Jump to content
InternetIncome

AceStream Chrome Extension Continually Re-Installs Itself Unwantedly

Recommended Posts

I have the same problem as another user on this forum but they never finished replying to the thread, and the moderator closed it. 

He stopped replying as the fix was almost complete for everyone to see but the link to the txt file the moderator said needed to be used to fix the problem is no longer working. 

This is the original thread:

https://forums.malwarebytes.com/topic/234870-chrome-extension-coming-back-after-fresh-install-of-chrome/

Since we most likely have different setups and in order to save some time I'd be willing to try the fix the moderator suggested for that user without needing him to go through my log files and setup (also saving me the time of creating them).

The only extra info I can offer is that I use IOBit Uninstaller to remove the plug-in as well since when you remove it from Chrome via the settings/Extensions menu you won't see it in Chrome any longer but it shows up in IOBit under Plug-Ins. No matter what though, some mysterious "other program" always re-installs the extension whether I use IOBit or Chrome Extension settings page to remove it.

A terrible and deceitful plug-in that clearly operates in extreme bad faith/taste, no idea how Chrome still allows this extension in their store. Thanks in advance for the help, it's appreciated.

Share this post


Link to post
Share on other sites

Hi,    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

We do need reports from this system before we get going.

Please only just attach   all report files, etc  that I ask for as we go along.

 


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.3.749.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites

Hello,

I have re-opened the topic, per your request.   I will post a new reply shortly.

Share this post


Link to post
Share on other sites

Hi.

The next first thing  I would like you to do is to do a special Update run in the Malwarebytes program.

Start Malwarebytes for Windows.   Then click on the Settings ( gear ) icon at the top right.

Then look on the General tab.   Look for & click on the button Check for Updates.

Watch the process and follow the prompts.

 

NEXT,      Run a  new scan with Malwarebytes.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color

Now click the small X  to get back to the main menu window.


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.    Then please attach a copy of the last Scan report.   See   View Reports and History in Malwarebytes for Windows v4

 

Edited by AdvancedSetup
updated links

Share this post


Link to post
Share on other sites

@scifiguy    No, please do NOT  piggy back on this case.  I have advised you to Create a new case for you.   Please do that.

I will be removing your post from this case.

See   https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

 

THIS topic here is ONLY for InternetIncome   and only for them.  We do not do me-too group posts in the malware-removal-help section.

 

Share this post


Link to post
Share on other sites

Thanks.

I would like to have your Malwarebytes for Windows to be on component package 1.0.793

My pc has been on the Malwarebytes 4 Beta for a good while  & it got component package 1.0.793  just last week.   ( 1.0.793 is the latest  release )

Yours is on   component package  1.0.781

You should consider setting your Malwarebytes to be in the Beta   ....if anything that action should  trigger a prompt for update.

Malwarebytes >>  Settings  >> General tab

click on ( turn on)  Beta Updates    which is down the screen of the General tab   & then scroll back up & click on button Check for Updates.

 

.

Now then, lets do a different scan.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

I tried to enable Beta Mode in MalwareBytes but that option is only available for paid subscribers, I am using the free version. Also, no I won't buy the program to further this discussion. Any solutions should work with free version.

 

I've followed your other instructions and included the Adwcleaner log file as requested.

Adwcleaner Clean Report.txt

Share this post


Link to post
Share on other sites

The Adwcleaner report has removed some adwares.   It also removed a few elements of "acestream".

 

Run a new scan with Malwarebytes for Windows 4.
Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color

Now click the small X  to get back to the main menu window.


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.

 

Share this post


Link to post
Share on other sites

Sorry for the delayed response, your replies got lost in my inbox.

 

I ran the scan as requested and it found nothing on the 1st scan so there was nothing to be quarantined. Repeated the same scan for good measure as requested with the same results. What's next?

 

Also I would like to take this opportunity to say thank you so much for taking the time to answer these posts and help me with this technical problem. Without your expertise I would be absolutely lost and at the mercy of this deceitful browser plug-in. Hats off to you my friend!

Share this post


Link to post
Share on other sites

Hi,

You are welcome.   I would like to gather a fresh readout report for my review.

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.3.749.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

Share this post


Link to post
Share on other sites

Hi.

What follows is a custom tweak for Chrome for the Acestream booger.   Please close all un-needed open programs you may have opened yourself manually.

Do that before doing this procedure.

 

This custom script is for  InternetIncome   only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  DOWNLOADS  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the Desktop.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

and when you post back, tell me how Chrome browser is doing over-all.

.

Your Windows 10 should be updated to the latest Windows 10 build.

I would suggest  to upgrade to the Windows 10 build 1909 ( or November 2019 build).  You should be able to manually get it thru Windows Update. 
It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered. 
The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update. 
The Windows Update ( eventually) will have a display like this when it shows up. 
Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready. 

 

image.png.571aaf1740f7adf9017e5eb68f60e1f1.png

 

Getting that Windows build update will put this pc in a better position for a more secure operating system. 
 

Sincerely,

Maurice

 

Fixlist.txt

Share this post


Link to post
Share on other sites

 

Hello I've followed all instructions as requested and included the FIXLOG.txt file. 

 

FYI the "run" on the tool went very quickly (2-3 mins) and did not require a restart upon completion. It created the FIXLOG.txt file and opened it for viewing after. 

 

AceScript still shows up as an installed plug-in when I check with IOBit Uninstaller but AceScript/Stream does not show up in Chrome extensions. This has happened before when I thought I removed it but in that instance, when I removed through IOBit (the only program on my PC that could see it's installed) it re-installed itself onto Chrome and was subsequently displayed on the Extensions page of Chrome settings.

 

I will try to remove it later through IOBit after the Windows Update is installed. 

 

I am installing the Windows update after I post this as I wanted to follow instructions to the letter and not have the update potentially include things you didn't account for in my scan logs and as a result, the fix you generated, thanks.

Fixlog.txt

Share this post


Link to post
Share on other sites

Thanks for the Fixlog report.

As to Iobit,  I cannot recommend that.

 

Be sure that Google Chrome is not set to have SYNC "on".

Using Chrome browser   need you to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

Share this post


Link to post
Share on other sites

SUCCESS!!! :))) ......well at least as far as I can tell lol. AceStream/Script no longer shows up in Chrome Extensions or "Installed Plug-Ins" listed on IOBit Uninstaller. I don't want to declare victory until I can confirm it though. I also don't want to take your time away from other people that need it.

Is there a scan I can complete for your review that would allow you to 100% confirm every piece of it has been removed from my system?

Either way, THANKS AGAIN SO MUCH FOR YOUR HELP!!! I really appreciate it. So far as I can tell the problem is solved, cheers!

Share this post


Link to post
Share on other sites

Thanks for the news / status update.

You should run a new scan with Malwarebytes for Windows.

and you should do a new run with ADWCLEANER.

.

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome. 
To get & install the Malwarebytes Browser Guard extension for Chrome, 
  
Open this link in your Chrome   browser: 
https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee
  
Then proceed with the setup. 

Also suggested for Chrome or Brave browser, the NoScript add-on extension for added protection from script exploits  
https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm
  
.
If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension. 
Open this link in your Firefox browser:    
https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/
Then proceed with the setup. 
That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.
.
 

Share this post


Link to post
Share on other sites

Hi.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. 

 

Best  practices & malware prevention: 
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. 
First rule of internet safety: slow down & think before you "click". 

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). 

 
Free games & free programs are like "candy". We do not accept them from "strangers". 

,

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. 
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. 
 
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. 
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". 
 
Use a Standard user account rather than an administrator-rights account when "surfing" the web. 
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html 
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. 
 
 
Do a Windows Update. 
 
Make certain that Automatic Updates is enabled. 
https://support.microsoft.com/en-us/help/12373/windows-update-faq 

 
 
 
Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. 
 
For other added tips, read "10 easy ways to prevent malware infection" 

. 

 

To help cleanup on tools used:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

 

If your security program alerts to Delfix either, accept the alert or turn your security off.

please right-click on Delfix  and choose run as administrator

Make Sure the following items are checked:

  Remove disinfection tools <----- this will remove tools we may have used.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.