Jump to content

CapitalChaos

Members
  • Content Count

    2
  • Joined

  • Last visited

About CapitalChaos

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Many thanks for these replies. What I was hoping to do was to be able to pin down precisely what specific application or browser component was causing the infection - I would like to be able to provide the users (who are technical) the specifics of what is causing these issues so they know what apps/behaviour should be avoided.
  2. First off, apologies if there are answers to these questions elsewhere - if so, my search skills were not sufficient to find them - relevant links gladly received. My business has a Cloud Console subscription with several endpoints deployed. Two users are repeatedly getting infected as follows (this is one example, the other is a malware variant known as Speeddial) Adware.Yontoo File Malware Quarantined C:\USERS\USERNAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data Adware.Yontoo File Malware Quarantined C:\USERS\USERNAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data Adware.Yontoo File Malware Quarantined C:\USERS\USERNAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data Adware.Yontoo File Malware Quarantined C:\USERS\USERNAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences Malwarebytes cleans this up every time it encounters it, but it is obviously returning due to Chrome Sync being turned on. I have seen the advice about how to remove the malware, and disable sync, but unfortunately the users are either turning sync back on or are not unsyncing the right things (I have suggested the stop syncing extensions). I really want to drill down and find the ultimate source of these infections - the data available to me on the cloud console isn't giving me sufficiently granular information to obtain that information - what logs (or other methods) are available to me?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.