1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New Reoccurring unwanted browser start page (once a month?)

Discussion in 'Virus & Other Malware Removal' started by abyzzim, Jul 17, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. abyzzim

    abyzzim Thread Starter

    Joined:
    Jul 17, 2017
    Messages:
    1
    ===============================================

    Sysinfo:
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 2
    Processor Count: 4
    RAM: 6006 Mb
    Graphics Card: NVIDIA GeForce 310M, 512 Mb
    Hard Drives: C: 232 GB (35 GB Free); D: 221 GB (31 GB Free);
    Motherboard: Acer, Aspire 4740
    Antivirus: Microsoft Security Essentials, Enabled and Updated

    ===============================================


    Once every month or so, my browser(s) (Chrome and IE) would open up an ad-filled page called "th.hao123.com". The default start page for both of them are set to "new tabs page" on launch.

    I searched for "hao" in the registry and found suspicious entries in the following folders: "HKEY_CURRENT_USER\Software\Microsoft\Interent Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DHP" under the "DoNotAskAgain" key's value as saying: "th.hao123.com". And also in the folder: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN" under the "Start Page" key's value as saying: "h**p://th.hao123.com/?tn=sdks_inner_hp_09_hao123_th&guid=bfc7f3cf757f1eea017a41a569e2d927". And once again, in the folder: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" under the "Start Page" key's value as saying: "h**p://th.hao123.com/?tn=sdks_inner_hp_09_hao123_th&guid=bfc7f3cf757f1eea017a41a569e2d927". Once more under the folder: "HKEY_USERS\S-1-...***and then a bunch of numbers - too lazy to type them...***\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DHP" under the "DoNotAskAgain" key's value as saying: "th.hao123.com".

    Thus, I suspect it to be the work of a malware or unwanted program. Any advice is much appreciated. Thank you in advance!
     
    Last edited by a moderator: Jul 17, 2017
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1193207