Jump to content

Recommended Posts

I have tried all of the methods that I can think off and nothing will remove this thing. Its synced itself to my google account preferences. I scanned my other pc that chrome is synced to the same account and it shows the same infection now. Its location is user/appdata/local/google/chrome/user data/default/prefernces. I have tried Malwarebytes, ADW, HitmanPro,Eset Online scanner, and SuperAntiSpyware. I even went into the file my self in wordpad and found the entry, removed the entry from the code, but it just keeps coming back. This is the code i found in word pad .

 

   "session": {

      "restore_on__migrated": true,
      "startup_urls": [ ""http://astromenda.com/?f=7&a=ast_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CtC0B0E0E0EyCzyyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0CtAyBtC0ByDtGyB0EyE0EtGtA0D0B0EtG0FyD0E0CtGyBtCtAtCzytB0D0BzztCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0F0FzzyByE0CtGtAtAtDyCtGyEyB0DtAtG0AtC0DyBtGzz0CyCyCyDzytAyEtA0Ezz0C2Q&cr=612676098&ir=" ],
      "startup_urls_migrstartup": 5,
      "restore_on_startupation_time": "13052437202472938"
   },
   "sync": {
 
 
I am out of Ideas guys. I got this from some freeware that had it bundled, and I unchecked the option to install it, but the wizard installed it any way. Here is the Malwarebytes log.
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/13/2014
Scan Time: 5:42:42 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.13.07
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Biekert
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 276768
Time Elapsed: 1 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Astromenda.A, C:\Users\Biekert\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://astromenda.com/?f=7&a=ast_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0CzztA0AtAyD0CtC0B0E0E0EyCzyyD0DtN0D0Tzu0SzyyDtAtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0CtAyBtC0ByDtGyB0EyE0EtGtA0D0B0EtG0FyD0E0CtGyBtCtAtCzytB0D0BzztCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0D0F0FzzyByE0CtGtAtAtDyCtGyEyB0DtAtG0AtC0DyBtGzz0CyCyCyDzytAyEtA0Ezz0C2Q&cr=612676098&ir=" ],), ,[d8c01ba7c4b7c373d28548b681832fd1]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I need some help guys. Thanks in advance
 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.