Jump to content

Malware comes back every time I open Chrome and explorer.exe action crashes


Go to solution Solved by kevinf80,

Recommended Posts

I'm trying to figure out if I have a malware problem or a Windows 10 problem.  Or both.

The same four malware programs appear every time I run Malwarebytes after opening Chrome.  I've followed the directions from the other posts to un-sync Chrome and reset sync information to no avail.  The malware does not appear on other computers I have synced to this account.

I'm having a hard time attaching things to the post because every time I do anything involving explorer.exe (such as "choose files") the Open dialog appears and then crashes after a couple of seconds.  Which also crashes my desktop - I'm currently working on an a dual monitor system with an open Chrome session next to a monitor that has gone black and is completely unresponsive.  Task Manager works, but I can't re-start explorer.exe.

I've been fighting this for countless hours over a week and none of the canned answers from the answers.microsoft.com to sfc and DISM my system have come up with anything.  I bought another computer so I could continue my work, but this one has a lot on it that I don't want to lose.  The System Restore points I had have disappeared.

The only way I can retrieve scan report files is to open a command prompt and go to the directories in the old DOS way.  I can do this, copy them to a flash drive, and attach them to a post from a different computer if you think it will be useful.

I have also downloaded and run FRST as suggested in other posts.

So my first question is - do those with experience think this is a Windows problem or a malware problem?

 

Thanks

Link to post
Share on other sites

Hello Joe T,

When systems are hit with recurring issues related to Google Chrome accounts then all associated equipment accounts must be reset, PC`s, Laptops, smart phones etc...

 
Regarding the general system problems, I`m not sure that is related to Malware or Infection. I see you have many entries installed for National Instruments, one of its drivers that runs at boot may possibly be related to your current issue.
 
R0 NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [777560 2015-05-20] (National Instruments Corporation -> National Instruments Corporation)
 
Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135

Basically all none MS services are disabled, see how your system runs in that mode.
 
Thank you,
 
Kevin...
 
 
 
 
Edited by kevinf80
typing error
Link to post
Share on other sites

Hi Kevin - 

I ran through the Chrome disinfecting procedure again as described in the post and the malware came back as soon as I opened Chrome.  I read through the post again and determined there is one variation between what's described and what the current version of Chrome actually does-

when I turned off sync I was still signed in to Google

"This will also sign you out of Google."

This did not happen in this particular instance.  I would advise others troubleshooting this problem to verify that they are indeed signed out.

After turning off sync I had to go back, click on my Profile icon, and tell it to sign out.  Then the little anonymous picture appeared on my Profile.  With this condition I ran a Malwarebytes scan again, quarantined what it found, and then restarted my computer.  This time a scan came up clean after opening Chrome.

When I tested turning off sync again it did sign me out of Google.  So I'm going to blame the crafty adware struggling and grasping at Chrome to try to keep it's hold; otherwise it makes no sense.  Now I need to repeat the procedure on my other computers as described in the post.

 

Regarding the other issue, I thought I had turned all the NI stuff off.  LabView has a way of sinking deep roots into the computer it's installed on.  I appreciate you pointing that out.  If I can't figure out a gentle way to get explorer.exe working again this box will have to have Windows re-installed, which is always it's own brand of joy.

Thanks

Joe T.  

   

 

Link to post
Share on other sites

Hiya Joe T,

Thanks for the update, also the pointer on resetting Google Chrome... Before going for a system refresh or reset try the following..

Open an elevated command prompt, at the prompt type or copy/paste the following commands. Hit enter after each one then reboot on completion.

sfc /scannow

DISM.exe /Online /Cleanup-image /Restorehealth

sfc /scannow

exit

Does that make any difference...

Thank you,

Kevin..

Link to post
Share on other sites

Hi Kevin-

I've been working on cleaning all my sync'd computers and my newest one is proving stubborn.  I've used msconfig to set up a minimal boot and Adware.Elex.ShrtCln still keeps appearing when I launch Chrome in signed-out mode.  This does not appear on the other two computers at my work table.

Suggestions?

Thanks

Joe T.

 

maj scan 122920.txt FRST_29-12-2020 20.01.04.txt Addition_29-12-2020 20.01.04.txt

Link to post
Share on other sites
  • Solution

Hiya Joe T,

If this issue only happens when Chrome is launched then it would seem that Chrome is where the problem lives. A previous reset of Chrome has not helped on this particular system, to me the next step is a clean install of Chrome as follows:

Make clean install of Google Chrome, see if that clears the issue...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

For your Passwords go here:

https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Continue for a clean install:

Download Chrome installer and save to install later:

https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings hit enter...


user posted image


In the new window that opens "Turn Off" option will show, select that option.


user posted image


You will then be given notice of what will be cleared. Checkmark the box that gives an option to clear bookmarks, passwords, history etc. Confirm that action by selecting "Turn Off" tab


user posted image


Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/


user posted image


If you use Google Drive, open the Google folder, right click on Drive and select "Copy" then right click on your Desktop or a folder of choice and select "Paste" to save that folder and its contents.


user posted image


When you successfully saved Google drive go back to Local folder, delete the folder named Google


user posted image


Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Import Passwords... (instructions in second step above)

Next,

Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

If you previously had Google Drive you will nee to download and install again: https://www.google.com/intl/en_rw/drive/download/

When that is completed transfer the contents of the save google drive folder to the new one...

Does that help..
 
Thank you,
 
Kevin

 

Link to post
Share on other sites

Hi Kevin-

Well, that was certainly a thorough procedure to give my computer a Chrome high colonic!  I like the specifics you gave on the extensions to try to keep this out in the future.

This procedure DID work for this computer and now it's scanning clean.  I still need to check a couple of my laptops before I start syncing everything again.

Thank you.

Joe T.

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.