Brave browser hijacked + random unwanted Yahoo search + 'ask download location' option ignored 🤷‍♂️

I am having three issues with my Brave browser. First of all, it has just been hijacked by “websearch.weather-extension.com”.

It happens like this:

  1. I open a new tab and write some search terms in the omnibox.
  2. Randomly, like thrice a day or so, instead of Google search results, I get this URL:

https://websearch.weather-extension.com/?a=we&q=[the search terms I have entered]

How can I get rid of it?

Strangely enough, I am getting two more weird behaviours for Brave hat have been happening for weeks now:

  • Even if my default search is Google, randomly, like thrice a day also, the search results are Yahoo’s. I don’t even have Yahoo in my search engines lists.
  • Even if I have my “ask for downloading location” activated, Brave is downloading everything to the ‘Downloads’ folder.

Brave Version: 1.8.96

Thanks for any help.

Codo

2 Likes

@CodoCoderson,
Very strange behavior.
Can you try creating a fresh profile (Menu --> Create new profile) and try browsing normally for a bit to see if you get the same results?

2 Likes

Yes, I will, Mattches, and tell you about it. Can I import anything from my profile, or will that ruin the experiment? Can I also install some safe extensions that I use constantly?

hi! non brave user here. i’m having this same issue on google chrome and this is the only post i’ve been able to find online talking about the exact same browser hijacker. let me know if you get it figured out!

3 Likes

@CodoCoderson,
No, do not import any data. We want a fresh, untouched profile to test against.

I have the same issue in Chrome. Currently using the following extensions: BetterTTV, Social Fixer for Facebook, FFZ Add-On Pack, uBlock Origin and Unseen for Facebook.
Do you use any of these? @Blister and @CodoCoderson?

None of those, @orcam. I have a huge list of extensions though.

I’ve been using a new Brave user for several hours now and had no problems so far; we’ll see. I hope we’re able to fix my old user.

El El jue, 14 may 2020 a las 17:11, Oscar M. via Brave Community <brave@discoursemail.com> escribió:

@CodoCoderson @arcam I suggest you seek adware/malware removal help at https://malwaretips.com/forums/windows-malware-removal-help-support.10/ or https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/

Using a new profile without clearing your infection is only for evaluation purposes and is not a solution. Good luck!

Also on Google Chrome and having the same issue. I’m using BetterTTV and uBlockOrigin.

Tried this, updated my windows security run a full scan, also downloaded Malwarebytes and ran a full scan both with no results. Can’t be bothered to make a new profile so someone else can be the guinea pig for that.

It’s one of those extensions, in this case - preview rating for youtube
http://safe.chromiums.org/malware/cgbhdenfmgbagncdmgbholejjpmmiank.html
There is also a thread on reddit.

1 Like

You are correct @brutalpsy89. The problem is too many users loading up the browser with untrusted extensions.

Thanks. @jaybird, I’m sure you’re right, it’s the extensions. The new user profile had no troubles at all. I will have a look at which could be the naughty one. I don’t use those ones people mentioned.

Now, how can we have a clue of which extensions are safe? Does anybody know about an antivirus for extensions or something similar?

I found this, which may be useful → https://crxcavator.io/

1 Like

This looks OK but I would also read up outside of WebStore reviews, etc. on any extensions you’re thinking of using prior to install. Many of them advertised as improving “convenience” are used for invasive tracking, malware, etc.

Well, there’s an obvious security hole through extensions, and, if Chrome cannot handle it, then someone will, eventually.

Brave?

1 Like

Hi Guys

I think it may be the MeetingBird extension. I removed it and it fixed the Yahoo redirect problem. I’ve had this problem in the Chrome browser too. It was another CRM extension.

Also sent their support a note to let them know, so maybe the MeetingBird team will fix the issue.

T

2 Likes

Yep, it’s right, you are right

1 Like

Good that you found out, @Tiana :ok_hand:t4: However, I’m sure there’s more than one culprit: I didn’t have any of the extensions mentioned and still had the problem. I finally got it fixed after uninstalling several ones, but didn’t do a thorough test in order to see which was the naughty one.

It seems strange that Chrome doesn’t have a better control of what’s in its extensions marketplace. I’d love to know if there’s some online service/community/etc. which tests them.