Jump to content

Have to re-install Chrome nearly every day


Recommended Posts

Hi, 

I'm having the same problem as Smiley was having in one of your other posts.

Nearly every day I have to re-install chrome to get it to start.

I have win 10 home, version 1809 on a Dell Inspiron 3668 Desktop

Intel Core i5-7400 CPU @ 3. ghz

x64 based processor,  64 bit OS

RAM 12. GB

Seems to have happened since the April Windows update.

However, I use Macrium disk imaging and restored to a pre update back up.

But Windows updates itself as soon as I connect so I can't seem to avoid it.

Chrome still will not open until re-installed.

Anyway, I ran Malware Bytes, and all it found were some "PUP"; log attached.

I ran  AdwCleaner  and have attached the log file.

I ran FRST and have attached the two files.

 

Is there anything you can suggest to allow me to use Chrome normally?

It is a real PITA to have to re-install it every day.

Thank you

AdwCleanerS00.txt AdwCleaner_Debug-.log malwarebytes.txt Addition_14-04-202001_19_31.txt FRST_14-04-202001_19_31.txt AdwCleanerC01.txt AdwCleanerS01.txt

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Hi, 
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.
 
Please only just attach   all report files, etc  that I ask for as we go along.


Can you just only use the EDGE browser until we potentially get this sorted out ?

I will look at your reports & get back with you.

Just please know that Windows 10 build 1809  is from more than one year ago +.   I would like to see this Windows get to at least build 1909.

I can help you on that, and any current issue  ( if any) with Windows Update.  at least hopefully.

First we just need to see if any actual malware is on-board or not.

Link to post
Share on other sites

Just information only about Chrome.   The Windows event logs show that Chrome has been aborting  ( e.g., crashing ).  But really 'hanging'

Error: (04/13/2020 11:28:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 81.0.4044.92 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 29e8

Start Time: 01d6120c6fe3b6a8

Termination Time: 51

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 66d0f6ba-9372-421b-847b-89f9428a0dde

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

.

Error: (04/14/2020 12:16:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.15.756, time stamp: 0x5e1d960f
Faulting module name: ntdll.dll, version: 10.0.17763.831, time stamp: 0x1f1a0210
Exception code: 0xc0000094
Fault offset: 0x000000000000cd16
Faulting process id: 0x1894
Faulting application start time: 0x01d6120cd1d04502
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8119ec32-73d6-4935-9f7a-c47ff519df78
Faulting package full name:
Faulting package-relative application ID:

Error: (04/13/2020 11:40:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (04/13/2020 11:28:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

/

QUESTION:   Can you do this quick test please.   Get to the Windows RUN option by doing what follows.

Press & hold the Windows-icon-logo key on keyboard & then tap the  R  key

That should get you the RUN option box

 

In there, type in what follows verbatim   ( as-is  ).   You may use COPY then Paste

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -incognito

and tap ENTER-key to have it proceed.

Then, if that works, you should see a incognito window for Chrome - - -  which means a session of Chrome without any add-ons or extensions.

and if it is there, great .....  I would like for you to do what follows.

Using Chrome  go to https://www.google.com/settings/chrome/sync 

and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".
for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"
Check mark the line "Download history"
Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )
 
After that, make real sure that Chrome is "NOT" set to reload the pages from the last session
Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar
Then look deeper in SETTINGS
 

image.png.3fa51a324fd1a6b9827bf11a295949e6.png
 
Make real sure it is "NOT" set to "continue where you left off"

 

There will be more help, later.   Let me know about this pass here.

 

 

Link to post
Share on other sites

This is my 2nd reply in a row.  SO please do not overlook my prior one about trying a Incognito mode run with Chrome.

This here is a few things to follow up on after all that.

The main problem currently on Chrome is a PUP.Optional.SelectedSearch   ( an add-on extention on this Chrome) that needs to be removed.  There are other pup.otional type issues as well.

The last scan with Malwarebytes noted  "NO Action by user".

What we want to do is to be real SURE   all tagged items are Quarantined.

 

When you get to a quiet moment.  be sure you CLOSE all Chrome windows before you do this part.

 

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".
You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.
Next click the blue button marked Scan.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Link to post
Share on other sites

Maurice,

My name is Bill

Thank you for answering.

I am currently at work and the problem computer is at home.

Once I get home I will follow your directions.

Just for your information, I had the latest update from earlier in April but when I loaded my Macrium disk image I went to an image a  month old. 

Seems odd though, you say I have a Win version a year old but regular win updates have been installed, so by all rights the version should have been current through early March.

Be back to you in an hour or two.

 

thank you

 

Link to post
Share on other sites

Thanks for the information.   No need to rush.

Just for your information,   the FRST report is reporting that your Windows 10 Build version is 1809.   That is from the fall of 2018, even though it may have gotten some periodic small updates each month.   When we are at the point on this case past any issue of suspected malware .....I will give you tips on getting much more current on the Build version.

The current release Build for Windows 10 is Build 1909   ( fall of 2019 )  & sometime over the next few weeks or so, Microsoft will slowly rollout metered invitaions to Build 2004  ( Spring 2020 ).  For now, dont fret over this.

I am crossing my fingers that you will be able to run Chrome in Incognito mode  & do the tweaks.

Link to post
Share on other sites

Maurice,

A couple things first: After I exported the Malwarebytes log this morning I did do the quarantine.

So, when I ran it just now it found nothing. I attached the log file anyway just in case.

Also, since I re-installed chrome this morning after I re-booted, Chrome is currently working.

It also worked when I used the run line command for incognito mode.

I already had win 10 version 1909 installed ( a couple weeks ago ).

That's when the problem started.

I tried to un-install it and lost many settings in the process.

That is what prompted me to restore my March Macrium image.

Unfortunately even without the update, there seems to be a problem with Chrome ( not at the moment ).

Earlier, before I found your site I did the below:

Chromium was trying to install at every re-boot and I've read that in some cases Chromium can run unintended interference.

So, I disabled the installer, deleted all instances of anything chromium that the system would allow then booted to a cmd prompt and deleted the remains. When I re-booted, Chromium no longer tried to install.

Do you know of anyone having issues with chromium?

I realize it is virtually a beta for Chrome but also being open source and continuously edited that it could be unstable. Is ther any truth to this?

 

 

 

 

mb.txt

Link to post
Share on other sites

To your last question,  I am not familiar with "that" chromium.

That said,  I am somewhat concerned that the browser issue will repeat.   Whatever that issue is,  it surely is not from Microsoft Windows nor from Windows Update.

Today is patch Tuesday with Microsoft.  There are a number of security fixes.   I would suggest that you block some time,  and do a on-demand run to check for Updates for Windows.

go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

Then click on "Check for Updates".

Have much patience during all this.   Let it update & finish what it finds.

When prompted about Restart,  select Restart now.

 

We need for the Windows O.S.  to be up to date will all security patches / fixes / updates.

 

Link to post
Share on other sites

Maurice,

I installed version 1909 last night.

There is also a pending update for .NET framework # KB4534132 that says it requires a restart.

As well as a security update for Adobe Flash, # KB4537759 

At this time Chrome will open and function but it was working before the update.

Did you see anything in any of the logs that was suspicious, even if it is something with no known influence on Chrome?

Link to post
Share on other sites

No, I cannot say one way or the other.    I am very glad to know that this Windows is now on Build 1909.

When all updates are done, then that would be a good time to do your mirror-image offline Backup.  Backup is your best friend.

 

SecurityCheck by glax24    

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.
Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.
Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

[   2   ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.
The download links & the how-to-run-the tool are at this link at Microsoft
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
 
Let me know the result of this.
The log is named MSERT.log  
the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is
C:\Windows\debug\msert.log
Please attach that log with your reply.

 

Link to post
Share on other sites

The run of Safety Scanner is good.  Though the flagging of ccsetup  ( the setup file for CCleaner ) is something that is not of actual concern.   It is not a threat.  And at the same time, it is no  longer needed.

The SoftwareUpdater.exe on the G drive .... a good catch.   Most "software auto-updaters" are of questionable value.  It was flagged as a software bundler.

 

As t the Security Check report, you want to check to see that Avast is all up to date.

Also, do the same for Mozilla Thunderbird.

As to the Avast "Driver Updater" you should uninstall that. You do not need that add-on.    SecurityCheck says

Avast Driver Updater v.2.5.6 << Hidden Warning! Suspected  optimizer. If this program is not familiar to you it is recommended to uninstall it

 

Now, How are things generally about Chrome ?   Are you all set to go ?

I have one final suggestion for Chrome browser.

To get & install the Malwarebytes Browser Guard extension for Chrome, 
  
Open this link in your Chrome   browser: 
https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

  
Then proceed with the setup. 
 

Link to post
Share on other sites

Maurice,

I was surprised that ccleaner popped up as malware. I've been using it for many years.

As for the 'software updater'; it was on the G drive which is my external back up drive.

it's where I back up everything including my download folder for many years.  

I downloaded 'software updater' years ago and didn't like it so I uninstalled it but never deleted it from my back-up folder.

I actually went ahead and deleted it just for good measure. ( MSRT said it removed it but it was still there )

ccsetup533 was also still there even though MSRT said it sucessfully removed it.

Oddly enough, there was also copies of ccsetup # 510, # 514 and # 537 that MSRT didn't flag. I deleted all of them

I also removed Avast updater and Avast Browser extension.

I added the Malwarebytes Browser Guard extension for Chrome.

I am wondering about this from MSRT: "Found Backdoor:Win32/Floxif, partially removed."

Whatever it is it says "Partially removed". Does that mean part of it is still on the computer?

Is that something that needs to be "fully removed"?

Anyway, as of right now things seem to be working good. Chrome fires up when it is clicked.

Thank you for all your help.

Please do let me know what you think about this "backdoor"

Bill

 

Link to post
Share on other sites

It is just only the setup file for CCleaner that was tagged, because it has add-ons.   The MS Safety scanner as well as the ESET Online scanner tend to flag ccsetup.

I personally do  not consider CCleaner nor it's setup file as a malicious threat.

 

Here is what Microsoft Security Intelligence has to say about the win32/floxif     ( which is not a lot of info.   Though it does say that the Safety Scanner & the Windows' 10 Windows Defender can detect & remove it)

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Floxif!rfn

 

IF you wish, you may do a CUSTOM scan on the G:\copy docs folder

That is something you may consider.

I am going to copy below how to go about that.    Just remember you want to do a CUSTOM scan on the G drive

You can do a manual Check for Update for Windows Defender by using the Windows Settings menu.
From the Start menu, select Settings, then select Update and Security.
Next, look at the left-side menu & select Windows Security
 
 
Next, In Windows Security section:  Click on the grey button Open Windows Security
 
.
Now, click on the shield Virus and threat protection
By the way, when you see a green check-mark on your display, it means a good status  and that  protection is on.
 
 
 On the next display,  look at all the options.   Look down the list and see "Check for Updates" which I have highlighted with a blue icon.
You can click on that to have the system check for updates for Windows Defender.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.    Scan options should show in blue color.   Click that.      ( You can do Quick, Full, or Custom).
 
 
 

 

Link to post
Share on other sites

Hello.  I have been hoping to hear back from you on the current status, especially as to Chrome browser.

Kindly provide me a status update.

and in the case that you still have issues on Chrome, then (a) I would still advise to switch to the Brave browser instead

( b) if you still insisted on using Chrome, then take a look at this pinned post on this forum

 

Link to post
Share on other sites

Maurice,

Sorry, life got in the way. I haven't actually sat down at the desktop for days. Last I did, it was working well. My girlfriend was using it today and said it was doing well for her. For now, until I'm confident, I have Macrium doing a full image once a week. Fortunately, my back up drive is two terabytes. Each image is nearly 70 gb. I'll go back to monthly images eventually.

So anyway, all seems good right now.

I thank you very much for all your help.

Link to post
Share on other sites

Hello.   Thanks for the update status.   So now we can wrap up this case.

These steps are then to cleanup on the tools that were used.

Delete msert.exe

Delete Securitycheck.exe

To remove the FRST64 tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe  .

Then run that ( double click on it)  to begin the cleanup process.

.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Don't remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"
https://blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-malware-infection/
.
I wish you all the best.   Stay safe.  Stay strong.

Sincerely,

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.