iyfnzgb.com keeps opening Google Chrome randomly

[macman507]

I was foolish enough to click fast and allow my comp to get infected with something (opening an already suspicious .exe and allowing it to run after a warn from the Windows SmartScreen)

That keeps opening Google Chrome at random. Sometimes it opens after half an hour passed, sometimes takes more. (not even my default browser btw) and tries to go to random sites, usually it's "iyfnzgb.com". The adblock is stopping the site from loading at least, except one site with fake surveys.

 

I tried cleaning the PC with like 5 different adware and malware removers, but none of them seemed to help, so that's why i'm here asking for help.

I already deleted the file that i suspect caused this, but it kept happening even after, so downloaded the files again (didn't run them again) and uploaded them to virustotal, it should've been obvious i shouldn't have run it in the first place after looking at the results.. So i could give links to the scanning results if needed or upload the files themselfs somewhere to check on them.

FRST.txt Addition.txt Malwarebytes Threat Scan log.txt

[Maurice Naggar]

Hi,     
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.
Thanks for the reports. 

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

 

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

[   6    ]

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

[Maurice Naggar]

Added note:  The Farbar F R S T report shows that Chrome is set to reload 'the last session'.   It reports 

CHR Session Restore: Default -> is enabled.

Per my last reply, be real sure to turn that Off on Chrome  and any other browser on this system.

[macman507]

Hello, i did these, and attached the report.

I accidentally left Firefox on session restore.. before i ran AdwCleaner, but hopefully it didn't affect anything.

 

So far it didn't open the browser automatically, but it can take a long time for that to happen, so i'll post again if it happens or later today.

 

AdwCleaner[C00].txt

[macman507]

It opened again just now.

[macman507]

Also i just noticed, that i didn't left Firefox on session restore.

[Maurice Naggar]

Thank you for the Adwcleaner report.    

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.

[macman507]

It seems like the problem has been fixed. Chrome didn't open up automatically for 12+ hours now.

I have found some remaining files on the computer, that were related (had similar names) to the infected .exe file that i ran originally, which caused this whole thing. So i manually deleted those. It was an empty folder and some .lnk files. (.LNK)

I did a long full scan with ZoneAlarm Free Antivirus yesterday, it found malware, but i think those were unrelated to my problem, since they were older files.

I also ran a full scan with Eset Online Scanner, it found some malware on my comp, but all were old files.
 

So everything seems good now. Thank You for your help!

[Maurice Naggar]

I am happy to read this.  Bravo.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you