• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Random advertisement websites opening at desktop then browser startup

    Opera for Windows
    3
    9
    14160
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • charbel
      charbel last edited by

      Hello,
      I have been using Opera then Opera Gx for a very long time and I'm loving it!

      But recently, every time I start up my windows 10 desktop then proceed to open Opera gx to search for something, a random tab opens by itself and it's always a random website full of ads. Like a website specifically made up to show ads.

      It's getting really annoying, that every time I start my browser after turning on my computer, I have to close the random ad site that opens by itself.

      I tried disabling all extensions, making a new profile, scanning Opera Gx folder with windows defender and googling my issue. Nothing so far.

      So I have come here in hopes of finding help. Please!

      Problem: Random ad websites open in a new tab by themselves once the browser is opened after the computer is turned on.

      Steps to recreate the problem: 1. Turn off Pc. 2. Turn on the Pc. 3. open Opera Gx. 4. a random tab with random ad website open up.

      Intended result: No random tab should open by itself, regardless of the content of it.

      Notes: I noticed the tab quickly redirects to those ad sites, so something must be opening the tabs and once that is opened, it redirects to a pool of possible ad sites.(?)

      This issue is really bothering me and I have no idea how to stop it.
      And I really can't see myself using any other browser but if I can't solve the issue I'll have to start researching for alternatives (although I really dislike every other browser)

      -Any help is appreciated. Thank you in advance.

      Reply Quote 2
        leocg 1 Reply Last reply
      • leocg
        leocg Moderator Volunteer @charbel last edited by

        @charbel Did you check your system for malware? What have you been installing on your computer recently?

        Reply Quote 0
          charbel 1 Reply Last reply
        • charbel
          charbel @leocg last edited by

          @leocg I just did a windows defender offline scan and the problem did not get fixed.
          I noticed something new, however.
          Once my computer fully turned on, a command prompt quickly opened and closed before Opera opened itself and showing me yet another random website.

          What does this mean? I scanned whatever I could think of that I downloaded recently and no threat was found but this command prompt makes me think the problem is with some malware on the computer...

          Reply Quote 0
            1 Reply Last reply
          • burnout426
            burnout426 Volunteer last edited by

            Scan your system with the free version of Malwarebytes.

            Reply Quote 0
              charbel 1 Reply Last reply
            • charbel
              charbel @burnout426 last edited by

              @burnout426 b7eb5308-ce7a-49ca-83be-c687a58c2449-image.png

              It detected stuff that I quarantined and restarted.
              After the restart, the 'malvertising' site was blocked but it still opened.

              I will try to see if I can run malwarebyte scan when in safe mode.

              Reply Quote 1
                burnout426 2 Replies Last reply
              • burnout426
                burnout426 Volunteer last edited by

                Check the "Startup" tab in the Windows Task Manager to see if there are any funky entries.

                In Opera, are you seeing weird extensions that keep getting added at the URL opera://extensions?

                Reply Quote 1
                  1 Reply Last reply
                • burnout426
                  burnout426 Volunteer @charbel last edited by

                  @charbel Also check the Windows Task Scheduler to see if there are any other suspicious tasks besides the one Malwarebytes removed.

                  Reply Quote 1
                    charbel 1 Reply Last reply
                  • burnout426
                    burnout426 Volunteer @charbel last edited by

                    @charbel Also see https://www.google.com/search?q=oodrampi.com+virus.

                    Reply Quote 1
                      1 Reply Last reply
                    • charbel
                      charbel @burnout426 last edited by leocg

                      @burnout426 I think that was the problem.
                      A lot of stuff got detected in a safe mode scan and the problem seems to have stopped.

                      I restarted after the safe mode scan and nothing fishy opened up.
                      Here's the scan log.

                      ---
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/30/22
Scan Time: 12:06 PM
Log File: 865e0774-583a-11ed-9e7e-00ffd959ad32.json

-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.61695
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2130)
CPU: x64
File System: NTFS
User: PC1\HP

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 369476
Threats Detected: 13
Threats Quarantined: 13
Time Elapsed: 1 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.CleanMyPC, HKLM\SOFTWARE\WOW6432NODE\REG\Clean, Quarantined, 3115, 348488, 1.0.61695, , ame, , , 
PUP.Optional.RegCleanPro, HKU\S-1-5-21-1588534935-4143541944-461472779-1000\SOFTWARE\REG\Clean, Quarantined, 4159, 347493, 1.0.61695, , ame, , , 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1588534935-4143541944-461472779-1000\SOFTWARE\SYSTWEAK\ssd, Quarantined, 1601, 190781, 1.0.61695, , ame, , , 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, 1601, 190782, 1.0.61695, , ame, , , 

Registry Value: 3
Adware.StartPage.USACVAR, HKU\S-1-5-21-1588534935-4143541944-461472779-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HP, Quarantined, 5810, 582506, 1.0.61695, , ame, , , 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, 6449, 676881, 1.0.61695, , ame, , , 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarantined, 6449, 676881, 1.0.61695, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO, Quarantined, 6609, 921550, 1.0.61695, , ame, , , 
HackTool.KMSpico, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KMSPICO, Quarantined, 6609, 921555, 1.0.61695, , ame, , , 

File: 4
PUP.Optional.BundleInstaller, C:\USERS\HP\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45838.EXE, Quarantined, 495, 990390, 1.0.61695, , ame, , 6A8B93E27DCCFF2F250A22B8BDC93168, 50BAEE75B0BB181B5280A1F60B32F7E75ABDA8A4E06CBF32074B1444D73A9CF7
Malware.AI.4198402318, C:\$RECYCLE.BIN\S-1-5-21-2345001899-3086027631-2358910675-1000\$RZASLPC\Z_KEYGEN.EXE, Quarantined, 1000000, -96564978, 1.0.61695, D6AE4C5485CFB62EFA3E890E, dds, 02013304, 8D87F601D5F583CDF02105C82BB7F675, BB72B2007A9BAFCB87F0C258BC30BE8C8706F3073BDAE54410425457A73D6596
Adware.Agent, C:\PROGRAM FILES (X86)\USB DISK SECURITY\LINKZB.EXE, Quarantined, 72, 597820, 1.0.61695, , ame, , F1A4C495076ACDA85609CEEEF78138EC, 90CEFE9C3D21168ED203F52B4C40DEB31DA25CC7974B5DAB0F72427C37E78933
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.0\STANDALONEPHASE1.DAT, Quarantined, 7578, 393793, 1.0.61695, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

---

                      Thank you for your support. Opera support seriously was the fastest I have ever received.

                      Reply Quote 2
                        1 Reply Last reply
                      • Locked by  leocg leocg 
                      • First post
                        Last post

                      Computer browsers

                      • Opera for Windows
                      • Opera for Mac
                      • Opera for Linux
                      • Opera beta version
                      • Opera USB

                      Mobile browsers

                      • Opera for Android
                      • Opera Mini
                      • Opera Touch
                      • Opera for basic phones

                      • Add-ons
                      • Opera account
                      • Wallpapers
                      • Opera Ads

                      • Help & support
                      • Opera blogs
                      • Opera forums
                      • Dev.Opera

                      • Security
                      • Privacy
                      • Cookies Policy
                      • EULA
                      • Terms of Service

                      • About Opera
                      • Press info
                      • Jobs
                      • Investors
                      • Become a partner
                      • Contact us

                      Follow Opera

                      • Opera - Facebook
                      • Opera - Twitter
                      • Opera - YouTube
                      • Opera - LinkedIn
                      • Opera - Instagram

                      © Opera Software 1995-