Jump to content

Manifest.json Virus or false positive?


Recommended Posts

Hi everyone,

 

Yesterday I was browsing Chrome and suddenly a random tab opened all by itself, the url was something like bestsmsads.com - the page was completely blank.

Worried about adware, I ran Malwarebytes which detected nothing, and then I downloaded AdwCleaner, which picked up a few things (the log is below this message.) One of the files was manifest.json, that apparently is a normal file for Chrome extensions, but in certain cases it can be also a browser hijacker and nasty trojan. 

 

So, given that Malwarebytes (and Avast) didn't pick up anything, is the manifest.json that AdwCleaner picked up a false positive, or a virus? It has to be noted that aside from the random blank tab, Chrome is running perfectly fine, doesn't have any weird extensions and doesn't have any toolbars that shouldn't be there. 

 

And if manifest.json is actually a virus, is the AdwCleaner stuff good enough to remove all of it, or should I take any additional steps?

 

Thank you!

 

 

AdwCleaner log:

 

***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj
 
***** [ Web browsers ] *****
 
[C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dkpejdfnpdkhifgbancbammdijojoffk
[C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jneaojaoiajhnemidnjhoempalnidbhj
[C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfengeggddojhakldhlpjdlddgkkjkdd
 
########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1199 bytes] ##########


Here are the files that were sent to quarantine:

C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\bg.html->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\bg.html.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\bg.js->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\bg.js.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\content.js->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\content.js.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\content_lores.js->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\content_lores.js.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\htmlhelpers.js->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\htmlhelpers.js.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\icon128.png->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\icon128.png.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\icon48.png->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\icon48.png.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\manifest.json->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\manifest.json.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\_metadata\computed_hashes.json->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\_metadata\computed_hashes.json.vir
C:\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\_metadata\verified_contents.json->C:\AdwCleaner\Quarantine\C\Users\Florencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\_metadata\verified_contents.json.vir
 

 

 

Link to post
Share on other sites

  • 3 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.