Thanks sagrid. You said before that HTTPS marks your location as unknown - how do you do that?
joshl - yes that is the correct filename. I have set Opera to send 'do not trcck' so if this file is just those settings for the browser to use that is ok. If it is opera or something else tracking me that is not ok. That is all I would like to know - so if it is the latter I can delete it.
The file content isMmM0MTMyMjk0OGVmYTc2NzA2YjM5ZWJhNGM1MzhiYjZlNjNmMzFlNGYyM2U4OTRjYWU1MWRmZWQzNmU3MjYyMDp7ImNvdW50cnkiOiJHQiIsInJlbW90ZV9hZGRyIjoiOTIuMjAuNDYuMjQwIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/aHR0cF9yZWZlcnJlcj1odHRwOi8vd3d3Lmdvb2dsZS5jby51ay91cmxfc2FfdF9yY3Rfal9xX19lc3JjX3NfZnJtXzFfc291cmNlX3dlYl9jZF81X3ZlZF8wQ0RRUUZqQUVfdXJsX2h0dHAlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGYWJvdXRfZWlfMlhiT1ZKamxCcUtPN0FhVW9vRElCd191c2dfQUZRakNORkhEY0FMYW9tSHdGUVpjeEp3Wi1IalRfN1FOQV9idm1fYnYuODUwNzY4MDlfZC5iR1EmdXRtX3NvdXJjZT1nb29nbGVfdmlhX29wZXJhX2NvbSZ1dG1fbWVkaXVtPW9zZSZ1dG1fY2FtcGFpZ249Z29vZ2xlX29zZV92aWFfb3BlcmFfY29tIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMDsgVHJpZGVudC81LjApIiwidXVpZCI6IjI1MjU1ZWJjLTY4ODMtNGUwNC04NWZlLTU0NDRiNTUxMzliYSIsImh0dHBfcmVmZXJyZXIiOiJodHRwOi8vd3d3Lm9wZXJhLmNvbS9jb21wdXRlci90aGFua3M/bmk9c3RhYmxlJm9zPXdpbmRvd3MiLCJ0aW1lc3RhbXAiOiIxNDIyODE3MTk0LjQyOTciLCJ1dG0iOnsic291cmNlIjoiZ29vZ2xlX3ZpYV9vcGVyYV9jb20iLCJjYW1wYWlnbiI6Imdvb2dsZV9vc2VfdmlhX29wZXJhX2NvbSIsIm1lZGl1bSI6Im9zZSJ9fQ==
sagrid - how can I find the malware apk amongst the genuine ones??
Thanks again everyone. I don't know how that stuff got on my laptop as (believe it or not) I am extremely careful what I click on and don't download stuff except from genuine sites (such as Opera!) and always 'unclick' any bloatware in the setup procedure. One more question - whilst checking the shortcut properties as suggested I saw a file called server_tracking_data in my Opera folder. Anyone know what that is? I don't want Opera (or anyone else tracking my web activity (and have set 'Do not Track' in my browser settings) - if that is what it is, can I safely delete it?
I guess the registry stuff will remain (as it always has to me!) a mystery -
I do have the same problem on my laptop and phone but I do use them to browse the same sites whilst researching stuff. Malwarebytes found nothing. However, Adwcleaner seems (fingers crossed) for now to have solved it. Here is the log in case anyone knows what the hell the registry entries are about!??
AdwCleaner v4.111 - Logfile created 04/03/2015 at 01:06:07
Updated 18/02/2015 by Xplode
Database : 2015-03-02.3 [Server]
Operating system : Windows Vista (TM) Ultimate Service Pack 2 (x86)
Username : GG-VAIO
Running from : C:\Users\GG\Downloads\adwcleaner_4.111.exe
Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{592F70EC-5BDD-4C5D-BF70-35FC64E7D829}
Key Deleted : HKCU\Software\Myfree Codec
Not Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{A2D81E70-2A98-4A08-A628-94388B063C5E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local***** [ Web browsers ] *****
-\ Internet Explorer v9.0.8112.16609
-\ Opera v27.0.1689.76
AdwCleaner[R0].txt - [2615 bytes] - [04/03/2015 00:47:05]
AdwCleaner[S0].txt - [2597 bytes] - [04/03/2015 01:06:07]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2656 bytes] ##########
Thanks everyone. I think that I know when it happened. I was browsing when suddenly my phone switched to google playstore and downloaded something (I'm talking less than two to three seconds to complete). I guessed this was bad and turned off mobile data and wiFi on the toggles and then turned the phone off as fast as I could. BUT I obviously wasn't quick enough. Unfortunately I have no idea what was downloaded. I have tried google searching every service and app running but haven't found what the malware is hiding as - so much for Android being better than MS because it is 'open source'. I can't even see the manufacturer or date installed for the apps on my phone to narrow it down. Anyware I also ran Malwarebytes but nothing was found. I have ad blokers which have stopped the pop ups but I still have random new tabs opening to all sorts of dodgy sites. I just close the windows straight away, but it is extremely annoying!
I can see from general web searches that I am not the only one with this problem. My browsing experience is being seriously disrupted by redirections to adware sites. Using what settings and extensions are available I have now prevented most of them from opening in pop ups BUT there is only one way to stop them randomly opening themselves in new tabs, and that is to turn off Javascript. Obviously I don't want to resort to that as it is even more disruptive to using the web. (Before anyone asks I have run full scans with Kaspersky and nothing is found). I would obviously like to prevent my browser from opening up new tabs when I haven't asked it to. Perhaps someone can tell me if this is possible (I can find nothing in settings that appears to do that) PLEASE? If not perhaps such an option could be added????
I have the latest updates to Opera and my phone is a stock KitKat ROM Galaxy Note Edcge -
I can see from general web searches that I am not the only one with this problem. My browsing experience is being seriously disrupted by redirections to adware sites. Using what settings and extensions are available I have now prevented them from opening in pop ups BUT there is only one way to stop them randomly opening in new tabs, and that is to turn off Javascript. Obviously I don't want to resort to that as it is even more disruptive to using the web. (Before anyone asks I have run full scans on Kaspersky and nothing is found). I would obviously like to prevent my browser from opening up new tabs when I haven't asked it to. Perhaps someone can tell me if this is possible (I can find nothing in settings that appears to do that) PLEASE? If not perhaps such an option could be added????