Is my browser getting hijacked?
 

For the past week I have been getting redirected from the duckduckgo search engine; it is my default search engine. When I type in a url, I get a "duckduckgo" page saying "these are not our extensions". Whenever I try to type in a new url, it gives me the same page; no way to "accept" the page and then use the search engine.

https://help.duckduckgo.com/add-ons/removal/

It is constantly coming up when I come online.

Is anyone else getting this? debian 10.

nope
try ( from command line )
if that is fine, it is a rogue addon, which we can remove
then work out where it came from and how to stop it coming back

I am using chromium so I did "chromium --safe-mode", but the same thing happened once I tried a search. It was happening on my OS so I reinstalled it, but it started happening immediately on my new OS download/ install (same OS version, etc).

What is it if not something malicious? Is it possible that someone is sending this to my computer from their computer?

"Add-ons
Removing unofficial add-ons
We've recently discovered some malicious Chrome extensions, often with the word "video" in the name, are incorrectly sending searches to DuckDuckGo and Bing. Some of the names we've seen are "My Video Grid", "Video Tips", and "My Vital Video". DuckDuckGo is in no way affiliated with these extensions. However, we would like to help you resolve this issue. Below are instructions on how to remove such extensions:

Open Google Chrome.
Click on the "More" button in the top right of your browser (it looks like three vertical dots)............."

ah, ok
I don't know why I blindly assumed firefox

I don't know how you would start chromium in the --safe-mode equivalent

but it does look like you have a rogue extension installed on it


Blind longshot
I assume the malware has not managed to infect
/usr/share/chromium/extensions

~/.chromium might not exist, it is a guess on my side

if you start chromium again and all is well then the culprit is in ~/.chromium-suspect

will list the files in there, and we may be able to 'pick out' the malware

Not sure yet if it is a re-direct or hijack of some kind or simply a complaint about some extension.

This exact phrase seems to show no web answer that I can find. "these are not our extensions"

I use duckduckgo. Normally when I search it acts normally and takes me to the site I am asking for. Now, it just redirects back to the url above. Is there malware on the computer? When you type in that url, what do you get?

I get the page you described.
I'm not sure what your question is...have you followed those directions to remove the add-ons? If not, why not?

if I use duckduckgo I get what I would expect
so yes, it would appear you have a problem.

have you moved ~/.chromium yet?
is it still a problem?

Let us eliminate a rogue extension and then move on to something else if it proves not to be that.

There is an extension called "chromium pdf viewer" listed in the 'extensions tab. There is a button to 'remove' but when I press it, it doesn't work. Is there a command line for removal?

I tried your first "blindshot" command, didn't work; no such file / directory. Tried the 2nd, it was working or hanging, but I decided to restart chromium and shut all tabs.

I noticed that if I type in a specific url, it takes me to the correct page. But if i type in a search term in the url/ address bar, that's when i get the redirect. If I type in the same search term in duckduckgo's search engine "box", I don't get the problem. Before the redirects started happening over the last few weeks, when I would type something into the url bar, it didn't give me a search engine output; I think it just didn't answer the query, but no redirect.

How do i "move" `/.chromium ? You mean just type in command bash? I will do it again now. Thanks.

Appears that PDF VIEWER is malware: https://www.virusguides.com/uninstall-pdf-viewer/

"find ~/.chromium-suspect" --- just hangs, no output

Another url states: "Unfortunately this also means that Chromium is often used as a browser virus."

well yeah
if you didn't succeed with moving ~/.chromium that is what I would expect.

what did you expect?

I'm confused about "moving" `/.chromium. I don't understand what that means.

stop...

you are running off doing random things
no mention of ads popping up in your OP

why do you think the PDF viewer has anything to do with it?

so, please stop, calm down, chill.

I will install chromium and find out where is stores the users extensions, my guess may have been wrong.

but please, lets do things step by step, following instructions on random FUD blog pages are not going to help
as soon as you see "download our virus scan" , close that page