Who hijacked URL?

problem description

Chrome and Edge browsers under the Win10 system visit a certain east website, and then enter the URL directly and then jump to a link with a lot of parameters, which can be judged to be the parameters of the promotion website:

https://www.jd.com/?cu=true&utm_source=hao.wabudian.com&utm_medium=tuiguang&utm_campaign=t_53287198_&utm_term=d9d7165b5aa645029a6805f8f1466ddb

it also happened once before. At that time, it was found that a plug-in JSONView in Chrome was installed as a copycat version, and then the system was reinstalled. Now there is a problem not only with Chrome,Edge. Search is said to be hijacked by ISP, but other people on the same network do not have this phenomenon. Trying to stop all stoppable services is also invalid. Antivirus software is also ineffective in comprehensive antivirus. Only entering the safe mode is normal. Seek a solution!

Windows chrome

Mar.25,2022

the answer has been found through my own unremitting efforts. The culprit is that a fake Office Activator (may actually activate). The original file name is office10_13_16_act.exe . After running, there is no interface, and eventually a prompt of "activate successfully" will pop up. After running, mkms.dat and vkms.dll files will be generated in the path C:\ Program Files (x86)\ Common Files\ system\ msadc . However, after each boot, there will be a "process" without a name, and viewing the details of the process will be transferred to a Windows service (the specific service name is forgotten, in short, it is about KMS activation and so on).

solution:

Ctrl+Alt+Del opens the task manager and ends the process
Open the Windows service and stop it (fast, otherwise it will be turned on automatically)
Command Line sc delete {service_name} remove this service
Delete two files of the above C:\ Program Files (x86)\ Common Files\ system\ msadc\

Previous: The way in which the front end preprocesses / formats the requested data.

Next: If you exit the mobile browser, websocket will shut down automatically. Won't it last for a long time?

Seek browser extension: can edit web pages (modify text, replace or delete pictures, highlight text), save; can search these pages?
use NetEase s notes, impression notes, etc., feel a little heavy. I just want to: 1 modify the web page: delete unwanted text pictures, etc.; add local images. 2 the modified picture web page can be saved, and it would be better if it can be save...

Opera safari firefox windows chrome

Mar.18,2021
Chrome application acquires card reader swiping data
the requirement is to create a chrome application to obtain the serial port of the system, and to obtain the data string through javascript when the reader swipes the card. now the serial port list has been obtained. has a serial port of the card rea...

Javascript windows chrome

Aug.27,2021
The name of the chrome Firefox download file is garbled.
[background] requirements require that the exported user information Excel table file be downloaded from the server to the user locally [code] ** * * @param request * @param response * @return * @throws FTPConnectionClosedEx...

Windows chrome java

Feb.14,2022
How to explain that the CPU utilization rate is 100% at the moment the web page is opened?
problem description when I open the web page, I use the chrome developer tool performance to check that the browser occupies 100% of CPU. Why is this related to the allocation of CPU by the Windows operating system? as shown in the following figure...

Windows chrome

Jun.20,2022

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1bea0d3-319a6.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1bea0d3-319a6.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?