TapperD Posted May 13, 2017 ID:1124642 Share Posted May 13, 2017 Hello, I've tried everything I could find online to solve this, but nothing has actually helped. I do not have any malicious extensions or apps installed, I have tried resetting chrome, I have scanned my mac with ClamXav, Sophos Antivirus, Avast, Combo Cleaner, Kaspersky Internet Security, Bitdefender Adware removal tool and none of these found anything during the scans. Malwarebytes's scan found two things which it removed but all the rest, nothing. And every other scan with Malwarebytes comes clean. My search settings and homepage settings are all intact and there wasn't anything suspicious at all. But when chrome is idle for a while or I'm reading something on a website, there's suddenly a muted tab opened (first it was for a dating site, then betting, and most recently a clean my mac page). I also tried Bitdefender Virus Scanner for Mac, and it found a spigot extension for safari and quarantined it. The file appeared to be stored in ClamXav's folder for some reason. (I do not even use Safari, and when I checked before the scan, no extensions have been installed on that browser, and the same goes for Firefox). I've also checked whether the router has been hijacked (https://campaigns.f-secure.com/router-checker/en_global/) and everything seems to be fine. I tried changing the DNS settings to Google's, but it wouldn't connect for a long time so I left it as it was initially. It seems to have been passed to another Windows laptop at home, but when the PC was scanned with Malwarebytes, Clamwin, and CCcleaner nothing seemed to help and the problem occurs on both computers. Windows Defender found BrowserModifier:Win32/Diplugem and removed it, but the ad tabs keep coming. How can I get rid of this? Is it possible that the specific IP is targeted and it's not one of the two devices actually being infected? PS. I've attached the log file from Malwarebytes and from Bitdefender Virus Scanner. Link to post Share on other sites More sharing options...
FredHarrington Posted May 21, 2017 ID:1128588 Share Posted May 21, 2017 I have exactly the same issue. Please post an update if you have found a way to fix it. Link to post Share on other sites More sharing options...
Staff treed Posted May 21, 2017 Staff ID:1128657 Share Posted May 21, 2017 On 5/13/2017 at 5:08 PM, TapperD said: I also tried Bitdefender Virus Scanner for Mac, and it found a spigot extension for safari and quarantined it. The file appeared to be stored in ClamXav's folder for some reason. It looks like ClamXav had already quarantined that extension, so it would not have been active on your system any longer. You'd have to check ClamXav's logs to see when it was quarantined, but my guess is that this has nothing to do with your current issue. Can you send a system snapshot taken with Malwarebytes Anti-Malware for Mac? To do so, open Malwarebytes Anti-Malware for Mac and choose Take System Snapshot from the Scanner menu. Then, in the window that opens, select all the text (Edit → Select All), copy it and paste into a reply to this message. Alternately, if you'd prefer not to post that information publicly, send me a direct message. Click on my name or profile picture at left, and then click the Message button. BTW, sorry for the delay getting back to you... I normally get notifications for posts in this forum, but sometimes it fails, so I didn't see your post until now. Link to post Share on other sites More sharing options...
Staff treed Posted May 21, 2017 Staff ID:1128658 Share Posted May 21, 2017 6 hours ago, FredHarrington said: I have exactly the same issue. Please post an update if you have found a way to fix it. If you follow the directions I gave TapperD, I can look at your information as well. Link to post Share on other sites More sharing options...
TapperD Posted May 27, 2017 Author ID:1130740 Share Posted May 27, 2017 On 5/21/2017 at 5:19 AM, FredHarrington said: I have exactly the same issue. Please post an update if you have found a way to fix it. Well, apart from scanning my macbook with everything I could find out there, and resetting chrome two times, I added the uBlock origin extension and checked all the filters for malware domains and since then I haven't had a new tab open up. I don't know how effective this was, or if I'm in an adware illusion, but at least it worked. Let me know if you give this a try and if it works for you. Link to post Share on other sites More sharing options...
TapperD Posted May 27, 2017 Author ID:1130742 Share Posted May 27, 2017 On 5/21/2017 at 0:10 PM, treed said: Can you send a system snapshot taken with Malwarebytes Anti-Malware for Mac? Hi Treed, thanks a lot for your reply and apologies for writing back so late. Here's the snapshot of the system: Malwarebytes Anti-Malware 1.2.6.730 system report - May 27, 2017 at 12:13:59 GMT+2 Mac OS X version Version 10.11.6 (Build 15G1421) System uptime: 0d 00:02:07 Helper tool version: 1.2.6.730 Signatures version: 201 Safari extensions ----------------------- Minxy Minxy Name: DivX Plus Web Player HTML5 <video> Path: /Users/Minxy/Library/Safari/Extensions/DivXHTML5.safariextz Modified: 2013-07-19 09:57:58 +0000 Chrome extensions ----------------------- Minxy Default Name: Duolingo on the Web Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/aiahmijlpehemcpleichkcokhegllfjl Modified: 2016-07-06 17:50:30 +0000 Name: Google Drive Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf Modified: 2015-10-23 03:41:09 +0000 Name: YouTube Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo Modified: 2015-10-02 19:24:54 +0000 Name: uBlock Origin Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/cjpalhdlnbpafiamejdnhcphjbkeiagm Modified: 2017-05-20 10:03:38 +0000 Name: Google Search Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/coobgpohoikkiipiblmjeljniedjpjpf Modified: 2015-10-31 18:01:19 +0000 Name: Session Buddy Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/edacconmaakjimmfgnblocblbcdcpbko Modified: 2017-05-08 13:16:46 +0000 Name: Closed tabs Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/eonffnnfmbfnmjpaiigdclmfelolemah Modified: 2016-08-18 09:53:59 +0000 Name: QCLean:Remove Facebook Ad,Suggested Page&Post Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/fdhhejjkjfjkchkimomgfegnpapndjne Modified: 2017-01-21 14:24:06 +0000 Name: Wunderlist - To-do and Task list Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/fjliknjliaohjgjajlgolhijphojjdkc Modified: 2016-01-22 01:30:11 +0000 Name: PDF Mage Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/gknphemhpcknkhegndlihchfonpdcben Modified: 2016-10-21 10:58:55 +0000 Name: Pinterest Save Button Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/gpdjojdkbbmdfjfahjcgigfpmkopogic Modified: 2017-04-22 11:15:22 +0000 Name: Symphonical Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hcgllakjbbignhambejggdljofdagfja Modified: 2013-11-09 19:11:39 +0000 Name: LastPass: Free Password Manager Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd Modified: 2017-05-12 18:30:07 +0000 Name: feedly Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hipbfijinpcgfogaopmgehiegacbhmob Modified: 2016-08-23 08:18:08 +0000 Name: Eye Dropper Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/hmdcmlfkchdmnmnmheododdhjedfccka Modified: 2016-10-06 23:45:40 +0000 Name: Unseen Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/iicapmagmhahddefgokbabbgieiogjop Modified: 2017-03-20 05:50:44 +0000 Name: Grammarly for Chrome Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/kbfnbcaeplbcioakkpcpgfkobkghlhen Modified: 2017-05-18 08:33:58 +0000 Name: The Great Suspender Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/klbibkeccnjlkjkiokjodocebajanakg Modified: 2017-03-05 20:10:25 +0000 Name: Save as PDF Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/kpdjmbiefanbdgnkcikhllpmjnnllbbc Modified: 2016-11-05 12:48:25 +0000 Name: Momentum Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/laookkfknpbbblfpciffpaejjkokdgca Modified: 2017-05-01 21:10:20 +0000 Name: Numerics Calculator & Converter Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/liglcienpnkhdajdfmnpbgmpjglonipe Modified: 2014-01-17 06:41:00 +0000 Name: Currency Converter Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/lncdobdbibdgoiohgnflmjajfphcnakg Modified: 2017-04-26 12:14:40 +0000 Name: Boomerang for Gmail Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/mdanidgdpmkimeiiojknlnekblgmpdll Modified: 2017-05-17 10:07:58 +0000 Name: Do It (Tomorrow) Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/nfagjoblnoeagfhfhohcdklnddjaiglo Modified: 2014-12-28 10:10:35 +0000 Name: Save to Pocket Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj Modified: 2017-04-25 14:20:23 +0000 Name: Chrome Web Store Payments Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda Modified: 2017-03-10 11:40:15 +0000 Name: Buffer Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/noojglkidnpfjbincgijbaiedldjfbhh Modified: 2017-05-10 10:31:02 +0000 Name: Print Friendly & PDF Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/ohlencieiipommannpdfcmfdpjjmeolj Modified: 2017-02-04 12:29:27 +0000 Name: Gmail Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia Modified: 2015-04-03 15:35:55 +0000 Name: Chrome Media Router Path: /Users/Minxy/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm Modified: 2017-05-17 10:07:58 +0000 Profile 2 Name: Google Slides Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/aapocclcgogkmnckokdopfmhonfmgoek Modified: 2016-02-22 00:08:22 +0000 Name: Google Docs Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/aohghmighlieiainnegkcijnfilokake Modified: 2016-02-22 00:08:36 +0000 Name: Google Drive Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/apdfllckaahabafndbhieahigkjlhalf Modified: 2016-02-22 00:08:36 +0000 Name: YouTube Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo Modified: 2016-02-22 00:08:36 +0000 Name: Google Search Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/coobgpohoikkiipiblmjeljniedjpjpf Modified: 2016-02-22 00:08:36 +0000 Name: Session Buddy Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/edacconmaakjimmfgnblocblbcdcpbko Modified: 2017-05-08 17:20:57 +0000 Name: Closed tabs Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/eonffnnfmbfnmjpaiigdclmfelolemah Modified: 2017-03-17 18:14:30 +0000 Name: Google Sheets Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/felcaaldnbdncclmgdcncolpebgiejap Modified: 2016-02-22 00:08:17 +0000 Name: Google Docs Offline Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi Modified: 2016-10-16 12:55:37 +0000 Name: LastPass: Free Password Manager Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/hdokiejnpimakedhajhdlcegeplioahd Modified: 2017-05-14 11:04:38 +0000 Name: feedly Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/hipbfijinpcgfogaopmgehiegacbhmob Modified: 2017-04-07 10:55:30 +0000 Name: Save to Pocket Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/niloccemoadcdkdjlinkgdfekeahmflj Modified: 2017-04-25 18:15:46 +0000 Name: Chrome Web Store Payments Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/nmmhkkegccagdldgiimedpiccmgmieda Modified: 2017-03-12 20:50:33 +0000 Name: Gmail Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/pjkljhegncpnkpknbcohdijeoejaedia Modified: 2016-02-22 00:08:36 +0000 Name: Chrome Media Router Path: /Users/Minxy/Library/Application Support/Google/Chrome/Profile 2/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm Modified: 2017-05-17 12:03:54 +0000 Chrome Name: [unknown Chrome extension format] Path: /Users/Minxy/Library/Application Support/Google/Chrome/External Extensions/lmjegmlicamnimmfhcmpkclmigmmcbeh.json Modified: 2015-01-13 22:41:03 +0000 Firefox extensions ----------------------- Minxy a6qold36.default-1475404622954 Name: [name not found in install.rdf] Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/ffext_basicvideoext@startpage24.xpi Modified: 2016-10-22 12:28:23 +0000 Name: Xmarks Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/foxmarks@kei.com Modified: 2017-02-19 15:35:38 +0000 Name: LastPass: Free Password Manager Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/support@lastpass.com Modified: 2017-05-20 17:31:05 +0000 Name: [name not found in install.rdf] Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/vdpure@link64.xpi Modified: 2016-10-22 12:30:46 +0000 Name: Session Manager Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi Modified: 2017-02-01 13:58:12 +0000 Name: Download YouTube Videos as MP4 Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi Modified: 2017-02-19 15:43:44 +0000 Name: Video DownloadHelper Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi Modified: 2017-05-16 13:49:50 +0000 Name: Adblock Plus Path: /Users/Minxy/Library/Application Support/Firefox/Profiles/a6qold36.default-1475404622954/extensions/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Modified: 2016-12-03 17:28:38 +0000 User Login Items ----------------------- User: Minxy Name: iTunesHelper Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app Name: Flux Path: /Applications/Flux.app Name: Stickies Path: /Applications/Stickies.app Name: Dropbox Path: /Applications/Dropbox.app Name: EvernoteHelper Path: /Applications/Evernote.app/Contents/Library/LoginItems/EvernoteHelper.app System startup items ----------------------- /Library/StartupItems/.DS_Store User launch agents ----------------------- /Users/Minxy/Library/LaunchAgents/.DS_Store /Users/Minxy/Library/LaunchAgents/com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist /Users/Minxy/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist /Users/Minxy/Library/LaunchAgents/com.ea.origin.WebHelper.plist /Users/Minxy/Library/LaunchAgents/com.lastpass.LastPassHelper.plist /Users/Minxy/Library/LaunchAgents/com.valvesoftware.steamclean.plist /Users/Minxy/Library/LaunchAgents/uk.co.canimaansoftware.clamxav.UninstallWatcher.plist System launch agents ----------------------- /Library/LaunchAgents/com.google.keystone.agent.plist /Library/LaunchAgents/com.paragon-software.facebook.agent.plist /Library/LaunchAgents/com.paragon-software.NTFS.fsnotify.agent.plist /Library/LaunchAgents/com.sophos.uiserver.plist /Library/LaunchAgents/com.wacom.wacomtablet.plist System launch daemons ----------------------- /Library/LaunchDaemons/com.ea.origin.ESHelper.plist /Library/LaunchDaemons/com.google.keystone.daemon.plist /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist /Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist /Library/LaunchDaemons/com.paragon-software.NTFS.fsnotify.daemon.plist /Library/LaunchDaemons/com.paragon.NTFS.launch.plist /Library/LaunchDaemons/com.sophos.common.servicemanager.plist /Library/LaunchDaemons/uk.co.canimaansoftware.ClamXavHelper.plist /Library/LaunchDaemons/uk.co.canimaansoftware.ClamXavHelperUpdater.plist Kernel extensions ----------------------- /System/Library/Extensions/BJUSBLoad.kext /System/Library/Extensions/EPSONUSBPrintClass.kext /System/Library/Extensions/hp_designjet_series.kext /System/Library/Extensions/hp_Deskjet_io_enabler.kext /System/Library/Extensions/hp_fax_io.kext /System/Library/Extensions/hp_Inkjet1_io_enabler.kext /System/Library/Extensions/hp_Inkjet3_io_enabler.kext /System/Library/Extensions/hp_Inkjet4_io_enabler.kext /System/Library/Extensions/hp_Inkjet7_io_enabler.kext /System/Library/Extensions/hp_Inkjet8_io_enabler.kext /System/Library/Extensions/hp_Inkjet_io_enabler.kext /System/Library/Extensions/hp_Officejet_io_enabler.kext /System/Library/Extensions/hp_Photosmart_io_enabler.kext /System/Library/Extensions/hp_psa640_io_enabler.kext /System/Library/Extensions/hp_qc_io_enabler.kext /System/Library/Extensions/LexmarkUSBMerge.kext /System/Library/Extensions/SiLabsUSBDriver.kext /System/Library/Extensions/SiLabsUSBDriver64.kext /System/Library/Extensions/Wacom Tablet.kext /Library/Extensions/ACS6x.kext /Library/Extensions/ArcMSR.kext /Library/Extensions/ATTOCelerityFC8.kext /Library/Extensions/ATTOExpressSASHBA2.kext /Library/Extensions/ATTOExpressSASRAID2.kext /Library/Extensions/BJUSBLoad.kext /Library/Extensions/CalDigitHDProDrv.kext /Library/Extensions/CIJUSBLoad.kext /Library/Extensions/HighPointIOP.kext /Library/Extensions/HighPointRR.kext /Library/Extensions/hp_io_enabler_compound.kext /Library/Extensions/PromiseSTEX.kext /Library/Extensions/SoftRAID.kext /Library/Extensions/SophosFileProtection.kext /Library/Extensions/SophosWebProtection.kext /Library/Extensions/ufsd_NTFS.kext launchd.conf contents ----------------------- Hosts file ----------------------- ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost ### Begin DesktopServer - do not edit this and proceeding lines ### 127.0.0.1 www.wpwebtest.dev ### End DesktopServer - do not edit this and preceeding lines ### Scan log ----------------------- 2017-05-11 16:33:58 : 2017-05-11 16:33:59 : ----- Scan Started ----- 2017-05-11 16:33:59 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 16:34:01 : Adware.Spigot : /Users/Minxy/Library/Application Support/Spigot 2017-05-11 16:39:46 : PUP.Hotger : /Users/Minxy/hotger 2017-05-11 16:40:05 : *** Scan time: 0d 00:06:06 *** 2017-05-11 16:40:05 : ------ Scan Ended ------ 2017-05-11 16:40:15 : Removing detected threats... 2017-05-11 16:40:15 : Removing Item: /Users/Minxy/Library/Application Support/Spigot 2017-05-11 16:40:15 : Removing Item: /Users/Minxy/hotger 2017-05-11 16:40:15 : ---- Threat Removal Complete ---- 2017-05-11 17:15:21 : 2017-05-11 17:15:22 : ----- Scan Started ----- 2017-05-11 17:15:22 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 17:19:55 : *** Scan time: 0d 00:04:32 *** 2017-05-11 17:19:55 : ------ Scan Ended ------ 2017-05-11 17:51:06 : 2017-05-11 17:51:07 : ----- Scan Started ----- 2017-05-11 17:51:07 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 17:54:51 : *** Scan time: 0d 00:03:44 *** 2017-05-11 17:54:51 : ------ Scan Ended ------ 2017-05-11 20:04:36 : 2017-05-11 20:04:36 : ----- Scan Started ----- 2017-05-11 20:04:37 : Scanning with signatures version 196 (2017-5-9) 2017-05-11 20:07:57 : *** Scan time: 0d 00:03:20 *** 2017-05-11 20:07:57 : ------ Scan Ended ------ 2017-05-13 23:00:30 : 2017-05-13 23:00:30 : ----- Scan Started ----- 2017-05-13 23:00:30 : Scanning with signatures version 198 (2017-5-12) 2017-05-13 23:03:49 : *** Scan time: 0d 00:03:18 *** 2017-05-13 23:03:49 : ------ Scan Ended ------ 2017-05-14 14:13:19 : 2017-05-14 14:13:20 : ----- Scan Started ----- 2017-05-14 14:13:20 : Scanning with signatures version 198 (2017-5-12) 2017-05-14 14:16:40 : *** Scan time: 0d 00:03:20 *** 2017-05-14 14:16:40 : ------ Scan Ended ------ _____End Snapshot______ Like I told FredHarrington, the issue does not seem to appear anymore, and I think it's because I've activated the malware filters that come with the uBlock origin extension for chrome. I hope it is safe to assume there is no threat creeping somewhere in there, especially since all the scans I've run come clean. Thanks a lot for your help with this! Link to post Share on other sites More sharing options...
Staff treed Posted May 27, 2017 Staff ID:1130761 Share Posted May 27, 2017 You have a known bad Chrome extension, but the last time you scanned with Malwarebytes, it hadn't yet been detected. Do another scan, and it will remove the Unseen extension. uBlock might be covering up the symptoms, but you should still get rid of the problem. (In general, using an ad blocker to stop ads that are not normal for the sites you're visiting is not a good idea. It just obscures the symptom, but leaves the problem still present.) In addition, you have a LOT of Chrome extensions. I wouldn't recommend having more than about 5 third-party browser extensions total. Adding more just increases the odds of having problems, especially in Chrome, for which there is a constant stream of new malicious extensions. Thinning out the extensions you have installed would be strongly recommended. See: https://support.malwarebytes.com/customer/portal/articles/2045724-?b_id=9511 Link to post Share on other sites More sharing options...
TapperD Posted May 28, 2017 Author ID:1131040 Share Posted May 28, 2017 On 5/27/2017 at 3:44 PM, treed said: You have a known bad Chrome extension, but the last time you scanned with Malwarebytes, it hadn't yet been detected. Do another scan, and it will remove the Unseen extension. I removed the extension directly in chrome, and ran the scan once again and it all came out clean. I do get that this is not the way to use an ad-blocker, but how can I fix the issue when nothing comes on *any* scan after those first initial threats that were detected and removed? Also, I've been using the FBunseen extension for over two years now way before this issue started happening and unlike PCs, the options for mac are very few in terms of solutions. I've disabled some of the extensions I have, but if the problem is not any malicious extensions, this doesn't seem to fix anything either..? Link to post Share on other sites More sharing options...
Staff treed Posted May 29, 2017 Staff ID:1131144 Share Posted May 29, 2017 It is a common problem among Chrome extensions for them to be obtained by adware creators, who will then release an update that causes a formerly-legitimate extension to become adware. So the fact that you've used an extension for years does not mean that it can't be the problem. We've seen numerous cases of problems caused by that Unseen extension. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now