Jump to content

Recommended Posts

Hi there,

I've been fighting some sort of malware on my computer since yesterday. It randomly opens new tabs, new pages, or replaces existing tabs in Chrome with ads for explicit games, dating sites, or online stores.

I have installed and ran malwarebytes multiple times - it's currently the only thing blocking new ads from popping up about 50% of the time as I'm on the premium trial. I've also run adware cleaner, and junkware removal tool. I've ran ccleaner once to get rid of any temp files. Each time, the programs were able to find some things and delete them, but on restart the issue keeps cropping up. I've also reset internet explorer and chrome settings multiple times. I have teamviewer installed, in case that's useful.

I am attaching:

1. FRST.txt as indicated in the instructions

2. Addition.txt as indicated in the instructions

3. My latest scan report from malwarebytes

4. 2 example reports of the websites it's blocking

5. My latest report from adwcleaner

6. My latest report from jrt. Note that every time I've run it it's said "Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_93F9BCD69D5206741B8721559088D9F0 (Registry Value) "

I appreciate any and all efforts to resolve this!

 

Addition.txt

AdwCleaner[.txt

blockedsite.txt

blockedsite2.txt

FRST.txt

JRT.txt

malwarebytesscanreport.txt

Link to post
Share on other sites

Hi AbeBlackBurn :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few to review your logs and get back at you.

Link to post
Share on other sites

Hi Aura,

This is great! Thanks for taking my case on. I'll be super responsive since this has been the bane of the past week. I look forward to hearing back from you with potential solutions. I have no pirated software on my computer.

I will just note that I use four different profiles within Chrome, but only one of them is related to my email. I understand if a reset of chrome is imperative, but this would also cause me to lose all of my extensions and customisations in each browser, which would be a shame. But if essential, not a problem.

I also have teamviewer installed should you want to take a look at my computer directly.

Thanks!

Link to post
Share on other sites

Question: do you get pop-ups/ads even though Google Chrome and Internet Explorer are closed, or does it only happens when they are open and running?

Link to post
Share on other sites

This only happens in Google Chrome, and so far only when it's up and running - though Chrome is up and running most of the time when my laptop is on, so I can't be sure, but I'm pretty sure this is only happening in Chrome, when I'm active in the browser.

Link to post
Share on other sites
Quote

I will just note that I use four different profiles within Chrome, but only one of them is related to my email. I understand if a reset of chrome is imperative, but this would also cause me to lose all of my extensions and customisations in each browser, which would be a shame. But if essential, not a problem.

I don't think you'll lose your profiles if you are signed in Google Chrome with the sync enabled. There's also a tool that allows you to back-up and restore Google Chrome profiles, though I never tried it.

http://www.parhelia-tools.com/products/gcb/googlechrome.aspx

I would like you to uninstall Google Chrome, then reinstall it while not signing in your Google account and/or profiles and see if you still get the ads.

Link to post
Share on other sites

Thanks, have installed in all of my Chrome windows. I'll let you know - Malwarebytes is still blocking about 50% of the requests.

So uBlock Origin would block them from appearing, but it doesn't get rid of the reason why these are happening, correct?

Link to post
Share on other sites

No, it won't get rid of them. I would like to see if it at least stops the notifications from Malwarebytes or not.

Link to post
Share on other sites

Hello,

Malwarebyte block alerts are still popping up, though some pages are still getting through. uBlock also seems to be blocking some. My computer is noticeably slower, and I've had this for almost 2 weeks now. I'd really appreciate any help in getting rid of it! Thanks

Link to post
Share on other sites

Alright, please run FRST again and provide me a fresh set of logs (FRST.txt and Addition.txt). I'll take a new look.

Link to post
Share on other sites

While I'm reviewing your logs...

Quote

I've been fighting some sort of malware on my computer since yesterday.

That was on May 12th. On May 11th, did you install or download anything? Visited any suspicious websites or else?

Edit: Can you uninstall the SmartShot extension from all your Google Profiles, and see if you still get the ads?

Edited by Aura
Link to post
Share on other sites

Hi Aura,

I don't believe I did. I don't have access to my download logs since the reset of Chrome, but I don't think I downloaded anything out of the norm. No suspicious websites.

uBlock is blocking the download of the OneLogin chrome extension, that I use for work and have never had an issue with. Noting this here in case it's useful.

Link to post
Share on other sites

In case you didn't see my previous edit.

Quote

Edit: Can you uninstall the SmartShot extension from all your Google Profiles, and see if you still get the ads?

Quote

uBlock is blocking the download of the OneLogin chrome extension, that I use for work and have never had an issue with. Noting this here in case it's useful.

You can disable uBlock Origin while OneLogin downloads and installs.

In reference to SmartShot:

https://forums.malwarebytes.com/topic/200923-cannot-get-rid-of-adware-in-my-browser-please-help/

 

Edited by Aura
Link to post
Share on other sites

It also doesn't look like they're "hiding" this behavior.

Quote

Occasionally, at our discretion, we may include or offer third party products or services on our service. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

http://getsmartshot.com/privacy/

Link to post
Share on other sites

Apparently there's an odd solution to this problem. Empty the Windows Recycle Bin, and try to install it again.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.