I am having three issues with my Brave browser. First of all, it has just been hijacked by “websearch.weather-extension.com”.
It happens like this:
- I open a new tab and write some search terms in the omnibox.
Randomly, like thrice a day or so, instead of Google search results, I get this URL:
https://websearch.weather-extension.com/?a=we&q=[the search terms I have entered]
How can I get rid of it?
Strangely enough, I am getting two more weird behaviours for Brave hat have been happening for weeks now:
- Even if my default search is Google, randomly, like thrice a day also, the search results are Yahoo’s. I don’t even have Yahoo in my search engines lists.
- Even if I have my “ask for downloading location” activated, Brave is downloading everything to the ‘Downloads’ folder.
Brave Version: 1.8.96
Thanks for any help.
Very strange behavior.
Can you try creating a fresh profile (Menu --> Create new profile) and try browsing normally for a bit to see if you get the same results?
Yes, I will, Mattches, and tell you about it. Can I import anything from my profile, or will that ruin the experiment? Can I also install some safe extensions that I use constantly?
hi! non brave user here. i’m having this same issue on google chrome and this is the only post i’ve been able to find online talking about the exact same browser hijacker. let me know if you get it figured out!
No, do not import any data. We want a fresh, untouched profile to test against.
I have the same issue in Chrome. Currently using the following extensions: BetterTTV, Social Fixer for Facebook, FFZ Add-On Pack, uBlock Origin and Unseen for Facebook.
Do you use any of these? @Blister and @CodoCoderson?
None of those, @orcam. I have a huge list of extensions though.
I’ve been using a new Brave user for several hours now and had no problems so far; we’ll see. I hope we’re able to fix my old user.
El El jue, 14 may 2020 a las 17:11, Oscar M. via Brave Community <email@example.com> escribió:
@CodoCoderson @arcam I suggest you seek adware/malware removal help at https://malwaretips.com/forums/windows-malware-removal-help-support.10/ or https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/
Using a new profile without clearing your infection is only for evaluation purposes and is not a solution. Good luck!
Also on Google Chrome and having the same issue. I’m using BetterTTV and uBlockOrigin.
Tried this, updated my windows security run a full scan, also downloaded Malwarebytes and ran a full scan both with no results. Can’t be bothered to make a new profile so someone else can be the guinea pig for that.
It’s one of those extensions, in this case - preview rating for youtube
There is also a thread on reddit.
You are correct @brutalpsy89. The problem is too many users loading up the browser with untrusted extensions.
Thanks. @jaybird, I’m sure you’re right, it’s the extensions. The new user profile had no troubles at all. I will have a look at which could be the naughty one. I don’t use those ones people mentioned.
Now, how can we have a clue of which extensions are safe? Does anybody know about an antivirus for extensions or something similar?
I found this, which may be useful → https://crxcavator.io/
This looks OK but I would also read up outside of WebStore reviews, etc. on any extensions you’re thinking of using prior to install. Many of them advertised as improving “convenience” are used for invasive tracking, malware, etc.
Well, there’s an obvious security hole through extensions, and, if Chrome cannot handle it, then someone will, eventually.
I think it may be the MeetingBird extension. I removed it and it fixed the Yahoo redirect problem. I’ve had this problem in the Chrome browser too. It was another CRM extension.
Also sent their support a note to let them know, so maybe the MeetingBird team will fix the issue.
Yep, it’s right, you are right
Good that you found out, @Tiana However, I’m sure there’s more than one culprit: I didn’t have any of the extensions mentioned and still had the problem. I finally got it fixed after uninstalling several ones, but didn’t do a thorough test in order to see which was the naughty one.
It seems strange that Chrome doesn’t have a better control of what’s in its extensions marketplace. I’d love to know if there’s some online service/community/etc. which tests them.
So was able to remove the full take over but randomly discovered that the Yahoo Take Over Bug may still be happening. If I type in some nonsense with a .com it diverts to yahoo. I’ve cleaned out everything and ran a viral check. I’m thinking my next move is to go full Zoolander and see if the files are in my computer and/ or through my desk top out the window. Any thoughts?
It also occurs on a clean profile