Jump to content
riverm

Pop-up malware message: "You are using outdated version of Chrome...."

Recommended Posts

Hi Malwarebytes Team,

I need your help to remove Pop-up malware  message  "You are using outdated version of Chrome...."  
(Data on internet that is a NetSupport Manager RAT Trojan ?)

I tried the following: 
1.    Malwarebytes 3.6.1.2711 (Updates: Current)
2.    Google Help website “Remove unwanted programs (Windows, Mac)”
3.    Kaspersky Total Security

My Platform
-Windows 10
-Chrome - Version 69.0.3497.100 (Official Build) (64-bit)

Thank you,
River
 

Chrome_Scan_New_Version.PNG

Share this post


Link to post
Share on other sites

Hello riverm and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

Please read the content in the topic I'm infected - What do I do now?, run the scans and attach the requested logs for my review.

Thank you.

Android8888

(Rui)

 

Share this post


Link to post
Share on other sites

Hello riverm,

12 hours ago, riverm said:

Thank you for the prompt response. 

You're welcome.

 

Some set of instructions may be long or you can stay without Internet connection for a while so I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Make sure to run all tools from the computer Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).


Okay, follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,

  • Download the latest version of AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click on the blue button 'I AGREE';
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


Next,

Reset all Browsers to Default Settings.

Please visit each of the following sites and to reset your browsers back to default to prevent unexpected issues.

If you are not using one of the browsers but it is installed, then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection.

Internet Explorer
How to reset Internet Explorer settings

Microsoft Edge
How to Reset Microsoft Edge in Windows 10

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

  • First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png button and then click it to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
     
    • run_command.png
       
  • Type in (or copy/paste) the following and press Enter:      %localappdata%\Google\Chrome\User Data\Default\
     
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them. This is what it should look like:

    chrome_files_folders.png
     
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.

Restart your computer now and make sure there are no longer any redirects or other browser issues. 


In your next reply please attach:
Fixlog.txt;
AdwCleaner clean log; It can be found here C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number -- the highest number is the most updated)
Malwarebytes log;
 

How is the computer running now? Does the popup message still appearing?

Thank you.

Rui

fixlist.txt

Share this post


Link to post
Share on other sites

Hi Riverm,

You did not attach the Fixlog.txt and Malwarebytes logs.

Could you attach them for my review please?

Thank you.

Rui

Share this post


Link to post
Share on other sites

Hi Rui,

I did not find Fixlog.txt when I run FRST. 
When click on FRST.exe it generated an error message. But it run well after click on Scan. 

Please see attached MalwareBytes log and error message screenshot.

Thank you,
Riverm

Malwarebytes_Summary.txt

FRST_Application_Error.PNG

Share this post


Link to post
Share on other sites

Hi riverm,

Please restart the computer now.

Then re-run FRST64.exe with administrator privileges.

When FRST open click on the Fix button and wait.

When complete it will open a Notepad file called Fixlog.txt

Please attach it in your reply.

 

Share this post


Link to post
Share on other sites

Hi Riverm,

Thank you for attaching the log and for your patience and time. The fix script removed some orphaned entries in the Registry.

Now, to be sure the system is completely clean I would like you run a final scan with ESET Online Scanner. This is a very thorough scan and can take several hours to complete but it's worth it. I suggest that you run it when you are not using the computer or during the night.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
    3. Please disable your Antivirus program to avoid potential conflicts, improve the performance and speed up the scan. See here on how to do it.
    4. Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    5. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.

  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESET.txt. Include the content of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Don't forget to re-enable your Antivirus program.

 

Please copy and paste the content of the ESET log (if it produced one) and let me know if there are any more issues on this computer that need to be addressed.

Thank you.

Rui

 

Share this post


Link to post
Share on other sites

Hi Rui,


Thank you for continue working on my problem.
I am traveling now.  I will run ESET Scanner early next week.

Thank you,
Riverm
 

Share this post


Link to post
Share on other sites

Hi riverm,

That's ok. I'll wait for the result.

Thanks for letting me know and have a nice weekend.

Rui

Share this post


Link to post
Share on other sites

Hi riverm,

It's been three weeks since your last reply.

Do you still need assistance?

Thank you.

Rui

Share this post


Link to post
Share on other sites

Hi Rui,

Sorry for the delay. I am traveling and very busy with couple important projects that cannot wait.
After your implementation your suggestions,  I have not seen new pop-up messages.
In addition my laptop started to work a lot better. Right now with only 8GB RAM I can work on large imaging files. Before it was  was slow  and it crashed a lot. 

Thank you again for dedicating your time working on this problem.

Best Regards,
Riverm 
 

Share this post


Link to post
Share on other sites

Hi Riverm

I'm glad to know that! :)

If all is running well with the computer, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.
 
Keep your Windows Operating System and Antivirus up-to-date. Always!
 
Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A complete guide on using MBAM can be found here
 
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program with resident protection at a time.
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.
 
A similar category of programs is called "scareware" or Rogue programs. Rogue programs are active infections that will pop-up on your computer and tell you that you are infected when you are not. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible.
 
Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.
 
Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.
 
Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
 
Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
 
Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
 
Don't click on links received in instant message programs.
 
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here
 
For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
 
So how did I get infected in the first place
Answers to common security questions - Best Practices
 
Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.
 
Happy surfing and stay safe.
 
With my best regards.
 
Android8888
(Rui)

 

Share this post


Link to post
Share on other sites

Hi Rui,

Thank you for the your recommendations for the computer protection.

It is absolutely great that regular users can have help from Elite experts as you.

One more question: What is your opinion about VMware for personal computers as part of Antivirus?

Thank you again,
Riverm

Share this post


Link to post
Share on other sites

Hi Riverm,

Thank you for trusting in our help. You're always welcome. :)


Regarding your question:
From what I can understand I guess you are thinking in using VMware to complement the protection of an antivirus product because VMware works in a virtual environment and as such it can't infect the host computer.

Well, theory and practice are the same in theory, but often different in practice. There have been vulnerabilities in VM hypervisors that allow malware to breach the separation and infect the host computer. It's difficult to do, but it can be and has been done.

If you want to have a safe surfing on Internet or even perform tests on a controlled environment without infect your computer I suggest you use a Sandbox. It's a different concept of VMware. Personally, I think a Sandbox becomes easier and more practical than a VM. But this also depends on your own purposes.
Sandbox (computer security)
What’s A Sandbox, And Why Should You Be Playing in One
Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program


Any further questions?

Share this post


Link to post
Share on other sites

Hi Rui,

Thank you for advice. I will learn and try Sandbox.

I will definitely will looking for your help in future.

Sincerely,
Riverm

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.