DanielHuren Posted September 26, 2021 ID:1481585 Share Posted September 26, 2021 poor decisions were made but hopefully someone here can help me fix this without me having to reinstall windows i have removed the extension multiple times but that doesent seem to work i have my ideas for what it did but that wont help me fix it since i wouldn't know were to start below are the scans i would apriciate the help since reinstalling windows for a piece of adware would really suck and would appriciate the input of someone better at troubleshooting things like this Addition.txt AdwCleaner[C01].txt FRST.txt Malwarebytes Threat Scan log.txt rtp detection.txt trojan 1.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2021 ID:1481592 Share Posted September 26, 2021 Hiya DanielHuren and welcome to Malwarebytes, Do not see any obvious Malware or Infection present in FRST logs, RTP blocks indicate an issue with your default browser "Chrome" use the instructions from the following link, see if the issue clears...https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ Thank you, Kevin. Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481596 Share Posted September 26, 2021 i have done this already and repeated it as you ask but it also happens with firefox which makes me think the only way im gonna get rid of it is a fresh install of windows Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481597 Share Posted September 26, 2021 also i want to add that it is no longer showing up on the adware or malware bytes scan which makes me think its doing somthing to hide itself which is worrying Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2021 ID:1481598 Share Posted September 26, 2021 Try the following, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana again then do the following to get the latest report Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select paste to copy the report there, then attach to reply.... Let me see that log.... Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481603 Share Posted September 26, 2021 the video repeater is the only thing poping up after a restart but thats obviously not the problem and its still trying to pull up the website in the image post restart.txt pre restart.txt secound post restart.txt 1 Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481605 Share Posted September 26, 2021 i also removed it to avoid it triggering the scan again theres a few things that it says are failing to be scanned Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481607 Share Posted September 26, 2021 heres an image of the things its failing to scan in case there relevant Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481608 Share Posted September 26, 2021 i got an idea after i saw that firefox was doing it too in that last scan i think it might have bin caused by the two browsers syncing because after that scan removed it from firefox and i reinstalled chrome its not poping up anymore im not a hundred percent shure its gone so i dont want to close this yet but that last scan seemed to remove it from firefox and i cleared literaly everything i could from chrome before reinstalling it, my guess is whenever i relaunched chrome it pulled the extensions from firefox and then reinfected my chrome browser if i dont post a reply again within the next couple hours you can probably close this 1 Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2021 ID:1481613 Share Posted September 26, 2021 Thanks for the update.... Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481615 Share Posted September 26, 2021 and thanks for your help i have bin scratching my head about this since yesterday and the only reason i figured it out was because of the zemana finding it in firefox the only reason im not shure if its gone is because i don't understand why it didn't detect anything wrong with chrome too when it did the first scan Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2021 ID:1481624 Share Posted September 26, 2021 Hiya DanielHuren, Desyncing Chrome will have more than likely helped. As you state Zemana cleared it in Firefox... As long as your system is back on track we can finish up.. Right click on FRST here: C:\Users\Daniel\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Consider the following: Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge.. PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
DanielHuren Posted September 26, 2021 Author ID:1481628 Share Posted September 26, 2021 whenever i open the create system restore link this pops up at this point i think i might just have better luck reinstalling windows unless you have a suggestion Link to post Share on other sites More sharing options...
Solution kevinf80 Posted September 27, 2021 Solution ID:1481647 Share Posted September 27, 2021 Make clean install of Google Chrome, see if that clears the issue... If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... For your Passwords go here:https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/ Continue for a clean install: Download Chrome installer and save to install later:https://www.google.com/intl/en_uk/chrome/browser/desktop/index.htmlhttps://www.google.com/intl/en_usa/chrome/browser/desktop/index.html Next, Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings hit enter... In the new window that opens "Turn Off" option will show, select that option. You will then be given notice of what will be cleared. Checkmark the box that gives an option to clear bookmarks, passwords, history etc. Confirm that action by selecting "Turn Off" tab Next. Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ If you use Google Drive, open the Google folder, right click on Drive and select "Copy" then right click on your Desktop or a folder of choice and select "Paste" to save that folder and its contents. When you successfully saved Google drive go back to Local folder, delete the folder named Google Next, Install Google Chrome : Next, Import your Bookmarks... (instructions in the first step) Import Passwords... (instructions in second step above) Next, Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee Next, Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en If you previously had Google Drive you will nee to download and install again: https://www.google.com/intl/en_rw/drive/download/ When that is completed transfer the contents of the save google drive folder to the new one... Does that help..? Link to post Share on other sites More sharing options...
DanielHuren Posted September 27, 2021 Author ID:1481676 Share Posted September 27, 2021 that seems to have solved it and i went through previous steps to uninstall everything without any problems Link to post Share on other sites More sharing options...
kevinf80 Posted September 27, 2021 ID:1481684 Share Posted September 27, 2021 Hiya DanielHuren, Thanks for the update, good to hear the issue has cleared.... Regards, Kevin. Link to post Share on other sites More sharing options...
kevinf80 Posted September 28, 2021 ID:1481954 Share Posted September 28, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts