Jump to content

Recommended Posts

Malwarebytes has missed a malware in chrome and I can't figure out how to remove it.    The malware redirects a download link on cheatengine.org to cheatengine.srchmgrk.com , I know there is malware in chrome because when I attempt to download the same file from Edge it starts the download correctly.  However, we've wiped system and reinstalled chrome and it's still there, how can that be?  After wipe we never logged into chrome and it still happened.  The strange thing is there is an extension by this domain in chrome store but we never installed it that we know, if it was installed it's not listed any longer as an extension.  I suppose it's possible that extension is in the folder but invisible to chrome.  Any advise is appreciated. 

Share this post


Link to post
Share on other sites

Hello mball and welcome to Malwarebytes,

Make a fresh clean install of Chrome, see if that cures the issue:

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

For your Passwords go here:

https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Import Passwords... (instructions in second step above)

Next,

Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Does that help..?
 
Kevin...

Share this post


Link to post
Share on other sites

Thanks for the response, I guess we can try the reinstall again, but we had done a disk wipe and reinstalled chrome and the malware was still active.  We can see what happens, is there not a way to detect where this code is installed?

Share this post


Link to post
Share on other sites

All synced data has to be removed from Google servers before making a fresh install of Chrome, if not all backed up data is rolled back in....

The url you quote does not show as malicious by VirusTotal checks....

https://www.virustotal.com/gui/url/5b89b86d6e382638a39966b0c0952db29db600e82c1e0b42198d78063bf95895/detection

https://www.virustotal.com/gui/url/5d5b431b46915d9fd8cb1934e29f8d62c7128171e83189011eae309d5c3faa1b/detection

Share this post


Link to post
Share on other sites

Thanks for the reply, I'll try again and remove the sync data from google servers.  And thanks for the VirusTotal share.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.