I was working with a laptop today, ran a ton of scans, anti-virus, malwarebytes, combofix, tdsskiller, hijackthis, etc. etc. and one behavior is not being picked up on by any of them.
It's an HP laptop and it has an "internet" hotkey on the F5 key. So when you hit the F5 key, your default browser opens up to your homepage. Now here's the twist - when Google Chrome is already open, hitting the F5 key now loads the sweetpacks website into the browser window. I can't even figure out the proper keywords to search google for this issue. I've run through the registry and removed all references to sweetpacks. I've run through the program files directory and removed any abnormal directories left undetected by above scans. I've manually set all default search engines to google.
The only thing I could effectively do was add sweetpacks(dot)com to the hosts file and prevent the browsers from translating the address correctly.
Beyond this one behavior, there is nothing else unusual about the system. Has anyone seem this? Thanks.
It's an HP laptop and it has an "internet" hotkey on the F5 key. So when you hit the F5 key, your default browser opens up to your homepage. Now here's the twist - when Google Chrome is already open, hitting the F5 key now loads the sweetpacks website into the browser window. I can't even figure out the proper keywords to search google for this issue. I've run through the registry and removed all references to sweetpacks. I've run through the program files directory and removed any abnormal directories left undetected by above scans. I've manually set all default search engines to google.
The only thing I could effectively do was add sweetpacks(dot)com to the hosts file and prevent the browsers from translating the address correctly.
Beyond this one behavior, there is nothing else unusual about the system. Has anyone seem this? Thanks.
Facebook
Twitter