Nerdy Nerd

Reputable
Mar 19, 2016
814
0
5,360
[Moderator edit to break up "wall of text".]

I am trying to help an elderly couple out and they're using the old aol email.

Anyways, when I try to sign them in with their username and password, the url address keeps getting redirected to Guce advertising site.

I have tried a lot of things as I immediately thought malvertising. So I downloaded malewarebytes and malewarebytes recognized 16 different maleware and I quantined/removed those and ran malewarebytes again and it showed nothing after the restart.

I then tried resetting the settings of edge by going to reset and that did not clear it up either. I looked online and it seems like everyone has their own theory on this from being tagged on the IP address to standard browser ware to malvertising of what I think it is and ect.

The common recommendation is to look through extensions and control panel for anything related to guce advertising and I see nothing related to guce advertising. Another recommendation was to use malewarebytes, which of course was one of the first things I did.

I then tried going to system restore only to find there is no restore points. So that wasn't helpful. I tried removing Microsoft edge folder under app data, was recommended by google search, and then I had to enter safe mode to do that and then I ran the PowerShell command and still same issue.

Cashe was cleared and still same issue of redirection to guce advertising. The browser there using is edge, which of course is linked to the OS so I can't exactly just reinstall edge like I could with Firefox without reinstalling the entire OS (windows 10 home).

I am eventually just gave up and installed Firefox and told them to use Firefox instead and set up the homepage to be with AOL.com and they're fine with that since it looks the same to them. I am just truly stumped on why this is so hard, when malevertising should be easy thing for a tech person like me to remove.

I know a reinstall of the OS could fix this, so should I just reinstall the OS next time I am there maybe? Seems like a lot of people are having this issue and is extremely difficult to remove.

I will probably fire up my VM tonight and get guce advertising on the VM and then try some more stuff to remove it based on suggestions I get here. This is definitely a new problem to me.
 
Last edited by a moderator:

Nerdy Nerd

Reputable
Mar 19, 2016
814
0
5,360
In regard to hosts file, I have not check that but I can check it the next time I am over there to check to domain. Is there any other suggestions? In terms of sc2lines comment, I know that is why I am on here.
 

Nerdy Nerd

Reputable
Mar 19, 2016
814
0
5,360
Can we be a little bit more direct? I have done a scan with malewarebytes to uncover what I can't see. Those have been removed but problem still persists. There a lot of people having this problem, not just me, so perhaps being more direct can help others as well.