0 votes
in Remove a Virus by

Got home after a 6-7 day vacation and now have an adware that opens freychang.fun when browser restarts and henewrevenue redirects my google searches to bing.

I checked my history from when I got home that day (my computer was shut down while i was on vacation) and nothing is out of the ordinary. I watched a little youtube, did some reddit browsing, but that was it. Didn't click on any weird links and nothing pops up in the chrome history.

However, around 75% of the time I googled something, I would get redirected to bing. I started to get suspicious, so I downloaded Malwarebytes to see if I had anything. I ran a full-scan, and it found a PUP called "Bloom.exe". Quarantined, but I'm unsure if it was completely deleted. I also ran a windows defender offline scan, and it didn't find any more suspicious items.

The issue still persisted, though. I noticed that a cmd window would pop up and close suddenly VERY occasionally. I also noticed that my chrome would inexplicably restart, and when further investigated, install an extension named "Guide" and disable my other google extensions. Guide doesn't appear in my google extensions file directory.

At this point, I decided to look up how to remove freychang.fun specifically, since everytime my chrome reopened, malwarebytes blocked freychang.fun from opening. Doing so led me to a article (https://regrunreanimator.com/newvirus/guide-how-to/remove-freychang-fun.htm) which led me to downloading and using UnHackMe to try and remove freychang.fun. I removed some suspicious programs but didn't touch the unknown programs. I then restarted my pc after it prompted.

At last, I thought I had my solution, but after the restart, the cmd quickly flashed on my screen, my chrome restarted, my extensions disabled, and "Guide" reinstalled.

I'm completely lost now. UnHackMe sent me to this forum, so I figured I would ask here to see if anyone could help me with this problem. The last thing I want to do is wipe my pc.

1 Answer

0 votes
by (58.6k points)

I will help you!

  1. Open UnHackMe,
  2. Click the "Help in Removal" button on the main screen.
  3. Choose "Send us RegRunLog".
  4. Enter your e-mail, name, or nick.
  5. Describe your problem.
  6. Accept our Privacy Policy.
  7. Click the "Upload" button.
    If you have any trouble with it, you can manually attach "regrunlog.txt" from your desktop and send us by e-mail to support@greatis.com.
    I will check your log and send you a solution as soon as possible.

https://greatis.com/unhackme/help/kb/removal/what-is-the-help-in-removal-service.htm

by

Fixed.

I used Tron from Reddit to find stuff that unhackme and malwarebytes didn't find.

Welcome to Free Help in Malware Removal! Please, describe your problem with details, attach screenshots, log files, etc. This will speedup the problem solving.
...