. Seems to work for now it blocks the redirections and ads. Hope it will last. Thought it might help you out. Good luck to you all.

 

[TheBigHunt]

Hi
Struggling with this F#¤%&#g thing since yesterday, it seams that i've succeed to (at least) stop it by clearing the data of Google Chrome as well as the Android System WebView (ASWV) + Disabling This last ASWV.
If it works like that for few days, it means that ASWV is the one causing the trouble. Then we will have to enquire in this way.
TBH

 

[TheBigHunt]

Yes because you need to all know that blocking popup is not at all the solution. It just hides the popup but you use tons of data and dont know if it only popup or if the malware is draining your info and send it to a 3rd part...

 

[Richard_l]

We have just been hit by this behaviour on two tablets (and some wierdness on a windows pc)

We are away from home, using a Hargay internet connection in the place we are renting. It has only happened since we got here. The same problem now shows at starbucks on their wifi.

Symptoms - most non https sites redirect to hard porn / your machine is corrupt sites about 15 seconds after displaying the original site.
Secure sites do not redirect, but who knows what is happening.
Disabling java script seems to work most of the time.
Going through a vpn redirect helps, but not completely.
It is not just chrome, i tried firefox and the default browser - same problem.

I did a hard reset on the samsung to factory defaults, but still have the problem.

The router had alternate dns routing set to some 92. site, I removed that.

Virus checkers tell me that life is wonderful, but that is not the case.


I am at a loss about what to try next, any ideas appreciated.

 

[JasonD562]

Hey, I understand you have an issue with your Internet browsers, including but not limited to "Chrome" I understand when visiting a site it redirects you or opens a tab to harmful sites without being able to get the original site viewed. Some cases it gets so bad it automatically downloads as soon as it opens a new tab.
I recommend you do not install applications that are not verified by Google play, I have my phone rooted for development purposes, but that also gives me the option to share applications I have paid for, for free. Out of respect for other developers I do not share applications for free. Nor do I download some of them. If you have, I suggest you immediately remove them from your device as hackers add content to the applications. Install CM security and change the engine sensitively in the settings and it will show you potential threats to your personal information.
If you must download off-google apps, I recommend reading about apk and downloading the free apk editor on Google play store to manually remove the hack from the apk. Simple

 

[Richard_l]

Thanks,

I did not have any apps from outside the Google store so somehow this issue was generated within the "safe" evnironment. In a past life I was a Unix admin, I fear that fifteen year old insight could be dangerous if playing with android, so I avoid the temptation.

I did manage to get past the problem but only by rebuilding both tablets that we had with us in a very methical way. Both now have CM security running, it doesn't flag any apps.


I am left wondering if the router had already been infected with that bad DNS lookup address and that redirection was responsible for installing some code on the browsers.

 

[pernik]

Had the same problem on my Xperia L and LG G Pad, suggested CM security does not help, disabling Java works, but it is just temporarily fix and inconvenient one.

The problem is in the modem/router, indeed. Coincidentally, we got new router few days ago, I installed it today and since then the problem is gone...

 

[Footyhead]

this is what i did and it seamed to work.
device must be rooted.
ES FILE EXPLORER
select device from drop down menu
data/data delete this folder (com.andriod.chrome)
restart device
open chrome

 

[SwappyB]

Hi All,

Just signed up to say thanks for all the help I received in this forum and to explain what I did to get rid of this problem.
As mentioned by several others, this is related to DNS settings and you must change the DNS server settings back to how they were before they got changed.

Steps:

1. Open the Settings on the device.
2. Select “Wi-Fi”.
3. Select your current network, to open the details. (Or in some mobiles, "Modify network”).
4. Go the IP Settings. (In some mobiles you may have to go to “Show advanced options”).
5. Change IP settings from DHCP to Static.
6. If your android phone is affected with this malware, then the DNS1 and/or DNS2 would start from 31 ( 31.X.X.X ).
   
7. Change DNS 1 to 8.8.8.8 which is Google DNS. Also DNS 2 to 8.8.4.4.
   
8. Save the settings, switch off the WiFi and switch on again (or restart the phone if needed).
9. Test whether you are getting the same popup or redirection again (Do ensure that javascript is allowed).
10. Enjoy Surfing !

I got the solution from here --> https://www.quora.com/How-does-this-popup-makes-a-phone-vibrate-How-can-I-prevent-it

Cheers,
Swappy

 

[BugAnnoyer]

I had this same thing happen on two different LG G4 Marshmallow 6.0, although for two different malware sites. This worked for one phone, but not the other. For the other, what worked was going to the Chrome app settings. Stop. Disable. Turn off phone. Reenable Chrome

 

[Devboy]

So I'm having a similar problem. I don't believe its to do with my router settings, as I'm mainly getting the problem when using 4G network. At home on my wifi it was fine, and at work up until yesterday on the wifi it was fine, although now I am getting this on my work Wifi as well.

It doesn't seem to happen for every website, just one that I've noticed so far.

 

[exhesham]

This website is responsible for the browser redirection (http://www.onclickads.net/) You need to block it in order to stop the malware that redirects your browser

I blocked it in my home router and since then when i am on that wifi, i get no redirections

 

[Richard_l]

This website is responsible for the browser redirection (http://www.onclickads.net/) You need to block it in order to stop the malware that redirects your browser

I blocked it in my home router and since then when i am on that wifi, i get no redirections

Thanks

I was sure that something had managed to force redirections, I was just not able to determine which of the many ad click add-ons had forced it.

In the end I managed to clean up the router (it was not mine, but the owner had left admin logon with the default values ) and then rebuilt the tablets completely. This solved the problem for me.

 

[kchenx]

Just signed up to give you an update that how to solve this bug.
I also suffered with it in my LG G2.

The simplest way is to fallow the fallowing steps:

1. open chrome
2. go to settings
3. go to site settings
4. storage
5. and look for googleads.g.doubleclick.net and any other site storage that looks malicious and remove them
6. Thats it, go dutch

I created an account just to say this one worked for me. I'm not gonna say it'll work for everyone or if this will even still work later today, but so far so good on my end. I've been dealing with the redirects to "maxonclick", "appstore-promotions.xyz", "warning.com-urgentx.xyz", "attentioner.com", and a few more. I tried everything in this forum thread except doing the full phone factory reset. The redirects were happening on every wifi and on 4G, which is how I knew the suggestion for changing the DNS on your router wasn't going to work for me.

I did as described and deleted not only the ones that looked malicious, but really any others that I just felt could go. I haven't seen anyone else say they tried this one, so I just came here to tell people to give this one a shot as it was the only thing that worked.

EDIT: Ugh, nevermind. Still getting the same redirects. It's not as prevalent, but dammit I'm sad now.

 

[Dalby]

This website is responsible for the browser redirection (http://www.onclickads.net/) You need to block it in order to stop the malware that redirects your browser

I blocked it in my home router and since then when i am on that wifi, i get no redirections

That is the redirecter I see. I'm getting it on both my PC and mobile regardless of the browser I use. This started about the same time I started with new ISP's supplied modem last week. I'm trying how to block that in the router (Netcomm NF10WV) but can't find where to do it.